convert - IM6 Beta - 1a9ea6b5 - coders/rle.c:588

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
JodieC
Posts: 82
Joined: 2014-10-03T21:38:50-07:00
Authentication code: 6789

convert - IM6 Beta - 1a9ea6b5 - coders/rle.c:588

Post by JodieC »

Source file:
https://www.dropbox.com/s/hd1lc9s3gxphrae/1a9ea6b5?dl=0

To reproduce:

Code: Select all

convert 1a9ea6b5 png:/dev/null
Output:

Code: Select all

*** Error in `/home/jodicun/opt/ImageMagick-2014-12-19/utilities/.libs/lt-convert': free(): invalid next size (normal): 0x0000000000651a80 ***
Aborted (core dumped)
BT:

Code: Select all

[New LWP 18469]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/home/jodicun/opt/ImageMagick-2014-12-19/utilities/.libs/lt-convert /home/jodic'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007ffff6f8cbb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#0  0x00007ffff6f8cbb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff6f8ffc8 in __GI_abort () at abort.c:89
#2  0x00007ffff79604f1 in MagickSignalHandler (signal_number=6) at magick/magick.c:1171
#3  <signal handler called>
#4  0x00007ffff6f8cbb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5  0x00007ffff6f8ffc8 in __GI_abort () at abort.c:89
#6  0x00007ffff6fc9e14 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff70d85a8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#7  0x00007ffff6fd60ee in malloc_printerr (ptr=<optimized out>, str=0x7ffff70d8720 "free(): invalid next size (normal)", action=1) at malloc.c:4996
#8  _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
#9  0x00007ffff796372e in RelinquishAlignedMemory (memory=<optimized out>) at magick/memory.c:919
#10 0x00007ffff79637fd in RelinquishVirtualMemory (memory_info=memory_info@entry=0x64ffc0) at magick/memory.c:1027
#11 0x00007ffff7a7ab44 in ReadRLEImage (image_info=0x60e050, exception=0x604990) at coders/rle.c:588
#12 0x00007ffff78d2cd8 in ReadImage (image_info=image_info@entry=0x608ea0, exception=exception@entry=0x604990) at magick/constitute.c:547
System Details:
AMD64
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty

Software: SVN checkout 20141219 - ImageMagick-6
Discovered on 6.9.0-1 Beta 20141217 - (crashes there too)
Does not crash on 6.7.7

Found with American Fuzzy Lop ( http://lcamtuf.coredump.cx/afl/ )
Top
User avatar
dlemstra
Posts: 1570
Joined: 2013-05-04T15:28:54-07:00
Authentication code: 6789
Contact:
Contact dlemstra

Re: convert - IM6 Beta - 1a9ea6b5 - coders/rle.c:588

Post by dlemstra »

Same issue as this topic: viewtopic.php?f=3&t=26733.
.NET + ImageMagick = Magick.NET https://github.com/dlemstra/Magick.NET, @MagickNET, Donate
Top
JodieC
Posts: 82
Joined: 2014-10-03T21:38:50-07:00
Authentication code: 6789

Re: convert - IM6 Beta - 1a9ea6b5 - coders/rle.c:588

Post by JodieC »

Updated from SVN and it works now!
Top
Post Reply

Return to “Bugs”