On Thu, 18 Apr 2019, László Böszörményi wrote:
#2 0x00007ffff334640f in __assert_fail_base (fmt=0x7ffff34a8ee0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7ffff6657940 "semaphore_info != (SemaphoreInfo *) NULL", file=0x7ffff66578c8 "magick/semaphore.c", line=606, function=<optimized out>) at assert.c:92 str = 0x555555578090 "" total = 4096 #3 0x00007ffff33540f2 in __GI___assert_fail (assertion=0x7ffff6657940 "semaphore_info != (SemaphoreInfo *) NULL", file=0x7ffff66578c8 "magick/semaphore.c", line=606, function=0x7ffff66579c0 "LockSemaphoreInfo") at assert.c:101 #4 0x00007ffff651802d in LockSemaphoreInfo () at /usr/lib/libGraphicsMagick-Q16.so.3 #5 0x00007ffff6514e59 in GetMagickResourceLimit () at /usr/lib/libGraphicsMagick-Q16.so.3 #6 0x00007ffff64f1719 in GetCacheInfo () at /usr/lib/libGraphicsMagick-Q16.so.3 #7 0x00007ffff64d4081 in AllocateImage () at /usr/lib/libGraphicsMagick-Q16.so.3 #8 0x00007ffff63eacf5 in Magick::ImageRef::ImageRef() (this=0x5555555d9740) at Magick++/lib/ImageRef.cpp:49 #9 0x00007ffff63e155c in Magick::Image::Image() (this=0x7ffff7f9fc60 <lib::gImage>) at Magick++/lib/Image.cpp:278 #10 0x00007ffff73fb1d0 in () at /usr/lib/x86_64-linux-gnu/libgnudatalanguage.so.0 #11 0x00007ffff7fe430a in call_init (l=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7fffffffec58, env=env@entry=0x7fffffffec68) at
This problem would occur if the InitializeMagick() function is not called before using any other function. The InitializeMagick() function calls InitializeMagickResources() which allocates the semaphore discovered to be null.
C++ adds the interesting wrinkle that statically-constructed objects are constructed before main() is even invoked. Since _dl_start_user() is reported at the bottom of the stack rather than main() this could be a C++ static construction issue, or a shared library constructor function issue.
Between the version which worked and the version which is failing, the implementation of magick/resource.c was changed to allocate a semaphore for each resource limit rather than using a single global semaphore across all resource limits.
For reasons unknown to me, I did not include a generalized resource limit function in Magick++. For purposes of fuzzing via oss-fuzz, I see that this code is used:
Magick::InitializeMagick(nullptr); MagickLib::SetMagickResourceLimit(MagickLib::MemoryResource, 1000000000); MagickLib::SetMagickResourceLimit(MagickLib::WidthResource, 2048); MagickLib::SetMagickResourceLimit(MagickLib::HeightResource, 2048); and this is diving into the C API after calling InitializeMagick(); Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt