Skip Menu |

This queue is for tickets about the GD CPAN distribution.

Report information
The Basics
Id: 43963
Status: resolved
Priority: 0/
Queue: GD
People
Owner: Nobody in particular
Requestors: grousse [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 2.41
Fixed in: (no value)

History Show all quoted text
  Mon Mar 09 09:30:25 2009 grousse [...] cpan.org - Ticket created
Subject: double free crash
The simple following test case triggers a double free crash in glibc: #!/usr/bin/perl use strict; use GD; my $smallimage = new GD::Image(200,0); open(JPEG,">some.jpg"); print JPEG $smallimage->jpeg(30); close(JPEG); [guillaume@oberkampf ~]$ perl test2.pl gd-jpeg: JPEG library reports unrecoverable error: Empty JPEG image (DNL not supported) *** glibc detected *** perl: double free or corruption (!prev): 0x000000000076a750 *** ======= Backtrace: ========= /lib64/libc.so.6[0x7f1ec05db9a8] /lib64/libc.so.6(cfree+0x76)[0x7f1ec05ddc36] /usr/lib64/libgd.so.2[0x7f1ebec61e57] /usr/lib64/libgd.so.2(gdDPExtractData+0x2e)[0x7f1ebec61eae] /usr/lib64/libgd.so.2(gdImageJpegPtr+0x49)[0x7f1ebec65d69] /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/auto/GD/GD.so(XS_GD__Image_jpeg+0x1a5)[0x7f1ebff577d5] /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so(Perl_pp_entersub+0x550)[0x7f1ec1681720] /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so(Perl_runops_standard+0x12)[0x7f1ec167f9c2] /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so(perl_run+0x30f)[0x7f1ec167ddaf] perl(main+0xdc)[0x400c8c] /lib64/libc.so.6(__libc_start_main+0xe6)[0x7f1ec0587446] perl[0x400ae9] ======= Memory map: ======== 00400000-00401000 r-xp 00000000 08:05 496578 /usr/bin/perl5.10.0 00601000-00602000 rw-p 00001000 08:05 496578 /usr/bin/perl5.10.0 00739000-00902000 rw-p 00739000 00:00 0 [heap] 7f1eb8000000-7f1eb8021000 rw-p 7f1eb8000000 00:00 0 7f1eb8021000-7f1ebc000000 ---p 7f1eb8021000 00:00 0 7f1ebe0bb000-7f1ebe0d1000 r-xp 00000000 08:05 308912 /lib64/libgcc_s-4.3.2.so.1 7f1ebe0d1000-7f1ebe2d0000 ---p 00016000 08:05 308912 /lib64/libgcc_s-4.3.2.so.1 7f1ebe2d0000-7f1ebe2d1000 rw-p 00015000 08:05 308912 /lib64/libgcc_s-4.3.2.so.1 7f1ebe2d1000-7f1ebe2d6000 r-xp 00000000 08:05 496403 /usr/lib64/libXdmcp.so.6.0.0 7f1ebe2d6000-7f1ebe4d5000 ---p 00005000 08:05 496403 /usr/lib64/libXdmcp.so.6.0.0 7f1ebe4d5000-7f1ebe4d6000 rw-p 00004000 08:05 496403 /usr/lib64/libXdmcp.so.6.0.0 7f1ebe4d6000-7f1ebe4d8000 r-xp 00000000 08:05 496361 /usr/lib64/libXau.so.6.0.0 7f1ebe4d8000-7f1ebe6d7000 ---p 00002000 08:05 496361 /usr/lib64/libXau.so.6.0.0 7f1ebe6d7000-7f1ebe6d8000 rw-p 00001000 08:05 496361 /usr/lib64/libXau.so.6.0.0 7f1ebe6d8000-7f1ebe82a000 r-xp 00000000 08:05 496685 /usr/lib64/libxml2.so.2.7.3 7f1ebe82a000-7f1ebea29000 ---p 00152000 08:05 496685 /usr/lib64/libxml2.so.2.7.3 7f1ebea29000-7f1ebea31000 r--p 00151000 08:05 496685 /usr/lib64/libxml2.so.2.7.3 7f1ebea31000-7f1ebea33000 rw-p 00159000 08:05 496685 /usr/lib64/libxml2.so.2.7.3 7f1ebea33000-7f1ebea34000 rw-p 