While I have yet to recreate a circumstance to re-create the bug here,
the attached patch (also shown below) removes code which is capable of
causing this problem. Notice that BlobInfo objects are being copied
by value and since BlobInfo objects contain a SemaphoreInfo pointer,
this could lead to multiple frees of SemaphoreInfo.
There is some possibility that this code served/serves some function
but it obviously does not get exercised very often. If removing this
obscure code causes a new problem, then I have less bogus code which
may serve as a substitute.
Index: magick/blob.c
===================================================================
RCS file: /GraphicsMagick/GraphicsMagick/magick/blob.c,v
retrieving revision 1.477.2.8
diff -u -r1.477.2.8 blob.c
--- magick/blob.c 7 Mar 2010 21:23:50 -0000 1.477.2.8
+++ magick/blob.c 31 Jan 2011 04:07:20 -0000
@@ -4046,10 +4046,7 @@
assert(image->signature == MagickSignature);
assert(image->blob != (BlobInfo *) NULL);
assert(image->blob->type != UndefinedStream);
- for (p=image; p->previous != (Image *) NULL; p=p->previous);
- for ( ; p->next != (Image *) NULL; p=p->next)
- if (p->blob != image->blob)
- *p->blob=(*image->blob);
+
status=0;
switch (image->blob->type)
{
Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/Index: magick/blob.c
===================================================================
RCS file: /GraphicsMagick/GraphicsMagick/magick/blob.c,v
retrieving revision 1.477.2.8
diff -u -r1.477.2.8 blob.c
--- magick/blob.c 7 Mar 2010 21:23:50 -0000 1.477.2.8
+++ magick/blob.c 31 Jan 2011 04:07:20 -0000
@@ -4046,10 +4046,7 @@
assert(image->signature == MagickSignature);
assert(image->blob != (BlobInfo *) NULL);
assert(image->blob->type != UndefinedStream);
- for (p=image; p->previous != (Image *) NULL; p=p->previous);
- for ( ; p->next != (Image *) NULL; p=p->next)
- if (p->blob != image->blob)
- *p->blob=(*image->blob);
+
status=0;
switch (image->blob->type)
{
