python2.7 & python imaging (PIL) dumps core with buffer overflow

Binary package hint: python2.7

Python 2.7 dumps core when doing python imaging (PIL) operations on a TIF file. Below is a sample doing a resize; but another operation like converting the color mode will also dump core.

The unusual color mode may be contributing to the bug.

This cannot be replicated under maverick, where it works as expected.

I will either attach the TIF file to this bug report, or if too large, I will link to it elsewhere.

>>> from PIL import Image
>>> image = Image.open('/home/damon/tmp/samsung.tif')
>>> image
<PIL.TiffImagePlugin.TiffImageFile image mode=YCbCr size=3872x2592 at 0x2904128>
>>> image.thumbnail((242,162), Image.NEAREST)
*** buffer overflow detected ***: python terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f87c2581477]
/lib/libc.so.6(+0xf7390)[0x7f87c2580390]
/usr/lib/python2.7/dist-packages/PIL/_imaging.so(ImagingNewPrologueSubtype+0x97)[0x7f87bf3b11e7]
/usr/lib/python2.7/dist-packages/PIL/_imaging.so(ImagingNewArray+0x11)[0x7f87bf3b1691]
/usr/lib/python2.7/dist-packages/PIL/_imaging.so(+0xfc7b)[0x7f87bf393c7b]
python(PyEval_EvalFrameEx+0x56f3)[0x4ac1a3]
python(PyEval_EvalFrameEx+0x654d)[0x4acffd]
======= Memory map: ========
00400000-0066c000 r-xp 00000000 08:17 131874 /usr/bin/python2.7
0086b000-0086c000 r--p 0026b000 08:17 131874 /usr/bin/python2.7
0086c000-008d4000 rw-p 0026c000 08:17 131874 /usr/bin/python2.7
008d4000-008e6000 rw-p 00000000 00:00 0
01eff000-02968000 rw-p 00000000 00:00 0 [heap]
7f87bf160000-7f87bf183000 r-xp 00000000 08:17 134333 /usr/lib/libjpeg.so.62.0.0
7f87bf183000-7f87bf382000 ---p 00023000 08:17 134333 /usr/lib/libjpeg.so.62.0.0
7f87bf382000-7f87bf383000 r--p 00022000 08:17 134333 /usr/lib/libjpeg.so.62.0.0
7f87bf383000-7f87bf384000 rw-p 00023000 08:17 134333 /usr/lib/libjpeg.so.62.0.0
7f87bf384000-7f87bf3c1000 r-xp 00000000 08:17 269344 /usr/lib/python2.7/dist-packages/PIL/_imaging.so
7f87bf3c1000-7f87bf5c1000 ---p 0003d000 08:17 269344 /usr/lib/python2.7/dist-packages/PIL/_imaging.so
7f87bf5c1000-7f87bf5c4000 r--p 0003d000 08:17 269344 /usr/lib/python2.7/dist-packages/PIL/_imaging.so
7f87bf5c4000-7f87bf5c7000 rw-p 00040000 08:17 269344 /usr/lib/python2.7/dist-packages/PIL/_imaging.so
7f87bf5c7000-7f87bf5e6000 r-xp 00000000 08:17 141864 /usr/lib/python2.7/lib-dynload/_ctypes.so
7f87bf5e6000-7f87bf7e5000 ---p 0001f000 08:17 141864 /usr/lib/python2.7/lib-dynload/_ctypes.so
7f87bf7e5000-7f87bf7e6000 r--p 0001e000 08:17 141864 /usr/lib/python2.7/lib-dynload/_ctypes.so
7f87bf7e6000-7f87bf7ea000 rw-p 0001f000 08:17 141864 /usr/lib/python2.7/lib-dynload/_ctypes.so
7f87bf7ea000-7f87bf7eb000 rw-p 00000000 00:00 0
7f87bf7eb000-7f87bf8ed000 r-xp 00000000 08:17 133829 /usr/lib/libapt-pkg.so.4.10.1
7f87bf8ed000-7f87bfaed000 ---p 00102000 08:17 133829 /usr/lib/libapt-pkg.so.4.10.1
7f87bfaed000-7f87bfaf0000 r--p 00102000 08:17 133829 /usr/lib/libapt-pkg.so.4.10.1
7f87bfaf0000-7f87bfaf1000 rw-p 00105000 08:17 133829 /usr/lib/libapt-pkg.so.4.10.1
7f87bfaf1000-7f87bfaf2000 rw-p 00000000 00:00 0
7f87bfaf2000-7f87bfb34000 r-xp 00000000 08:17 141396 /usr/lib/python2.7/dist-packages/apt_pkg.so
7f87bfb34000-7f87bfd34000 ---p 00042000 08:17 141396 /usr/lib/python2.7/dist-packages/apt_pkg.so
7f87bfd34000-7f87bfd35000 r--p 00042000 08:17 141396 /usr/lib/python2.7/dist-packages/apt_pkg.so
7f87bfd35000-7f87bfd3d000 rw-p 00043000 08:17 141396 /usr/lib/python2.7/dist-packages/apt_pkg.so
7f87bfd3d000-7f87bfd5a000 r-xp 00000000 08:17 141871 /usr/lib/python2.7/lib-dynload/_io.so
7f87bfd5a000-7f87bff59000 ---p 0001d000 08:17 141871 /usr/lib/python2.7/lib-dynload/_io.so
7f87bff59000-7f87bff5a000 r--p 0001c000 08:17 141871 /usr/lib/python2.7/lib-dynload/_io.so
7f87bff5a000-7f87bff63000 rw-p 0001d000 08:17 141871 /usr/lib/python2.7/lib-dynload/_io.so
7f87bff63000-7f87bff72000 r-xp 00000000 08:17 141891 /usr/lib/python2.7/lib-dynload/pyexpat.so
7f87bff72000-7f87c0171000 ---p 0000f000 08:17 141891 /usr/lib/python2.7/lib-dynload/pyexpat.so
7f87c0171000-7f87c0172000 r--p 0000e000 08:17 141891 /usr/lib/python2.7/lib-dynload/pyexpat.so
7f87c0172000-7f87c0174000 rw-p 0000f000 08:17 141891 /usr/lib/python2.7/lib-dynload/pyexpat.so
7f87c0174000-7f87c0187000 r-xp 00000000 08:17 141881 /usr/lib/python2.7/lib-dynload/datetime.so
7f87c0187000-7f87c0386000 ---p 00013000 08:17 141881 /usr/lib/python2.7/lib-dynload/datetime.so
7f87c0386000-7f87c0387000 r--p 00012000 08:17 141881 /usr/lib/python2.7/lib-dynload/datetime.so
7f87c0387000-7f87c038b000 rw-p 00013000 08:17 141881 /usr/lib/python2.7/lib-dynload/datetime.so
7f87c038b000-7f87c038e000 r-xp 00000000 08:17 141869 /usr/lib/python2.7/lib-dynload/_heapq.so
7f87c038e000-7f87c058d000 ---p 00003000 08:17 141869 /usr/lib/python2.7/lib-dynload/_heapq.so
7f87c058d000-7f87c058e000 r--p 00002000 08:17 141869 /usr/lib/python2.7/lib-dynload/_heapq.so
7f87c058e000-7f87c0590000 rw-p 00003000 08:17 141869 /usr/lib/python2.7/lib-dynload/_heapq.so
7f87c0590000-7f87c05b6000 r-xp 00000000 08:17 261712 /lib/libexpat.so.1.5.2
7f87c05b6000-7f87c07b6000 ---p 00026000 08:17 261712 /lib/libexpat.so.1.5.2
7f87c07b6000-7f87c07b8000 r--p 00026000 08:17 261712 /lib/libexpat.so.1.5.2
7f87c07b8000-7f87c07b9000 rw-p 00028000 08:17 261712 /lib/libexpat.so.1.5.2
7f87c07b9000-7f87c07c0000 r-xp 00000000 08:17 292210 /lib/librt-2.12.2.so
7f87c07c0000-7f87c09bf000 ---p 00007000 08:17 292210 /lib/librt-2.12.2.so
7f87c09bf000-7f87c09c0000 r--p 00006000 08:17 292210 /lib/librt-2.12.2.so
7f87c09c0000-7f87c09c1000 rw-p 00007000 08:17 292210 /lib/librt-2.12.2.so
7f87c09c1000-7f87c09d6000 r-xp 00000000 08:17 261662 /lib/libgcc_s.so.1
7f87c09d6000-7f87c0bd5000 ---p 00015000 08:17 261662 /lib/libgcc_s.so.1
7f87c0bd5000-7f87c0bd6000 r--p 00014000 08:17 261662 /lib/libgcc_s.so.1
7f87c0bd6000-7f87c0bd7000 rw-p 00015000 08:17 261662 /lib/libgcc_s.so.1
7f87c0bd7000-7f87c0cbf000 r-xp 00000000 08:17 131103 /usr/lib/libstdc++.so.6.0.14
7f87c0cbf000-7f87c0ebe000 ---p 000e8000 08:17 131103 /usr/lib/libstdc++.so.6.0.14
7f87c0ebe000-7f87c0ec6000 r--p 000e7000 08:17 131103 /usr/lib/libstdc++.so.6.0.14
7f87c0ec6000-7f87c0ec8000 rw-p 000ef000 08:17 131103 /usr/lib/libstdc++.so.6.0.14
7f87c0ec8000-7f87c0edd000 rw-p 00000000 00:00 0
7f87c0edd000Aborted (core dumped)

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: python2.7-minimal 2.7.1-3
ProcVersionSignature: Ubuntu 2.6.38-3.30-generic 2.6.38-rc4
Uname: Linux 2.6.38-3-generic x86_64
Architecture: amd64
AssertionMessage: *** buffer overflow detected ***: python terminated
Date: Sat Feb 12 12:44:25 2011
ExecutablePath: /usr/bin/python2.7
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha amd64 (20110202)
ProcCmdline: python
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LC_MESSAGES=en_US.utf8
 LANG=en_US.UTF-8
 LANGUAGE=en_US:en
Signal: 6
SourcePackage: python2.7
StacktraceTop:
 raise () from /lib/libc.so.6
 abort () from /lib/libc.so.6
 ?? () from /lib/libc.so.6
 __fortify_fail () from /lib/libc.so.6
 __chk_fail () from /lib/libc.so.6
Title: python2.7 assert failure: *** buffer overflow detected ***: python terminated
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare