Skip Menu |
 

This queue is for tickets about the GD CPAN distribution.

Report information
The Basics
Id: 43963
Status: open
Priority: 0/
Queue: GD

People
Owner: Nobody in particular
Requestors: grousse [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 2.41
Fixed in: (no value)



Subject: double free crash
Download (untitled) / with headers
text/plain 8.3k
The simple following test case triggers a double free crash in glibc: #!/usr/bin/perl use strict; use GD; my $smallimage = new GD::Image(200,0); open(JPEG,">some.jpg"); print JPEG $smallimage->jpeg(30); close(JPEG); [guillaume@oberkampf ~]$ perl test2.pl gd-jpeg: JPEG library reports unrecoverable error: Empty JPEG image (DNL not supported) *** glibc detected *** perl: double free or corruption (!prev): 0x000000000076a750 *** ======= Backtrace: ========= /lib64/libc.so.6[0x7f1ec05db9a8] /lib64/libc.so.6(cfree+0x76)[0x7f1ec05ddc36] /usr/lib64/libgd.so.2[0x7f1ebec61e57] /usr/lib64/libgd.so.2(gdDPExtractData+0x2e)[0x7f1ebec61eae] /usr/lib64/libgd.so.2(gdImageJpegPtr+0x49)[0x7f1ebec65d69] /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/auto/GD/GD.so(XS_GD__Image_jpeg+0x1a5)[0x7f1ebff577d5] /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so(Perl_pp_entersub+0x550)[0x7f1ec1681720] /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so(Perl_runops_standard+0x12)[0x7f1ec167f9c2] /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so(perl_run+0x30f)[0x7f1ec167ddaf] perl(main+0xdc)[0x400c8c] /lib64/libc.so.6(__libc_start_main+0xe6)[0x7f1ec0587446] perl[0x400ae9] ======= Memory map: ======== 00400000-00401000 r-xp 00000000 08:05 496578 /usr/bin/perl5.10.0 00601000-00602000 rw-p 00001000 08:05 496578 /usr/bin/perl5.10.0 00739000-00902000 rw-p 00739000 00:00 0 [heap] 7f1eb8000000-7f1eb8021000 rw-p 7f1eb8000000 00:00 0 7f1eb8021000-7f1ebc000000 ---p 7f1eb8021000 00:00 0 7f1ebe0bb000-7f1ebe0d1000 r-xp 00000000 08:05 308912 /lib64/libgcc_s-4.3.2.so.1 7f1ebe0d1000-7f1ebe2d0000 ---p 00016000 08:05 308912 /lib64/libgcc_s-4.3.2.so.1 7f1ebe2d0000-7f1ebe2d1000 rw-p 00015000 08:05 308912 /lib64/libgcc_s-4.3.2.so.1 7f1ebe2d1000-7f1ebe2d6000 r-xp 00000000 08:05 496403 /usr/lib64/libXdmcp.so.6.0.0 7f1ebe2d6000-7f1ebe4d5000 ---p 00005000 08:05 496403 /usr/lib64/libXdmcp.so.6.0.0 7f1ebe4d5000-7f1ebe4d6000 rw-p 00004000 08:05 496403 /usr/lib64/libXdmcp.so.6.0.0 7f1ebe4d6000-7f1ebe4d8000 r-xp 00000000 08:05 496361 /usr/lib64/libXau.so.6.0.0 7f1ebe4d8000-7f1ebe6d7000 ---p 00002000 08:05 496361 /usr/lib64/libXau.so.6.0.0 7f1ebe6d7000-7f1ebe6d8000 rw-p 00001000 08:05 496361 /usr/lib64/libXau.so.6.0.0 7f1ebe6d8000-7f1ebe82a000 r-xp 00000000 08:05 496685 /usr/lib64/libxml2.so.2.7.3 7f1ebe82a000-7f1ebea29000 ---p 00152000 08:05 496685 /usr/lib64/libxml2.so.2.7.3 7f1ebea29000-7f1ebea31000 r--p 00151000 08:05 496685 /usr/lib64/libxml2.so.2.7.3 