Ubuntu
imagemagick package

Infinite loop when converting a Asana Math glyph to image

Bug #1407911 reported by Qian Hong
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ImageMagick
New
Undecided
Unassigned
imagemagick (Ubuntu)
New
Undecided
Unassigned

Bug Description

printf "\U1d763" | convert -font Asana-Math.ttf -background white -fill black -pointsize 300 label:@- loop.png

The above command line causes an infinite loop for me, reproduced 100%.
It also creates a large temp file in /tmp until my system dead :(

BTW, imagemagick is a great tool, thanks for the great work!

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: imagemagick 8:6.7.7.10+dfsg-4ubuntu1
ProcVersionSignature: Ubuntu 3.16.0-28.38-generic 3.16.7-ckt1
Uname: Linux 3.16.0-28-generic i686
NonfreeKernelModules: wl
ApportVersion: 2.14.7-0ubuntu8
Architecture: i386
CurrentDesktop: Unity
Date: Tue Jan 6 17:43:34 2015
InstallationDate: Installed on 2014-12-16 (21 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release i386 (20141022.1)
SourcePackage: imagemagick
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Qian Hong (fracting) wrote :
Revision history for this message
Qian Hong (fracting) wrote :
Download full text (6.1 KiB)

I looped over Asana-Math font, and glyph U+1d763 is the only one cause the infinite loop, maybe the font itself is buggy, but it will still be nice to avoid infinite loop in imagemagick's side.

$ sha1sum Asana-Math.ttf
c2214f437d07b9b078c1e0027c5d4069dcf2255a Asana-Math.ttf

$ ls -l Asana-Math.ttf
-rw-r----- 1 fracting fracting 499040 1月 6 13:11 Asana-Math.ttf

Here are three backtraces:

Loaded symbols for /usr/lib/i386-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/label.so
0xb76e2c7c in __kernel_vsyscall ()
(gdb) bt
#0 0xb76e2c7c in __kernel_vsyscall ()
#1 0xb72677a2 in do_pwrite64 (offset=1879049088, count=268435584,
    buf=0xa65f5008, fd=3) at ../sysdeps/unix/sysv/linux/pwrite64.c:41
#2 __libc_pwrite64 (fd=3, buf=0xa65f5008, count=268435584, offset=1879049088)
    at ../sysdeps/unix/sysv/linux/pwrite64.c:57
#3 0xb73f6591 in WritePixelCacheRegion (cache_info=<optimized out>,
    buffer=<optimized out>, length=<optimized out>, offset=<optimized out>)
    at magick/cache.c:697
#4 WritePixelCachePixels (exception=<optimized out>,
    nexus_info=<optimized out>, cache_info=<optimized out>)
    at magick/cache.c:5651
#5 SyncAuthenticPixelCacheNexus (image=0x0, nexus_info=0x8991958,
    exception=0x8984c80) at magick/cache.c:5275
#6 0xb73f805f in SyncCacheViewAuthenticPixels (cache_view=0x8987308,
    exception=0x8984c80) at magick/cache-view.c:1005
#7 0xb74dd97b in SetImageBackgroundColor (image=0x8981ab8)
    at magick/image.c:3003
#8 0xb76dcbd9 in ReadLABELImage (image_info=0x89786f0, exception=0x895add8)
    at coders/label.c:195
#9 0xb74432b1 in ReadImage (image_info=0x895f6d0, exception=0x895add8)
    at magick/constitute.c:590
#10 0xb744467d in ReadImages (image_info=0x895f6d0, exception=0x895add8)
    at magick/constitute.c:901
---Type <return> to continue, or q <return> to quit---
#11 0xb72abfe5 in ConvertImageCommand (image_info=0xa, argc=11,
    argv=0x895a798, metadata=0x0, exception=0x895add8) at wand/convert.c:601
#12 0xb73157ec in MagickCommandGenesis (image_info=0x895b058,
    command=0x8048600 <ConvertImageCommand@plt>, argc=11, argv=0xbf88f0a4,
    metadata=0x0, exception=0x895add8) at wand/mogrify.c:161
#13 0x08048678 in ConvertMain (argv=0xbf88f0a4, argc=<optimized out>)
    at utilities/convert.c:81
#14 main (argc=11, argv=0xbf88f0a4) at utilities/convert.c:92
(gdb)
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0xb76e2c7c in __kernel_vsyscall ()
(gdb) bt
#0 0xb76e2c7c in __kernel_vsyscall ()
#1 0xb72677a2 in do_pwrite64 (offset=2415920256, count=268435584,
    buf=0xa65f5008, fd=3) at ../sysdeps/unix/sysv/linux/pwrite64.c:41
#2 __libc_pwrite64 (fd=3, buf=0xa65f5008, count=268435584, offset=2415920256)
    at ../sysdeps/unix/sysv/linux/pwrite64.c:57
#3 0xb73f6591 in WritePixelCacheRegion (cache_info=<optimized out>,
    buffer=<optimized out>, length=<optimized out>, offset=<optimized out>)
    at magick/cache.c:697
#4 WritePixelCachePixels (exception=<optimized out>,
    nexus_info=<optimized out>, cache_info=<optimized out>)
    at magick/cache.c:5651
#5 SyncAuthenticPixelCacheNexus (image=0x0, nexus_info=0x8991958,
    exception=0x8984c80) at magick/cache.c:5275
#6 0x...

Read more...

Revision history for this message
broucaries (roucaries-bastien+bugs) wrote :

http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=27557

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.