Ubuntu
imagemagick package

[apport] identify crashed with SIGSEGV in realloc()

Bug #86587 reported by Mikael Nilsson
338
This bug affects 1 person
Affects Status Importance Assigned to Milestone
imagemagick (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: imagemagick

While running trackerd

ProblemType: Crash
CrashCounter: 1
Date: Tue Feb 20 23:31:05 2007
DistroRelease: Ubuntu 7.04
ExecutablePath: /usr/bin/identify
Package: imagemagick 7:6.2.4.5.dfsg1-0.14
ProcCmdline: identify -format %w;\\n%h;\\n%c;\\n -ping /home/mini/software/Jena-2.5.1/doc/images/originals/jena-logo.eps
ProcCwd: /home/mini
ProcEnviron:
 SHELL=/bin/bash
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
 LANG=sv_SE.UTF-8
 LANGUAGE=sv_SE:sv:en_GB:en
Signal: 11
SourcePackage: imagemagick
StacktraceTop:
 realloc () from /lib/tls/i686/cmov/libc.so.6
 ResizeMagickMemory () from /usr/lib/libMagick.so.9
 ?? () from /usr/lib/libMagick.so.9
 ?? ()
 ?? ()
Uname: Linux daneel 2.6.20-8-generic #2 SMP Tue Feb 13 05:18:42 UTC 2007 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev scanner video

Revision history for this message
Mikael Nilsson (mini) wrote :
Revision history for this message
Daniel Holbach (dholbach) wrote :

Thanks for your bug report. Can you get a log by running it under valgrind? (http://wiki.ubuntu.com/Valgrind)

Changed in imagemagick:
importance: Undecided → Medium
status: Unconfirmed → Needs Info
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:realloc () from /lib/tls/i686/cmov/libc.so.6
ResizeMagickMemory (memory=0xb750c000, size=1510) at magick/memory.c:679
AcquirePixelStream (image=0x82b9f68, x=0, y=0, columns=151, rows=1, exception=0x82bd130) at magick/stream.c:221
AcquireImagePixels (image=0x82b9f68, x=0, y=0, columns=151, rows=1, exception=0x82bd130) at magick/cache.c:482
ConsolidateCMYKImages (images=0xb7f8c850, exception=0x82bd130) at magick/transform.c:407

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Revision history for this message
Sebastien Bacher (seb128) wrote :

We are closing this bug report as it lacks the information, described in the previous comments, we need to investigate the problem further. However, please reopen it if you can give us the missing information and don't hesitate to submit bug reports in the future.

Changed in imagemagick:
status: Needs Info → Rejected
Revision history for this message
PrivateUser132781 (privateuser132781-deactivatedaccount) wrote :

I experienced a similar problem while trackerd was indexing an eps using identify. I tried using valgrind by entering the following:

G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log identify -format '%w;\\n%h;\\n%c;\\n' -ping /home/eduard/Documents/Filosofie/articles/creative\ commons/cc-license-buttons.eps

but it doesn't seem to work. Any advice as to how to get useful results?

valgrind.log contains the following:

==26559== Memcheck, a memory error detector.
==26559== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==26559== Using LibVEX rev 1732, a library for dynamic binary translation.
==26559== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==26559== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation framework.
==26559== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==26559==
==26559== My PID = 26559, parent PID = 26357. Prog and args are:
==26559== identify
==26559== -format
==26559== %w;\\n%h;\\n%c;\\n
==26559== -ping
==26559== /home/eduard/Documents/Filosofie/articles/creative commons/cc-license-buttons.eps
==26559==
--26559--
--26559-- Command line
--26559-- identify
--26559-- -format
--26559-- %w;\\n%h;\\n%c;\\n
--26559-- -ping
--26559-- /home/eduard/Documents/Filosofie/articles/creative commons/cc-license-buttons.eps
--26559-- Startup, with flags:
--26559-- -v
--26559-- --tool=memcheck
--26559-- --leak-check=full
--26559-- --num-callers=40
--26559-- --log-file=valgrind.log
--26559-- Contents of /proc/version:
--26559-- Linux version 2.6.22-12-generic (buildd@vernadsky) (gcc version 4.1.3 20070831 (prerelease) (Ubuntu 4.1.2-16ubuntu1)) #1 SMP Sun Sep 23 18:11:30 GMT 2007
--26559-- Arch and hwcaps: X86, x86-sse1-sse2
--26559-- Page sizes: currently 4096, max supported 4096
--26559-- Valgrind library directory: /usr/lib/valgrind
--26559-- Reading syms from /lib/ld-2.6.1.so (0x4000000)
--26559-- Reading debug info from /lib/ld-2.6.1.so...
--26559-- ... CRC mismatch (computed B27DA0E3 wanted C257421F)
--26559-- object doesn't have a symbol table
--26559-- Reading syms from /usr/bin/identify (0x8048000)
--26559-- Reading debug info from /usr/bin/identify...
--26559-- ... CRC mismatch (computed 08889BE6 wanted 58B48E38)
--26559-- object doesn't have a symbol table
--26559-- Reading syms from /usr/lib/valgrind/x86-linux/memcheck (0x38000000)
--26559-- object doesn't have a dynamic symbol table
--26559-- Reading suppressions file: /usr/lib/valgrind/default.supp
==26559== FATAL: can't open suppressions file '/usr/lib/valgrind/default.supp'

Revision history for this message
PrivateUser132781 (privateuser132781-deactivatedaccount) wrote :

Managed to run with memcheck using valgrind. I attach the logs. I hope this is helpful.

Revision history for this message
PrivateUser132781 (privateuser132781-deactivatedaccount) wrote :
Revision history for this message
PrivateUser132781 (privateuser132781-deactivatedaccount) wrote :

There are multiple duplicates of this bug, at least one of which has been marked as confirmed. Also, the requested info has now been added.

Changed in imagemagick:
status: Invalid → Confirmed
Revision history for this message
PrivateUser132781 (privateuser132781-deactivatedaccount) wrote :

Here are two more valgrind logs from duplicate bugs:

http://launchpadlibrarian.net/7045170/valgrind-logs-identify.tar.gz

http://launchpadlibrarian.net/6857854/valgrind.log.22622

Revision history for this message
Mathieu Laurent (mla) wrote :

Hello,

I have also this bug.

The dialog box of apport (bug-buddy) is displayed with message like this :

identify crashed

or

mplayer crashed

without using these applications, so i think it's a program crash during tracker indexing.

I use gutsy since 2 days.

Revision history for this message
Petr Zelenka (zelenp) wrote : Re: [Bug 86587] Re: [apport] identify crashed with SIGSEGV in realloc()

2007/9/30, Mathieu Laurent <email address hidden>:
> Hello,
>
> I have also this bug.
>
> The dialog box of apport (bug-buddy) is displayed with message like this
> :
>
> identify crashed
>
> or
>
> mplayer crashed
>
> without using these applications, so i think it's a program crash during
> tracker indexing.
>
> I use gutsy since 2 days.
>
> --
> [apport] identify crashed with SIGSEGV in realloc()
> https://bugs.launchpad.net/bugs/86587
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

Hi,

same issue at my side. A have already filed a bugreport to launchpad.
IMHO it has nothing to do with Xfce...

Petr

Revision history for this message
fx5 (packaging) wrote : A way to reproduce the crash

identify -ping "/usr/share/tk8.4/images/logo.eps"
Segmentation fault (core dumped)

The image is from tk8.4-package.

Revision history for this message
Daniel J Blueman (danielblueman) wrote : Re: [apport] identify crashed with SIGSEGV in free()
Download full text (4.2 KiB)

I have reproduced this with Ubuntu Gutsy 7.10 AMD64, but with free() crashing. imagemagick is version 7:6.2.4.5.dfsg1-2ubuntu1.

The bug does NOT occur (and valgrind shows no problem) when the '-ping' argument is NOT present.

Let me know if further information is needed.

$ valgrind --trace-children=yes --leak-check=yes identify -ping /store/users/daniel/projects/photo/edge/gimp-2.4.0~rc2/themes/Default/images/preferences/folders.xcf.gz
==8446== Memcheck, a memory error detector.
==8446== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==8446== Using LibVEX rev 1732, a library for dynamic binary translation.
==8446== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==8446== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation framework.
==8446== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==8446== For more details, rerun with: -v
==8446==
/tmp/magick-XXpEQYfK[0] XCF 48x48 DirectClass 16kb
/tmp/magick-XXpEQYfK[1] XCF 19x21 19x21+4+21 DirectClass 16kb
/tmp/magick-XXpEQYfK[2] XCF 24x24 24x24+2+22 DirectClass 16kb
/tmp/magick-XXpEQYfK[3] XCF 37x31 37x31+2+15 DirectClass 16kb
/tmp/magick-XXpEQYfK[4] XCF 24x24 24x24+2+22 DirectClass 16kb
/tmp/magick-XXpEQYfK[5] XCF 22x22 22x22+4+26 DirectClass 16kb
/tmp/magick-XXpEQYfK[6] XCF 24x24 24x24+4+23 DirectClass 16kb
/tmp/magick-XXpEQYfK[7] XCF 22x22 22x22+2+24 DirectClass 16kb
/tmp/magick-XXpEQYfK[8] XCF 22x22 22x22+2+24 DirectClass 16kb
==8446== Invalid free() / delete / delete[]
==8446== at 0x4C2182B: free (vg_replace_malloc.c:233)
==8446== by 0x4F47B1D: RelinquishMagickMemory (in /usr/lib/libMagick.so.9.0.0)
==8446== by 0x4F95A7D: (within /usr/lib/libMagick.so.9.0.0)
==8446== by 0x4F33359: DestroyImage (in /usr/lib/libMagick.so.9.0.0)
==8446== by 0x4F4166E: DestroyImageList (in /usr/lib/libMagick.so.9.0.0)
==8446== by 0x4F2F257: IdentifyImageCommand (in /usr/lib/libMagick.so.9.0.0)
==8446== by 0x400DBD: (within /usr/bin/identify)
==8446== by 0x586DB43: (below main) (in /lib/libc-2.6.1.so)
==8446== Address 0x417C000 is not stack'd, malloc'd or (recently) free'd
==8446==
==8446== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==8446== malloc/free: in use at exit: 816 bytes in 2 blocks.
==8446== malloc/free: 3,844 allocs, 3,843 frees, 5,968,497 bytes allocated.
==8446== For counts of detected errors, rerun with: -v
==8446== searching for pointers to 2 not-freed blocks.
==8446== checked 1,362,952 bytes.
==8446==
==8446==
==8446== 384 bytes in 1 blocks are definitely lost in loss record 1 of 2
==8446== at 0x4C21C16: malloc (vg_replace_malloc.c:149)
==8446== by 0x4F95EC3: (within /usr/lib/libMagick.so.9.0.0)
==8446== by 0x4F32CE6: SetImageExtent (in /usr/lib/libMagick.so.9.0.0)
==8446== by 0x5040E3F: (within /usr/lib/libMagick.so.9.0.0)
==8446== by 0x4EC4EAD: ReadImage (in /usr/lib/libMagick.so.9.0.0)
==8446== by 0x4F9591A: ReadStream (in /usr/lib/libMagick.so.9.0.0)
==8446== by 0x4EC5BE1: PingImage (in /usr/lib/libMagick.so.9.0.0)
==8446== by 0x4F2F3C8: IdentifyImageCommand (in /usr/lib/libMagick.so.9.0.0)
==8446== by 0x400DBD: (within /usr/bin/identify)
==8446== by 0x5...

Read more...

Revision history for this message
Adam Buchbinder (adam-buchbinder) wrote :

This also appears in Hardy; there's a backtrace on that distribution in (duplicate) bug 183589.

Revision history for this message
Adam Buchbinder (adam-buchbinder) wrote :

This appears to be fixed in imagemagick 7:6.3.7.9.dfsg1-2ubuntu3 in Intrepid.

$ identify -ping "/usr/share/tcltk/tk8.4/images/logo.eps"
/usr/share/tcltk/tk8.4/images/logo.eps PS 120x181 120x181+0+0 DirectClass 16-bit 84.9551kb

If anyone can still reproduce this issue with the current version from Intrepid, please attach an offending image, and I'll see if I can file a report upstream.

Changed in imagemagick:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.