[Bug 1796815] Re: imagemagick core dumps on reading gnus.svg

Adam Sjøgren 1796815 at bugs.launchpad.net
Tue Oct 9 08:14:36 UTC 2018 

I tried removing things from gnus.svg to find a minimal example that
makes imagemagick coredump.

Even this .svg results in a coredump:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
   xmlns:dc="http://purl.org/dc/elements/1.1/"
   xmlns:cc="http://creativecommons.org/ns#"
   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
   xmlns:svg="http://www.w3.org/2000/svg"
   xmlns="http://www.w3.org/2000/svg"
   style="display:inline"
   version="1.0">
</svg>

So does the minimal Plain SVG that Inkscape writes:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
   xmlns:dc="http://purl.org/dc/elements/1.1/"
   xmlns:cc="http://creativecommons.org/ns#"
   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
   xmlns:svg="http://www.w3.org/2000/svg"
   xmlns="http://www.w3.org/2000/svg"
   version="1.1"
   id="svg2"
   viewBox="0 0 744.09448819 1052.3622047"
   height="297mm"
   width="210mm">
  <defs
     id="defs4" />
  <metadata
     id="metadata7">
    <rdf:RDF>
      <cc:Work
	 rdf:about="">
	<dc:format>image/svg+xml</dc:format>
	<dc:type
           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
	<dc:title></dc:title>
      </cc:Work>
    </rdf:RDF>
  </metadata>
  <g
     id="layer1" />
</svg>

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1796815

Title:
  imagemagick core dumps on reading gnus.svg

Status in imagemagick package in Ubuntu:
  New

Bug description:
  Running display on gnus.svg (from the emacs24-common package) results
  in a core dump:

      $ /usr/bin/display-im6 /usr/share/emacs/24.5/etc/images/gnus/gnus.svg
      Aborted (core dumped)

  Trying to get a backtrace:

      $ gdb --args /usr/bin/display-im6 /usr/share/emacs/24.5/etc/images/gnus/gnus.svg
      [...]
      Reading symbols from /usr/bin/display-im6...(no debugging symbols found)...done.
      (gdb) run
      Starting program: /usr/bin/display-im6 /usr/share/emacs/24.5/etc/images/gnus/gnus.svg
      [Thread debugging using libthread_db enabled]
      Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
      [New Thread 0x7fffed953700 (LWP 17356)]
      [New Thread 0x7fffed152700 (LWP 17357)]

      Thread 1 "display-im6" received signal SIGSEGV, Segmentation fault.
  0x00007ffff391f8b8 in ?? () from /usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/modules-Q16/coders/svg.so
      (gdb) bt
      #0  0x00007ffff391f8b8 in ?? () from /usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/modules-Q16/coders/svg.so
      #1  0x00007ffff79a4a18 in ReadImage () from /usr/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.2
      #2  0x00007ffff76627af in DisplayImageCommand () from /usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2
      #3  0x00007ffff76ab527 in MagickCommandGenesis () from /usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2
      #4  0x0000000000400877 in ?? ()
      #5  0x00007ffff7037830 in __libc_start_main (main=0x400830, argc=2, argv=0x7fffffffdff8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
      stack_end=0x7fffffffdfe8) at ../csu/libc-start.c:291
      #6  0x00000000004008d9 in ?? ()
      (gdb)

  emacs also crashes when opening that file, with a segmentation fault
  inside ImageMagick, that's how I found the problem:

      $ emacs /usr/share/emacs/24.5/etc/images/gnus/gnus.svg
      Fatal error 11: Segmentation fault
      Backtrace:
      emacs[0x5036d3]
      emacs[0x4e9d6e]
      emacs[0x50249e]
      emacs[0x5026c3]
      /lib/x86_64-linux-gnu/libpthread.so.0(+0x11390)[0x7f6f140e0390]
      /usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/modules-Q16/coders/svg.so(+0xb8b8)[0x7f6f057768b8]
      /usr/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.2(ReadImage+0x198)[0x7f6f16470a18]
      /usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2(MagickReadImage+0x6a)[0x7f6f16942a3a]
      emacs[0x5cd004]
      emacs[0x5d0ea1]
      [....]
      emacs[0x55d74b]
      ...
      Segmentation fault (core dumped)

  This is on:

    Description:	Ubuntu 16.04.5 LTS
    Release:	16.04

  With packages:

      imagemagick:
        Installed: 8:6.8.9.9-7ubuntu5.13
      emacs24-common:
        Installed: 24.5+1-6ubuntu1.1

  Last week I didn't get these crashes, so I guess they are related to a
  security update of the imagemagick packages.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: imagemagick 8:6.8.9.9-7ubuntu5.13
  ProcVersionSignature: Ubuntu 4.15.0-33.36~16.04.1-generic 4.15.18
  Uname: Linux 4.15.0-33-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.18
  Architecture: amd64
  Date: Tue Oct  9 09:49:32 2018
  InstallationDate: Installed on 2011-06-14 (2673 days ago)
  InstallationMedia: Ubuntu 10.04.2 LTS "Lucid Lynx" - Release amd64 (20110211.1)
  SourcePackage: imagemagick
  UpgradeStatus: Upgraded to xenial on 2013-05-07 (1980 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796815/+subscriptions

More information about the foundations-bugs mailing list