Skip Menu |

This queue is for tickets about the Imager CPAN distribution.

Report information
The Basics
Id: 17981
Status: resolved
Priority: 0/
Queue: Imager
People
Owner: TONYC [...] cpan.org
Requestors: perl [...] rbt.ca
Cc:
AdminCc:
Bug Information
Severity: Critical
Broken in:
  • 0.47
  • 0.48
Fixed in: (no value)
Attachments
200_wellington.jpg
209_yonge.jpg
210_dundas.jpg
exif_user_comment.diff

History Show all quoted text
  Sat Mar 04 12:31:12 2006 Guest - Ticket created
Subject: Imager Crash on Jpeg
In Bricolage with thumbnails enabled I receive the below apache crash (mod_perl) with Imager 0.47 and later. 0.45 is confirmed to function on these images correctly. Three image examples that work in 0.45 and crash 0.47 and 0.48 are attached. (gdb) backtrace #0 0x0000000805589bb7 in i_int_decode_exif () from /usr/local/lib/perl5/site_perl/5.8.8/mach/auto/Imager/Imager.so #1 0x0000000805583177 in i_readjpeg_wiol () from /usr/local/lib/perl5/site_perl/5.8.8/mach/auto/Imager/Imager.so #2 0x0000000805546d13 in XS_Imager_i_readjpeg_wiol () from /usr/local/lib/perl5/site_perl/5.8.8/mach/auto/Imager/Imager.so #3 0x0000000802de014c in Perl_pp_entersub () from /usr/local/lib/perl5/5.8.8/mach/CORE/libperl.so #4 0x0000000802dd8dee in Perl_runops_standard () from /usr/local/lib/perl5/5.8.8/mach/CORE/libperl.so #5 0x0000000802d89c4c in Perl_call_sv () from /usr/local/lib/perl5/5.8.8/mach/CORE/libperl.so #6 0x0000000802c2aa8e in perl_call_handler () from /usr/local/libexec/apache/libperl.so #7 0x0000000802c2b0f6 in perl_run_stacked_handlers () from /usr/local/libexec/apache/libperl.so #8 0x0000000802c2c732 in perl_handler () from /usr/local/libexec/apache/libperl.so #9 0x000000000040c6cc in ap_invoke_handler () #10 0x000000000041e4fc in process_request_internal () #11 0x000000000041e63d in ap_process_request () #12 0x0000000000415d79 in child_main () #13 0x0000000000416109 in make_child () #14 0x00000000004161a6 in startup_children () ---Type <return> to continue, or q <return> to quit--- #15 0x00000000004171cb in standalone_main () #16 0x0000000000417ec3 in main () The code that Bricolage runs is similar to this: use strict; use warnings; require Imager; use constant THUMBNAIL_SIZE => 150; my $path = shift; # Get the media format. Try using the MIME type, and fall back on what Imager # guesses. (my $mt = $path) =~ s|.*/||; my $format = $Imager::FORMATGUESS->(".$mt"); $format = $Imager::FORMATGUESS->($path); # Just warn and return if Imager doesn't support the format. unless ($Imager::formats{$format}) { warn qq{It looks like the image library to handle the "$format" } . 'fomat is not installed. No thumbnail will be created for file ' . "'$path'.\n"; return; } my $img = Imager->new; $img->open(file => $path, type => $format) or die "Imager cannot open '$path' : $img->errstr"; # If either dimension is greather than the thumbnail size, create a # smaller version by scaling largest side to THUMBNAIL_SIZE if ($img->getwidth > THUMBNAIL_SIZE || $img->getheight > THUMBNAIL_SIZE) { $img = $img->scale(xpixels => THUMBNAIL_SIZE, ypixels => THUMBNAIL_SIZE, type => 'min'); } # Save the image or die. $img->write(file => "$path-thumb") or die "Imager cannot write 'thumb.jpg'";
Subject: 210_dundas.jpg
Download 210_dundas.jpg
image/jpeg 86.5k
210_dundas.jpg
Subject: 209_yonge.jpg
Download 209_yonge.jpg
image/jpeg 73.8k
209_yonge.jpg
Subject: 200_wellington.jpg
