Bug#401529: backtrace and a little analysis of medcon segfault.

Tue, 05 Dec 2006 09:09:00 -0800 

medcon recompiled without optimization and with debugging symbols:
CFLAGS="-g -O0" DEB_BUILD_OPTIONS="debug, noopt, nostrip" dpkg-buildpackage -uc 
-us -rfakeroot

Running on Debian Unstable AMD64.


Program received signal SIGSEGV, Segmentation fault.
0x00002aea4eac2d45 in DecodeFirstRow (dcPtr=0x2aea4ec09de0,
    curRowBuf=0x2aea4ec09ec0) at huffd.c:472
472                 curRowBuf[col][curComp]=d+curRowBuf[col-1][curComp];
(gdb) bt
#0  0x00002aea4eac2d45 in DecodeFirstRow (dcPtr=0x2aea4ec09de0,
    curRowBuf=0x2aea4ec09ec0) at huffd.c:472
#1  0x00002aea4eac2edc in DecodeImage (dcPtr=0x2aea4ec09de0,
    image=0x7fff5c29e030, depth=16) at huffd.c:536
#2  0x00002aea4eac21c2 in JPEGLosslessDecodeImage (inFile=0x516010,
    image16=0x2aea4f245010, depth=16, length=5321384) at decomp.c:90
#3  0x00002aea4eac1fe8 in mdc_dicom_decomp_ljpg (fp=0x516010,
    image16=0x2aea4f245010, length=5321384, depth=16) at decomp.c:177
#4  0x00002aea4eabdafb in mdc_dicom_decompress (s=0x2aea4ec09d60,
    e=0x2aea4ec09d00) at basic.c:1035
#5  0x00002aea4eabe6aa in dicom_single () at single.c:288
#6  0x00002aea4eac019f in dicom_read (file=0x7fff5c29e310 "20061119171007906",
    image=0x7fff5c29e248, images=0x7fff5c29e244, parametric=1) at image.c:83
#7  0x00002aea4eab96a9 in mdc_dicom_read (fi=0x7fff5c29e2f0,
    image=0x7fff5c29e248, number=0x7fff5c29e244) at m-dicm.c:2146
#8  0x00002aea4eab2684 in MdcReadDICM (fi=0x7fff5c29e2f0) at m-dicm.c:485
#9  0x00002aea4ea70bf5 in MdcReadFile (fi=0x7fff5c29e2f0, filenr=1, ReadFunc=0)
    at m-files.c:192
#10 0x0000000000401475 in main (argc=3, argv=0x7fff5c29ec98) at medcon.c:96
(gdb) print d
$1 = 13
(gdb) print curComp
$2 = 0
(gdb) print col
$3 = 2048



Notice the very round and nice value of "col"? Looks suspicious....
How big is the curRowBuf anyway?

./libs/ljpg/huffd.c -- DecodeImage():
        curRowBuf   = mcuROW1;

./libs/ljpg/jpegutil.c:
        static char mcuROW1Memory[1024 * sizeof(MCU)];

./libs/ljpg/mcu.h:
        typedef unsigned short ComponentType; /* the type of image components */
        typedef ComponentType *MCU;  /* MCU - array of samples */

test.c tell me that sizeof(unsigned short) is 2, so curRowBuf is 2048.


Should the row be dynamic length instead of "1024 * sizeof(MCU)" ?
Should col never reach that high value?

-- 
Regards,
Andreas Henriksson


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to