7f1ebea33000 00:00 0 7f1ebea34000-7f1ebea4f000 r-xp 00000000 08:05 496444 /usr/lib64/libxcb.so.1.1.0 7f1ebea4f000-7f1ebec4e000 ---p 0001b000 08:05 496444 /usr/lib64/libxcb.so.1.1.0 7f1ebec4e000-7f1ebec4f000 r--p 0001a000 08:05 496444 /usr/lib64/libxcb.so.1.1.0 7f1ebec4f000-7f1ebec50000 rw-p 0001b000 08:05 496444 /usr/lib64/libxcb.so.1.1.0 7f1ebec50000-7f1ebec72000 r-xp 00000000 08:05 500488 /usr/lib64/libgd.so.2.0.0 7f1ebec72000-7f1ebee71000 ---p 00022000 08:05 500488 /usr/lib64/libgd.so.2.0.0 7f1ebee71000-7f1ebee92000 rw-p 00021000 08:05 500488 /usr/lib64/libgd.so.2.0.0 7f1ebee92000-7f1ebee96000 rw-p 7f1ebee92000 00:00 0 7f1ebee96000-7f1ebeeab000 r-xp 00000000 08:05 308985 /lib64/libz.so.1.2.3 7f1ebeeab000-7f1ebf0aa000 ---p 00015000 08:05 308985 /lib64/libz.so.1.2.3 7f1ebf0aa000-7f1ebf0ab000 rw-p 00014000 08:05 308985 /lib64/libz.so.1.2.3 7f1ebf0ab000-7f1ebf0d3000 r-xp 00000000 08:05 498559 /usr/lib64/libpng12.so.0.35.0 7f1ebf0d3000-7f1ebf2d2000 ---p 00028000 08:05 498559 /usr/lib64/libpng12.so.0.35.0 7f1ebf2d2000-7f1ebf2d3000 r--p 00027000 08:05 498559 /usr/lib64/libpng12.so.0.35.0 7f1ebf2d3000-7f1ebf2d4000 rw-p 00028000 08:05 498559 /usr/lib64/libpng12.so.0.35.0 7f1ebf2d4000-7f1ebf354000 r-xp 00000000 08:05 52034 /usr/lib64/libfreetype.so.6.3.19 7f1ebf354000-7f1ebf554000 ---p 00080000 08:05 52034 /usr/lib64/libfreetype.so.6.3.19 7f1ebf554000-7f1ebf559000 r--p 00080000 08:05 52034 /usr/lib64/libfreetype.so.6.3.19 7f1ebf559000-7f1ebf55a000 rw-p 00085000 08:05 52034 /usr/lib64/libfreetype.so.6.3.19 7f1ebf55a000-7f1ebf589000 r-xp 00000000 08:05 498571 /usr/lib64/libfontconfig.so.1.3.0 7f1ebf589000-7f1ebf789000 ---p 0002f000 08:05 498571 /usr/lib64/libfontconfig.so.1.3.0 7f1ebf789000-7f1ebf78a000 r--p 0002f000 08:05 498571 /usr/lib64/libfontconfig.so.1.3.0 7f1ebf78a000-7f1ebf78b000 rw-p 00030000 08:05 498571 /usr/lib64/libfontconfig.so.1.3.0 7f1ebf78b000-7f1ebf7ad000 r-xp 00000000 08:05 497998 /usr/lib64/libjpeg.so.62.0.0 7f1ebf7ad000-7f1ebf9ad000 ---p 00022000 08:05 497998 /usr/lib64/libjpeg.so.62.0.0 7f1ebf9ad000-7f1ebf9ae000 rw-p 00022000 08:05 497998 /usr/lib64/libjpeg.so.62.0.0 7f1ebf9ae000-7f1ebfb20000 r-xp 00000000 08:05 496651 /usr/lib64/libX11.so.6.2.0 7f1ebfb20000-7f1ebfd20000 ---p 00172000 08:05 496651 /usr/lib64/libX11.so.6.2.0 7f1ebfd20000-7f1ebfd21000 r--p 00172000 08:05 496651 /usr/lib64/libX11.so.6.2.0 7f1ebfd21000-7f1ebfd26000 rw-p 00173000 08:05 496651 /usr/lib64/libX11.so.6.2.0 7f1ebfd26000-7f1ebfd27000 rw-p 7f1ebfd26000 00:00 0 7f1ebfd27000-7f1ebfd38000 r-xp 00000000 08:05 496659 /usr/lib64/libXpm.so.4.11.0 7f1ebfd38000-7f1ebff37000 ---p 00011000 08:05 496659 /usr/lib64/libXpm.so.4.11.0 7f1ebff37000-7f1ebff38000 rw-p 00010000 08:05 496659 /usr/lib64/libXpm.so.4.11.0 7f1ebff38000-7f1ebff5f000 r-xp 00000000 08:05 36672 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/auto/GD/GD.so 7f1ebff5f000-7f1ec015f000 ---p 00027000 08:05 36672 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/auto/GD/GD.so 7f1ec015f000-7f1ec0160000 