7f1ebea31000-7f1ebea33000 rw-p 00159000 08:05 496685 /usr/lib64/libxml2.so.2.7.3 7f1ebea33000-7f1ebea34000 rw-p 7f1ebea33000 00:00 0 7f1ebea34000-7f1ebea4f000 r-xp 00000000 08:05 496444 /usr/lib64/libxcb.so.1.1.0 7f1ebea4f000-7f1ebec4e000 ---p 0001b000 08:05 496444 /usr/lib64/libxcb.so.1.1.0 7f1ebec4e000-7f1ebec4f000 r--p 0001a000 08:05 496444 /usr/lib64/libxcb.so.1.1.0 7f1ebec4f000-7f1ebec50000 rw-p 0001b000 08:05 496444 /usr/lib64/libxcb.so.1.1.0 7f1ebec50000-7f1ebec72000 r-xp 00000000 08:05 500488 /usr/lib64/libgd.so.2.0.0 7f1ebec72000-7f1ebee71000 ---p 00022000 08:05 500488 /usr/lib64/libgd.so.2.0.0 7f1ebee71000-7f1ebee92000 rw-p 00021000 08:05 500488 /usr/lib64/libgd.so.2.0.0 7f1ebee92000-7f1ebee96000 rw-p 7f1ebee92000 00:00 0 7f1ebee96000-7f1ebeeab000 r-xp 00000000 08:05 308985 /lib64/libz.so.1.2.3 7f1ebeeab000-7f1ebf0aa000 ---p 00015000 08:05 308985 /lib64/libz.so.1.2.3 7f1ebf0aa000-7f1ebf0ab000 rw-p 00014000 08:05 308985 /lib64/libz.so.1.2.3 7f1ebf0ab000-7f1ebf0d3000 r-xp 00000000 08:05 498559 /usr/lib64/libpng12.so.0.35.0 7f1ebf0d3000-7f1ebf2d2000 ---p 00028000 08:05 498559 /usr/lib64/libpng12.so.0.35.0 7f1ebf2d2000-7f1ebf2d3000 r--p 00027000 08:05 498559 /usr/lib64/libpng12.so.0.35.0 7f1ebf2d3000-7f1ebf2d4000 rw-p 00028000 08:05 498559 /usr/lib64/libpng12.so.0.35.0 7f1ebf2d4000-7f1ebf354000 r-xp 00000000 08:05 52034 /usr/lib64/libfreetype.so.6.3.19 7f1ebf354000-7f1ebf554000 ---p 00080000 08:05 52034 /usr/lib64/libfreetype.so.6.3.19 7f1ebf554000-7f1ebf559000 r--p 00080000 08:05 52034 /usr/lib64/libfreetype.so.6.3.19 7f1ebf559000-7f1ebf55a000 rw-p 00085000 08:05 52034 /usr/lib64/libfreetype.so.6.3.19 7f1ebf55a000-7f1ebf589000 r-xp 00000000 08:05 498571 /usr/lib64/libfontconfig.so.1.3.0 7f1ebf589000-7f1ebf789000 ---p 0002f000 08:05 498571 /usr/lib64/libfontconfig.so.1.3.0 7f1ebf789000-7f1ebf78a000 r--p 0002f000 08:05 498571 /usr/lib64/libfontconfig.so.1.3.0 7f1ebf78a000-7f1ebf78b000 rw-p 00030000 08:05 498571 /usr/lib64/libfontconfig.so.1.3.0 7f1ebf78b000-7f1ebf7ad000 r-xp 00000000 08:05 497998 /usr/lib64/libjpeg.so.62.0.0 7f1ebf7ad000-7f1ebf9ad000 ---p 00022000 08:05 497998 /usr/lib64/libjpeg.so.62.0.0 7f1ebf9ad000-7f1ebf9ae000 rw-p 00022000 08:05 497998 /usr/lib64/libjpeg.so.62.0.0 7f1ebf9ae000-7f1ebfb20000 r-xp 00000000 08:05 496651 /usr/lib64/libX11.so.6.2.0 7f1ebfb20000-7f1ebfd20000 ---p 00172000 08:05 496651 /usr/lib64/libX11.so.6.2.0 7f1ebfd20000-7f1ebfd21000 r--p 00172000 08:05 496651 /usr/lib64/libX11.so.6.2.0 7f1ebfd21000-7f1ebfd26000 rw-p 00173000 08:05 496651 /usr/lib64/libX11.so.6.2.0 7f1ebfd26000-7f1ebfd27000 rw-p 7f1ebfd26000 00:00 0 7f1ebfd27000-7f1ebfd38000 r-xp 00000000 08:05 496659 /usr/lib64/libXpm.so.4.11.0 7f1ebfd38000-7f1ebff37000 ---p 00011000 08:05 496659 /usr/lib64/libXpm.so.4.11.0 7f1ebff37000-7f1ebff38000 rw-p 00010000 08:05 496659 /usr/lib64/libXpm.so.4.11.0 7f1ebff38000-7f1ebff5f000 r-xp 00000000 08:05 36672 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/auto/GD/GD.so 7f1ebff5f000-7f1ec015f000 ---p 00027000 08:05 36672 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/auto/GD/GD.so 7f1ec015f000-7f1ec0160000 rw-p 00027000 08:05 36672 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/auto/GD/GD.so 7f1ec0160000-7f1ec0163000 r-xp 00000000 08:05 496544 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/Fcntl/Fcntl.so 7f1ec0163000-7f1ec0363000 ---p 00003000 08:05 496544 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/Fcntl/Fcntl.so 7f1ec0363000-7f1ec0364000 rw-p 00003000 08:05 496544 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/Fcntl/Fcntl.so 7f1ec0364000-7f1ec0368000 r-xp 00000000 08:05 496549 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/IO/IO.so 7f1ec0368000-7f1ec0568000 ---p 00004000 08:05 496549 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/IO/IO.so 7f1ec0568000-7f1ec0569000 rw-p 00004000 08:05 496549 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/IO/IO.so 7f1ec0569000-7f1ec06c2000 r-xp 00000000 08:05 309580 /lib64/libc-2.9.so 7f1ec06c2000-7f1ec08c1000 ---p 00159000 08:05 309580 /lib64/libc-2.9.so 7f1ec08c1000-7f1ec08c5000 r--p 00158000 08:05 309580 /lib64/libc-2.9.so 7f1ec08c5000-7f1ec08c6000 rw-p 0015c000 08:05 309580 /lib64/libc-2.9.so 7f1ec08c6000-7f1ec08cb000 rw-p 7f1ec08c6000 00:00 0 7f1ec08cb000-7f1ec08e1000 r-xp 00000000 08:05 309592 /lib64/libpthread-2.9.so 7f1ec08e1000-7f1ec0ae1000 ---p 00016000 08:05 309592 /lib64/libpthread-2.9.so 7f1ec0ae1000-7f1ec0ae2000 r--p 00016000 08:05 309592 /lib64/libpthread-2.9.so 7f1ec0ae2000-7f1ec0ae3000 rw-p 00017000 08:05 309592Abandon This happens on the following test platforms: - mandriva cooker 64 bits, perl 5.10, gd 2.0.35, GD 2.41, glibc 2.9 - mandriva 2009.0 32 bits, perl 5.10, gd 2.0.35, GD 2.41, glibc 2.8
Download (untitled) / with headers
text/plain 850b
Le Lun. Mar. 09 09:30:25 2009, GROUSSE a écrit : Show quoted text
> The simple following test case triggers a double free crash in glibc: > #!/usr/bin/perl > > use strict; > use GD; > > my $smallimage = new GD::Image(200,0); > open(JPEG,">some.jpg"); > print JPEG $smallimage->jpeg(30); > close(JPEG); > > [guillaume@oberkampf ~]$ perl test2.pl > gd-jpeg: JPEG library reports unrecoverable error: Empty JPEG image > (DNL > not supported) > *** glibc detected *** perl: double free or corruption (!prev): > 0x000000000076a750 ***
It seems to be a gd issue, tough. Using debian patches, backported from libgd CVS, prevent the crash, and instead lead to the following graceful abort: gd warning: one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully Can't call method "jpeg" on an undefined value at test.pl line 8.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.