Download 200_wellington.jpg
image/jpeg 77.8k
200_wellington.jpg
  Sat Mar 04 12:39:58 2006 Guest - Correspondence added
From: perl [...] rbt.ca
Almost forgot: FreeBSD home 6.0-RELEASE FreeBSD 6.0-RELEASE #13: Sat Nov 5 00:19:49 EST 2005 root@home:/usr/obj/usr/src/sys/HOME amd64
  Sat Mar 04 12:39:59 2006 The RT System itself - Status changed from 'new' to 'open'
  Sat Mar 04 19:18:32 2006 tony [...] develop-help.com - Correspondence added
CC: undisclosed-recipients: ;
Subject: Re: [rt.cpan.org #17981] Imager Crash on Jpeg
Date: Sun, 5 Mar 2006 11:18:16 +1100
To: Guest via RT <bug-Imager [...] rt.cpan.org>
From: Tony Cook <tony [...] develop-help.com>
On Sat, Mar 04, 2006 at 12:31:13PM -0500, Guest via RT wrote: Show quoted text
> > Sat Mar 04 12:31:12 2006: Request 17981 was acted upon. > Transaction: Ticket created by guest > Queue: Imager > Subject: Imager Crash on Jpeg > Owner: Nobody > Requestors: perl@rbt.ca > Status: new > Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=17981 > > > > In Bricolage with thumbnails enabled I receive the below apache crash > (mod_perl) with Imager 0.47 and later. 0.45 is confirmed to function on > these images correctly. Three image examples that work in 0.45 and > crash 0.47 and 0.48 are attached. > > (gdb) backtrace > #0 0x0000000805589bb7 in i_int_decode_exif () > from /usr/local/lib/perl5/site_perl/5.8.8/mach/auto/Imager/Imager.so > #1 0x0000000805583177 in i_readjpeg_wiol () > from /usr/local/lib/perl5/site_perl/5.8.8/mach/auto/Imager/Imager.so
Hi, Thanks for reporting this problem. This is a problem in the EXIF data decoder, you can disable that by running Makefile.PL with the --noexif option: perl Makefile.PL --noexif I've been able to reproduce this problem locally, and tracked down the cause of the problem. I'll send you a patch for the problem as soon as I have one, and I'll release a fixed Imager within a few days of receiving confirmation of the fix, or within a week or so if you don't confirm the fix. Thanks again, Tony Cook
  Sat Mar 04 19:20:20 2006 tony [...] develop-help.com - Correspondence added
CC: undisclosed-recipients: ;
Subject: Re: [rt.cpan.org #17981] Imager Crash on Jpeg
Date: Sun, 5 Mar 2006 11:20:07 +1100
To: Guest via RT <bug-Imager [...] rt.cpan.org>
From: Tony Cook <tony [...] develop-help.com>
On Sat, Mar 04, 2006 at 12:31:13PM -0500, Guest via RT wrote: Show quoted text
> In Bricolage with thumbnails enabled I receive the below apache crash > (mod_perl) with Imager 0.47 and later. 0.45 is confirmed to function on > these images correctly. Three image examples that work in 0.45 and > crash 0.47 and 0.48 are attached.
Would there be a problem with including one of those images in Imager for regression testing? Thanks, Tony
  Sat Mar 04 20:13:31 2006 pg [...] rbt.ca - Correspondence added
CC: perl [...] rbt.ca
Subject: Re: [rt.cpan.org #17981] Imager Crash on Jpeg
Date: Sat, 04 Mar 2006 20:11:45 -0500
To: bug-Imager [...] rt.cpan.org
From: Rod Taylor <pg [...] rbt.ca>
On Sat, 2006-03-04 at 19:20 -0500, tony@develop-help.com via RT wrote: Show quoted text
> On Sat, Mar 04, 2006 at 12:31:13PM -0500, Guest via RT wrote:
> > In Bricolage with thumbnails enabled I receive the below apache crash > > (mod_perl) with Imager 0.47 and later. 0.45 is confirmed to function on > > these images correctly. Three image examples that work in 0.45 and > > crash 0.47 and 0.48 are attached.
> > Would there be a problem with including one of those images in Imager > for regression testing?
Please do so. Thanks. --
  Sun Mar 05 03:51:56 2006 tony [...] develop-help.com - Correspondence added
CC: undisclosed-recipients: ;
Subject: Re: [rt.cpan.org #17981] Imager Crash on Jpeg
Date: Sun, 5 Mar 2006 19:51:37 +1100
To: Guest via RT <bug-Imager [...] rt.cpan.org>
From: Tony Cook <tony [...] develop-help.com>
On Sat, Mar 04, 2006 at 12:31:13PM -0500, Guest via RT wrote: Show quoted text
> In Bricolage with thumbnails enabled I receive the below apache crash > (mod_perl) with Imager 0.47 and later. 0.45 is confirmed to function on > these images correctly. Three image examples that work in 0.45 and > crash 0.47 and 0.48 are attached.
Hi, I've attached a patch which should resolve your problem with reading JPEG images with Imager 0.47 - 0.48. The important part for your purposes is: Index: imexif.c =================================================================== --- imexif.c (revision 933) +++ imexif.c (revision 934) @@ -695,7 +695,7 @@ memcpy(user_comment, tiff->base + entry->offset, entry->size); /* the first 8 bytes indicate the encoding, make them into spaces for better presentation */ - for (i = 0; i < 8; ++i) { + for (i = 0; i < entry->size && i < 8; ++i) { if (user_comment[i] == '\0') user_comment[i] = ' '; } Please let me know how it goes. Tony Cook
  Sun Mar 05 19:02:44 2006 tony [...] develop-help.com - Correspondence added
CC: undisclosed-recipients: ;
Subject: Re: [rt.cpan.org #17981] Imager Crash on Jpeg
Date: Mon, 6 Mar 2006 11:02:24 +1100
To: Guest via RT <bug-Imager [...] rt.cpan.org>
From: Tony Cook <tony [...] develop-help.com>
On Sat, Mar 04, 2006 at 12:31:13PM -0500, Guest via RT wrote: Show quoted text
> In Bricolage with thumbnails enabled I receive the below apache crash > (mod_perl) with Imager 0.47 and later. 0.45 is confirmed to function on > these images correctly. Three image examples that work in 0.45 and > crash 0.47 and 0.48 are attached.
And so I forgot the patch. Attached this time. Tony

Message body is not shown because sender requested not to inline it.

  Sun Mar 05 23:39:29 2006 iam [...] rbt.ca - Correspondence added
CC: perl [...] rbt.ca
Subject: Re: [rt.cpan.org #17981] Imager Crash on Jpeg
Date: Sun, 05 Mar 2006 23:37:27 -0500
To: bug-Imager [...] rt.cpan.org
From: RT <iam [...] rbt.ca>
Seems to be fine with the patch applied. Thanks. On Sun, 2006-03-05 at 19:02 -0500, tony@develop-help.com via RT wrote: Show quoted text
> On Sat, Mar 04, 2006 at 12:31:13PM -0500, Guest via RT wrote:
> > In Bricolage with thumbnails enabled I receive the below apache crash > > (mod_perl) with Imager 0.47 and later. 0.45 is confirmed to function on > > these images correctly. Three image examples that work in 0.45 and > > crash 0.47 and 0.48 are attached.
> > And so I forgot the patch. Attached this time. > > Tony > > plain text document attachment (exif_user_comment.diff) > Index: MANIFEST > =================================================================== > --- MANIFEST (revision 933) > +++ MANIFEST (revision 934) > @@ -209,6 +209,7 @@ > t/t92samples.t > t/testtools.pl > tags.c > +testimg/209_yonge.jpg Regression test: #17981 > testimg/bad1oflow.bmp 1-bit/pixel, overflow integer on 32-bit machines > testimg/bad1wid0.bmp 1-bit/pixel, zero width > testimg/bad24comp.bmp 24-bit/pixel, bad compression > Index: Changes > =================================================================== > --- Changes (revision 933) > +++ Changes (revision 934) > @@ -1366,12 +1366,19 @@ > custom META.yml was a waste. > - bump to 0.47_01 > > -0.48 > +0.48 Fri 3 Mar 2006 > - removed unused hashinfo() function from Imager.xs > - added =items for various methods, so Pod::Coverage will pick them up > (Pod::Coverage tests to be added in 0.49) > - bump to 0.48 > > +0.49 > +- handle short EXIF user_comment fields correctly, previously Imager > + would read (and potentially) write beyond the end of an allocated block, > + or through a NULL pointer if the EXIF user_comment field was less > + than 8 bytes long. > + https://rt.cpan.org/Ticket/Display.html?id=17981 > + > ================================================================= > > For latest versions check the Imager-devel pages: > Index: imexif.c > =================================================================== > --- imexif.c (revision 933) > +++ imexif.c (revision 934) > @@ -695,7 +695,7 @@ > memcpy(user_comment, tiff->base + entry->offset, entry->size); > /* the first 8 bytes indicate the encoding, make them into spaces > for better presentation */ > - for (i = 0; i < 8; ++i) { > + for (i = 0; i < entry->size && i < 8; ++i) { > if (user_comment[i] == '\0') > user_comment[i] = ' '; > } > Index: t/t101jpeg.t > =================================================================== > --- t/t101jpeg.t (revision 933) > +++ t/t101jpeg.t (revision 934) > @@ -2,7 +2,7 @@ > use strict; > use lib 't'; > use Imager qw(:all); > -use Test::More tests => 49; > +use Test::More tests => 51; > > init_log("testout/t101jpeg.log",1); > > @@ -30,7 +30,7 @@ > $im = Imager->new(xsize=>2, ysize=>2); > ok(!$im->write(file=>"testout/nojpeg.jpg"), "should fail to write jpeg"); > cmp_ok($im->errstr, '=~', qr/format not supported/, "check no jpeg message"); > - skip("no jpeg support", 45); > + skip("no jpeg support", 47); > } > } else { > open(FH,">testout/t101.jpg") || die "cannot open testout/t101.jpg for writing\n"; > @@ -233,5 +233,17 @@ > is_deeply($expect_tags, \%tags, "check tags for $filename"); > } > } > + > + { # Issue # 17981 > + # the test image has a zero-length user_comment field > + # the code would originally attempt to convert '\0' to ' ' > + # for the first 8 bytes, even if the string was less than > + # 8 bytes long > + my $im = Imager->new; > + ok($im->read(file => 'testimg/209_yonge.jpg', type=>'jpeg'), > + "test read of image with invalid exif_user_comment"); > + is($im->tags(name=>'exif_user_comment'), '', > + "check exif_user_comment set correctly"); > + } > } > > Index: testimg/209_yonge.jpg > =================================================================== > Cannot display: file marked as a binary type. > svn:mime-type = application/octet-stream > > Property changes on: testimg/209_yonge.jpg > ___________________________________________________________________ > Name: svn:mime-type > + application/octet-stream
  Tue Mar 07 18:11:53 2006 TONYC [...] cpan.org - Taken
  Tue Mar 07 18:13:43 2006 TONYC [...] cpan.org - Correspondence added
Hi, This is fixed in Imager 0.49, released yesterday. Thanks for your report and help in tracking the problem down. Note: a reply will reopen this ticket. Tony
  Tue Mar 07 18:13:44 2006 TONYC [...] cpan.org - Status changed from 'open' to 'resolved'