bug#29217: 25.3; Emacs segfaults on images

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

bug#29217: 25.3; Emacs segfaults on images

Klaus Alexander Seistrup
Visiting an image file, be it a JPEG or a PNG, makes emacs segfault.

I discovered this while reading a news article in Gnus that had
https://www.brk.dk/Nyheder/PublishingImages/mad.jpg embedded, but
downloading the image and running

$ /usr/bin/emacs -Q /tmp/mad.jpg

or, in effect, any JPG or PNG image, produces this stack trace:

Fatal error 11: Segmentation fault
Backtrace:
/usr/bin/emacs[0x50907f]
/usr/bin/emacs[0x4eefbc]
/usr/bin/emacs[0x50771f]
/usr/bin/emacs[0x5078e9]
/usr/bin/emacs[0x507975]
/usr/lib/libpthread.so.0(+0x11da0)[0x7fc039d43da0]
/usr/lib/libMagickCore-6.Q16HDRI.so.5(+0x6bdc7)[0x7fc03c2d6dc7]
/usr/lib/libMagickCore-6.Q16HDRI.so.5(+0x426ef)[0x7fc03c2ad6ef]
/usr/lib/libMagickCore-6.Q16HDRI.so.5(UnsharpMaskImageChannel+0xaf)[0x7fc03c35668f]
/usr/lib/libMagickCore-6.Q16HDRI.so.5(+0x150429)[0x7fc03c3bb429]
/usr/lib/libMagickCore-6.Q16HDRI.so.5(+0x150cba)[0x7fc03c3bbcba]
/usr/lib/libMagickCore-6.Q16HDRI.so.5(InitOpenCLEnv+0x7c)[0x7fc03c3bc7cc]
/usr/lib/libMagickCore-6.Q16HDRI.so.5(+0x3fb52)[0x7fc03c2aab52]
/usr/lib/libMagickCore-6.Q16HDRI.so.5(+0x43639)[0x7fc03c2ae639]
/usr/lib/libMagickCore-6.Q16HDRI.so.5(CompositeImageChannel+0x2e3)[0x7fc03c2f8db3]
/usr/lib/libMagickCore-6.Q16HDRI.so.5(MergeImageLayers+0x2f5)[0x7fc03c39e7a5]
/usr/lib/libMagickWand-6.Q16HDRI.so.5(MagickMergeImageLayers+0x4b)[0x7fc03c7ee29b]
/usr/bin/emacs[0x5d7099]
/usr/bin/emacs[0x5df2bd]
/usr/bin/emacs[0x5df7c1]
/usr/bin/emacs[0x5635e6]
/usr/bin/emacs[0x59c034]
/usr/bin/emacs[0x56345b]
/usr/bin/emacs[0x59c034]
/usr/bin/emacs[0x56345b]
/usr/bin/emacs[0x59c034]
/usr/bin/emacs[0x56345b]
/usr/bin/emacs[0x59c034]
/usr/bin/emacs[0x56345b]
/usr/bin/emacs[0x59c034]
/usr/bin/emacs[0x56345b]
/usr/bin/emacs[0x59c034]
/usr/bin/emacs[0x56345b]
/usr/bin/emacs[0x59c034]
/usr/bin/emacs[0x56345b]
/usr/bin/emacs[0x59c034]
/usr/bin/emacs[0x56345b]
/usr/bin/emacs[0x59c034]
/usr/bin/emacs[0x56345b]
/usr/bin/emacs[0x59c034]
/usr/bin/emacs[0x56345b]
...
Segmentation fault (core dumped)


This is the newest version of emacs and ImageMagick on ArchLinux:

extra/emacs 25.3-1
extra/imagemagick 6.9.9.22-1

and I should add that "display /tmp/mad.jpg" does not segfault.




In GNU Emacs 25.3.1 (x86_64-pc-linux-gnu, GTK+ Version 3.22.19)
 of 2017-09-16 built on juergen
Windowing system distributor 'The X.Org Foundation', version 11.0.11905000
System Description: Arch Linux

Configured using:
 'configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib
 --localstatedir=/var --with-x-toolkit=gtk3 --with-xft --with-modules
 'CFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong
 -fno-plt' CPPFLAGS=-D_FORTIFY_SOURCE=2
 LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now'

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GCONF GSETTINGS
NOTIFY ACL GNUTLS LIBXML2 FREETYPE M17N_FLT LIBOTF XFT ZLIB
TOOLKIT_SCROLL_BARS GTK3 X11 MODULES

Important settings:
  value of $LC_ALL: en_DK.UTF-8
  value of $LANG: en_DK.UTF-8
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

Minor modes in effect:
  show-paren-mode: t
  display-time-mode: t
  delete-selection-mode: t
  save-place-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent messages:
Loading time...done
Loading paren...done

Load-path shadows:
None found.

Features:
(shadow sort hashcash mail-extr emacsbug message idna dired rfc822 mml
mml-sec password-cache epg gnus-util mm-decode mm-bodies mm-encode
mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047
rfc2045 ietf-drums mm-util help-fns mail-prsvr mail-utils paren time
cus-start cus-load delsel org advice org-macro org-footnote
org-pcomplete pcomplete org-list org-faces org-entities noutline outline
easy-mmode org-version ob-emacs-lisp ob ob-tangle ob-ref ob-lob ob-table
ob-exp org-src ob-keys ob-comint comint ansi-color ring ob-core ob-eval
org-compat org-macs org-loaddefs format-spec find-func cal-menu calendar
cal-loaddefs saveplace finder-inf package epg-config seq byte-opt gv
bytecomp byte-compile cl-extra help-mode easymenu cconv cl-loaddefs
pcase cl-lib time-date mule-util tooltip eldoc electric uniquify
ediff-hook vc-hooks lisp-float-type mwheel x-win term/common-win x-dnd
tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment
elisp-mode lisp-mode prog-mode register page menu-bar rfn-eshadow timer
select scroll-bar mouse jit-lock font-lock syntax facemenu font-core
frame cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan
thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian
slovak czech european ethiopic indian cyrillic chinese charscript
case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer
cl-preloaded nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote dbusbind inotify
dynamic-setting system-font-setting font-render-setting move-toolbar gtk
x-toolkit x multi-tty make-network-process emacs)

Memory information:
((conses 16 153610 7149)
 (symbols 48 27855 0)
 (miscs 40 1092 138)
 (strings 32 39082 5434)
 (string-bytes 1 1225760)
 (vectors 16 20396)
 (vector-slots 8 532615 2664)
 (floats 8 230 118)
 (intervals 56 246 0)
 (buffers 976 19))

--
READ CAREFULLY. By reading this email, you agree, on behalf of your
employer, to release me from all obligations and waivers arising from
any and all NON-NEGOTIATED agreements, licenses, terms-of-service,
shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure,
non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I
have entered into with your employer, its partners, licensors, agents
and assigns, in perpetuity, without prejudice to my ongoing rights and
privileges. You further represent that you have the authority to
release me from any BOGUS AGREEMENTS on behalf of your employer.



Reply | Threaded
Open this post in threaded view
|

bug#29217: 25.3; Emacs segfaults on images

Charles A. Roelli
> Fatal error 11: Segmentation fault
> Backtrace:
> /usr/bin/emacs[0x50907f]
> /usr/bin/emacs[0x4eefbc]
> /usr/bin/emacs[0x50771f]
> /usr/bin/emacs[0x5078e9]
> /usr/bin/emacs[0x507975]
> /usr/lib/libpthread.so.0(+0x11da0)[0x7fc039d43da0]
> /usr/lib/libMagickCore-6.Q16HDRI.so.5(+0x6bdc7)[0x7fc03c2d6dc7]

Could you please show the corresponding backtrace from GDB?  I can't
reproduce the issue locally.



Reply | Threaded
Open this post in threaded view
|

bug#29217: 25.3; Emacs segfaults on images

Klaus Alexander Seistrup
Charles A. Roelli wrote:

> Could you please show the corresponding backtrace from GDB?

#v+

Starting program: /usr/bin/emacs -Q /tmp/test.jpg
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7fffe582a700 (LWP 23637)]
[New Thread 0x7fffe3ea0700 (LWP 23638)]
[New Thread 0x7fffe369f700 (LWP 23639)]
[New Thread 0x7fffddb11700 (LWP 23641)]
[New Thread 0x7fffcee07700 (LWP 23647)]
[New Thread 0x7fffce606700 (LWP 23648)]
[New Thread 0x7fffcde05700 (LWP 23649)]
[New Thread 0x7fffcd604700 (LWP 23650)]
[New Thread 0x7fffcce03700 (LWP 23651)]
[New Thread 0x7fffcc602700 (LWP 23652)]
[New Thread 0x7fffcbe01700 (LWP 23653)]

Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
0x00007ffff3619dc7 in ?? () from /usr/lib/libMagickCore-6.Q16HDRI.so.5
#0  0x00007ffff3619dc7 in  () at /usr/lib/libMagickCore-6.Q16HDRI.so.5
#1  0x00007ffff35f06ef in  () at /usr/lib/libMagickCore-6.Q16HDRI.so.5
#2  0x00007ffff369968f in UnsharpMaskImageChannel () at /usr/lib/libMagickCore-6.Q16HDRI.so.5
#3  0x00007ffff36fe429 in  () at /usr/lib/libMagickCore-6.Q16HDRI.so.5
#4  0x00007ffff36fecba in  () at /usr/lib/libMagickCore-6.Q16HDRI.so.5
#5  0x00007ffff36ff7cc in InitOpenCLEnv () at /usr/lib/libMagickCore-6.Q16HDRI.so.5
#6  0x00007ffff35edb52 in  () at /usr/lib/libMagickCore-6.Q16HDRI.so.5
#7  0x00007ffff35f1639 in  () at /usr/lib/libMagickCore-6.Q16HDRI.so.5
#8  0x00007ffff363bdb3 in CompositeImageChannel () at /usr/lib/libMagickCore-6.Q16HDRI.so.5
#9  0x00007ffff36e17a5 in MergeImageLayers () at /usr/lib/libMagickCore-6.Q16HDRI.so.5
#10 0x00007ffff3b3129b in MagickMergeImageLayers () at /usr/lib/libMagickWand-6.Q16HDRI.so.5
#11 0x00000000005cdb21 in  ()
#12 0x00000000005d5ac5 in  ()
#13 0x00000000005d5fb1 in  ()
#14 0x000000000055c606 in  ()
#15 0x0000000000593eb3 in  ()
#16 0x000000000055c483 in  ()
#17 0x0000000000593eb3 in  ()
#18 0x000000000055c483 in  ()
#19 0x0000000000593eb3 in  ()
#20 0x000000000055c483 in  ()
#21 0x0000000000593eb3 in  ()
#22 0x000000000055c483 in  ()
#23 0x0000000000593eb3 in  ()
#24 0x000000000055c483 in  ()
#25 0x0000000000593eb3 in  ()
#26 0x000000000055c483 in  ()
#27 0x0000000000593eb3 in  ()
#28 0x000000000055c483 in  ()
#29 0x0000000000593eb3 in  ()
#30 0x000000000055c483 in  ()
#31 0x0000000000593eb3 in  ()
#32 0x000000000055c483 in  ()
#33 0x0000000000593eb3 in  ()
#34 0x000000000055c483 in  ()
#35 0x0000000000593eb3 in  ()
#36 0x000000000055c483 in  ()
#37 0x0000000000593eb3 in  ()
#38 0x000000000055c483 in  ()
#39 0x0000000000593eb3 in  ()
#40 0x000000000055c483 in  ()
#41 0x0000000000593eb3 in  ()
#42 0x000000000055eb6d in  ()
#43 0x000000000055e108 in  ()
#44 0x000000000055fde4 in  ()
#45 0x000000000055ba93 in  ()
#46 0x00000000004ebe19 in  ()
#47 0x000000000055ba1a in  ()
#48 0x00000000004eaf19 in  ()
#49 0x00000000004ef67c in  ()
#50 0x00000000004ef997 in  ()
#51 0x000000000041491a in  ()
#52 0x00007ffff0ae7f6a in __libc_start_main () at /usr/lib/libc.so.6
#53 0x00000000004154aa in  ()

#v-

> I can't reproduce the issue locally.

Another Arch user I know cannot reproduce it either. However, I cloned the
git repository and compiled emacs from the latest commit. Happens with that
version, too.

Cheers,

--
Klaus Alexander Seistrup
https://klaus.seistrup.dk/



Reply | Threaded
Open this post in threaded view
|

bug#29217: 25.3; Emacs segfaults on images

Klaus Alexander Seistrup
Upgrading ImageMagick from v6.9.9.22-1 to 6.9.9.23-1 (that just
arrived in Arch) seems to have solved the problem: I can load
images directly in emacs, and articles with embedded pictures
don't crash gnus anymore.

--
Klaus Alexander Seistrup
https://klaus.seistrup.dk/



Reply | Threaded
Open this post in threaded view
|

bug#29217: 25.3; Emacs segfaults on images

Charles A. Roelli
> Date: Sun, 12 Nov 2017 16:18:39 +0100
> From: Klaus Alexander Seistrup <[hidden email]>
>
> Upgrading ImageMagick from v6.9.9.22-1 to 6.9.9.23-1 (that just
> arrived in Arch) seems to have solved the problem: I can load
> images directly in emacs, and articles with embedded pictures
> don't crash gnus anymore.

Thanks for letting us know.  I'll close the bug now.