clone 414370 -1 retitle -1 graphicsmagick: Heap corruption in VIFF coder. severity -1 grave tags -1 + security thanks
On Sun, Mar 11, 2007 at 03:53:05PM +0200, Sami Liedes wrote: > $ gm identify samples/segv.viff > *** glibc detected *** double free or corruption (fasttop): > 0x0000000000533970 *** > - Doesn't crash with -O0 (but I do get uses of uninitialized variables > at XYZTransformPacket (image.c:4946-4956). -O1 gives the above > message, but does not crash under valgrind (and reports only uses of > uninitialized mem) -> hard to debug :( This one looks the most severe and is likely to have security impact. Unfortunately, I couldn't reproduce it on i386 with either -O0, or -O2, which makes debugging even harder. Can you please check whether you can still trigger a double free with the attached patch applied? I know it fixes the first testcase you provided, but I'm uncertain if there are more problems hiding than the obvious one I've fixed. I don't see corruption with your segv2.viff testcase. Thanks, Daniel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
