Comment 2 for bug 546154

The problem is in dmg2img.c, around line 560:

if (convert_char8((unsigned char *)parts[1].Data + 24) != 0)

Looking at the backtrace, gdb shows that 0x18 is passed to convert_char8():

#0 0x08048d5a in convert_char8 (c=0x18 <Address 0x18 out of bounds>) at dmg2img.h:80

0x18 == 24 decimal, the value added to parts[1].Data.

Therefore I sumise the pointer in parts[1].Data is unexpectedly 0, and isn't checked for.