Control: retitle -1 double free or corruption when loading unhandled SVG from
BytesIO
Control: reassign -1 python-wand
Control: affects -1 blockdiag
Hi,
* Lucas Nussbaum <lu...@debian.org> [170505 18:36]:
> During a rebuild of all packages in stretch (in a stretch chroot, not a
> sid chroot), your package failed to build on i386.
>
> Relevant part (hopefully):
> > f73d6000-f73d7000 r--p 00022000 ca:02 6950262
> > /lib/i386-linux-gnu/ld-2.24.so
> > f73d7000-f73d8000 rw-p 00023000 ca:02 6950262
> > /lib/i386-linux-gnu/ld-2.24.so
> > f73d8000-f7733000 r-xp 00000000 ca:02 6822683
> > /usr/bin/python2.7
> > f7733000-f7734000 rwxp 00000000 00:00 0
> > f7734000-f7735000 r--p 0035b000 ca:02 6822683
> > /usr/bin/python2.7
> > f7735000-f7795000 rw-p 0035c000 ca:02 6822683
> > /usr/bin/python2.7
> > f7795000-f77aa000 rw-p 00000000 00:00 0
> > f90e4000-f96dc000 rw-p 00000000 00:00 0
> > [heap]
> > ff8b3000-ff8d4000 rw-p 00000000 00:00 0
> > [stack]
> > Aborted
I've reduced this to a simple test case:
import io
import wand.image
s = io.BytesIO()
s.write('<?xml version="1.0" encoding="UTF-8" standalone="no"?>\n<svg
xmlns="http://www.w3.org/2000/svg";>\n <title>circle</title>\n <circle cx="50"
cy="50" r="50" stroke="black" stroke-width="1" fill="black" />\n</svg>\n')
s.seek(0)
wand.image.Image(file=s)
Result on i386:
(stretch_i386-dchroot)zeha@barriere:~$ python ~/test.py
Traceback (most recent call last):
File "/home/zeha/test.py", line 7, in <module>
wand.image.Image(file=s)
File "/usr/lib/python2.7/dist-packages/wand/image.py", line 2740, in
__init__
self.read(file=file, resolution=resolution)
File "/usr/lib/python2.7/dist-packages/wand/image.py", line 2822, in read
self.raise_exception()
File "/usr/lib/python2.7/dist-packages/wand/resource.py", line 222, in
raise_exception
raise e
wand.exceptions.MissingDelegateError: no decode delegate for this image
format `SVG' @ error/blob.c/BlobToImage/353
Exception TypeError: TypeError("object of type 'NoneType' has no len()",) in
<bound method Image.__del__ of <wand.image.Image: (empty)>> ignored
*** Error in `python': double free or corruption (!prev): 0xf90daf40 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x6737a)[0xf71d437a]
/lib/i386-linux-gnu/libc.so.6(+0x6dfb7)[0xf71dafb7]
/lib/i386-linux-gnu/libc.so.6(+0x6e776)[0xf71db776]
python(PyMem_Free+0x18)[0xf74f7fe8]
/usr/lib/python2.7/lib-dynload/_ctypes.i386-linux-gnu.so(+0xf249)[0xf7054249]
python(+0x10f97d)[0xf74f897d]
python(+0x10f485)[0xf74f8485]
python(+0xeb29e)[0xf74d429e]
python(+0xf1cbd)[0xf74dacbd]
python(+0xf1c88)[0xf74dac88]
python(PyDict_SetItem+0x44a)[0xf749cfea]
python(PyDict_SetItemString+0x58)[0xf74a04d8]
python(PyImport_Cleanup+0x118)[0xf74fd488]
python(Py_Finalize+0x99)[0xf74fb439]
python(Py_Main+0x4d3)[0xf749a2a3]
python(main+0x26)[0xf7499db6]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xf7185276]
python(+0xb0c50)[0xf7499c50]
Note that blockdiag is not even involved in this code anymore. Therefore
reassigning to wand, which appears to be the running code.
Involved versions:
ii libmagickcore-6.q16-3:i386 8:6.9.7.4+dfsg-6 i386 low-level
image manipulation library -- quantum depth Q16
ii libmagickcore-6.q16-3-dbgsym:i386 8:6.9.7.4+dfsg-6 i386 Debug
symbols for libmagickcore-6.q16-3
ii libmagickwand-6.q16-3:i386 8:6.9.7.4+dfsg-6 i386 image
manipulation library -- quantum depth Q16
ii libmagickwand-6.q16-3-dbgsym:i386 8:6.9.7.4+dfsg-6 i386 Debug
symbols for libmagickwand-6.q16-3
ii python-wand 0.4.4-1.1 all Python
interface for ImageMagick library (Python 2 build)
Best,
C.
