Project

General

Profile

Bug #10683

Possible libpng API misuse

Added by James Hemsing over 4 years ago. Updated 8 months ago.

Status:
Fixed
Priority:
Low
Assignee:
Category:
General
Target version:
-
Start date:
10/25/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
git development version
System:
all
bitness:
64-bit
hardware architecture:
amd64/x86

Description

When trying to recursively import .jpg files, darktable crashes only a few files into the process, and then crashes on further attempts to launch the file. If I delete .config/darktable and .cache/darktable, I'm able to open darktable, but am still unable to import.

System:
darktable version: 1:1.6.9-0pmjdebruijn1~wily
Ubuntu 15.10
Core i7 4790 w/16GB of RAM
Intel HD 4600 video with standard repo drivers

First run console output:

[defaults] found a 64-bit system with 16312912 kb ram and 8 cores (0 atom based)
[defaults] setting high quality defaults
[mipmap_cache] cache is empty, file `/home/josef/.cache/darktable/mipmaps-552f3b94939c3419f3022f039a46acb82d1f4419' doesn't exist
  • Error in `darktable': free(): invalid pointer: 0x00007f3758017040 ***
    Magick: abort due to signal 6 (SIGABRT) "Abort"...
    Aborted (core dumped)

Subsequent run output:

[defaults] found a 64-bit system with 16312912 kb ram and 8 cores (0 atom based)
[defaults] setting high quality defaults
[mipmap_cache] cache is empty, file `/home/josef/.cache/darktable/mipmaps-552f3b94939c3419f3022f039a46acb82d1f4419' doesn't exist
libpng error: incorrect data check
  • Error in `darktable': free(): invalid pointer: 0x00007f441002c1e0 ***
  • Error in `darktable': munmap_chunk(): invalid pointer: 0x00007f4424014200 ***
    Magick: abort due to signal 6 (SIGABRT) "Abort"...
    Aborted (core dumped)
dt_post.log (123 KB) dt_post.log Subsequent launches James Hemsing, 10/25/2015 05:29 AM
dt_pre.log (213 KB) dt_pre.log On first import James Hemsing, 10/25/2015 05:29 AM
trace.txt (3.5 KB) trace.txt Stack trace from GDB James Hemsing, 10/25/2015 05:29 AM
_usr_bin_darktable.1000.crash (6.91 MB) _usr_bin_darktable.1000.crash James Hemsing, 10/25/2015 05:29 AM
f100798648.png (628 Bytes) f100798648.png James Hemsing, 10/25/2015 08:04 PM

Associated revisions

Revision 1d3e8cc8 (diff)
Added by Roman Lebedev over 4 years ago

Properly read PNGs. Fixes #10683

Basically, for that specific png, after png_read_update_info(),
png_get_rowbytes() changed, so we ended up heap-buffer-overflow-ing.

History

#1 Updated by James C. McPherson over 4 years ago

We're going to need a stack trace / backtrace from the failure. Such a thing will likely be in /var/tmp/ with a filename start "dt_".

Also, if you have it, the core itself would be good.

Do you have a ~/.xsession-errors file? There will likely be messages from darktable in there which would be helpful.

Finally, if you could run

darktable -d all > /tmp/dt.log 2>&1

and attach that file to this bug following the crash, that would be helpful as well.

#2 Updated by James Hemsing over 4 years ago

The .xsession-errors file doesn't have anything in it related to darktable, only upstart errors.

Here are the other files. I'm not sure if the .crash is from the same crash as the other files, so I'll see if I can get apport to make a new one.

I just copied and pasted the stacktrace from gdb. Let me know if there is a better way.

#3 Updated by Roman Lebedev over 4 years ago

Looks like a libpng issue.
Could you please upload /home/josef/Pictures/2015/10/23/f100798648.png ?
From the bt, it seems it causes the issue.

#4 Updated by James Hemsing over 4 years ago

Roman Lebedev wrote:

Looks like a libpng issue.
Could you please upload /home/josef/Pictures/2015/10/23/f100798648.png ?
From the bt, it seems it causes the issue.

#5 Updated by Roman Lebedev over 4 years ago

  • System changed from Ubuntu to all
  • Affected Version changed from 1.6.9 to git development version
  • % Done changed from 0 to 10
  • Status changed from New to Confirmed

#6 Updated by Roman Lebedev over 4 years ago

  • Assignee set to Roman Lebedev
  • Subject changed from darktable crashes on library import and subsequent launches to Possible libpng API misuse

#7 Updated by Roman Lebedev over 4 years ago

  • % Done changed from 10 to 100
  • Status changed from Confirmed to Fixed

Also available in: Atom PDF

Go to top