rw-p 00027000 08:05 36672 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/auto/GD/GD.so 7f1ec0160000-7f1ec0163000 r-xp 00000000 08:05 496544 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/Fcntl/Fcntl.so 7f1ec0163000-7f1ec0363000 ---p 00003000 08:05 496544 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/Fcntl/Fcntl.so 7f1ec0363000-7f1ec0364000 rw-p 00003000 08:05 496544 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/Fcntl/Fcntl.so 7f1ec0364000-7f1ec0368000 r-xp 00000000 08:05 496549 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/IO/IO.so 7f1ec0368000-7f1ec0568000 ---p 00004000 08:05 496549 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/IO/IO.so 7f1ec0568000-7f1ec0569000 rw-p 00004000 08:05 496549 /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/auto/IO/IO.so 7f1ec0569000-7f1ec06c2000 r-xp 00000000 08:05 309580 /lib64/libc-2.9.so 7f1ec06c2000-7f1ec08c1000 ---p 00159000 08:05 309580 /lib64/libc-2.9.so 7f1ec08c1000-7f1ec08c5000 r--p 00158000 08:05 309580 /lib64/libc-2.9.so 7f1ec08c5000-7f1ec08c6000 rw-p 0015c000 08:05 309580 /lib64/libc-2.9.so 7f1ec08c6000-7f1ec08cb000 rw-p 7f1ec08c6000 00:00 0 7f1ec08cb000-7f1ec08e1000 r-xp 00000000 08:05 309592 /lib64/libpthread-2.9.so 7f1ec08e1000-7f1ec0ae1000 ---p 00016000 08:05 309592 /lib64/libpthread-2.9.so 7f1ec0ae1000-7f1ec0ae2000 r--p 00016000 08:05 309592 /lib64/libpthread-2.9.so 7f1ec0ae2000-7f1ec0ae3000 rw-p 00017000 08:05 309592Abandon This happens on the following test platforms: - mandriva cooker 64 bits, perl 5.10, gd 2.0.35, GD 2.41, glibc 2.9 - mandriva 2009.0 32 bits, perl 5.10, gd 2.0.35, GD 2.41, glibc 2.8
  Tue Oct 06 16:00:59 2009 grousse [...] cpan.org - Correspondence added
Le Lun. Mar. 09 09:30:25 2009, GROUSSE a écrit : Show quoted text
> The simple following test case triggers a double free crash in glibc: > #!/usr/bin/perl > > use strict; > use GD; > > my $smallimage = new GD::Image(200,0); > open(JPEG,">some.jpg"); > print JPEG $smallimage->jpeg(30); > close(JPEG); > > [guillaume@oberkampf ~]$ perl test2.pl > gd-jpeg: JPEG library reports unrecoverable error: Empty JPEG image > (DNL > not supported) > *** glibc detected *** perl: double free or corruption (!prev): > 0x000000000076a750 ***
It seems to be a gd issue, tough. Using debian patches, backported from libgd CVS, prevent the crash, and instead lead to the following graceful abort: gd warning: one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully Can't call method "jpeg" on an undefined value at test.pl line 8.
  Tue Oct 06 16:01:04 2009 grousse [...] cpan.org - Status changed from 'new' to 'open'
  Fri Apr 21 18:08:53 2017 RURBAN [...] cpan.org - Correspondence added
I've fixed crashes after libgd errors by properly handling all libdg errors. => GD Warning: one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully gdImageCreate error at blib/lib/GD/Image.pm line 83.
  Fri Apr 21 18:08:59 2017 RURBAN [...] cpan.org - Status changed from 'open' to 'resolved'