Hi, The attached display profile generated by the Pantone Huey software crashes UFRaw. Removing the call in UFRaw to cmsTakeProductName() prevents the crash.
I could not reproduce the crash with a simple test program. But the
following test program does report errors under Valgrind:
#include <lcms.h>
int main()
{
cmsHPROFILE prof = cmsOpenProfileFromFile(
"Dell Precision M20.icm", "r");
const char *prod = cmsTakeProductName(prof);
printf("product name: %s (%d)\n", prod, strlen(prod));
cmsCloseProfile(prof);
}
I'm also attaching the Valgrind output. I'm using lcms-1.17. There
might be something wrong with the profile, but it should not be
causing memory flows in lcms.
Udi
Dell Precision M20.icm
Description: Binary data
==27007== Memcheck, a memory error detector. ==27007== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==27007== Using LibVEX rev 1732, a library for dynamic binary translation. ==27007== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==27007== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation framework. ==27007== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==27007== For more details, rerun with: -v ==27007== ==27007== Invalid write of size 4 ==27007== at 0x4038230: ReadEmbeddedTextTag (cmsio1.c:1574) ==27007== by 0x403843B: cmsTakeProductName (cmsio1.c:2111) ==27007== by 0x8048586: main (in /home/udif/sf/ufraw/prod) ==27007== Address 0x41DBA84 is not stack'd, malloc'd or (recently) free'd ==27007== ==27007== Conditional jump or move depends on uninitialised value(s) ==27007== at 0x40E330D: wcsnlen (in /lib/libc-2.6.1.so) ==27007== by 0x40E2941: wcsrtombs (in /lib/libc-2.6.1.so) ==27007== by 0x4098C8F: wcstombs (in /lib/libc-2.6.1.so) ==27007== by 0x403824C: ReadEmbeddedTextTag (cmsio1.c:1575) ==27007== by 0x403843B: cmsTakeProductName (cmsio1.c:2111) ==27007== by 0x8048586: main (in /home/udif/sf/ufraw/prod) ==27007== ==27007== Invalid read of size 4 ==27007== at 0x40E32D0: wcsnlen (in /lib/libc-2.6.1.so) ==27007== by 0x40E2941: wcsrtombs (in /lib/libc-2.6.1.so) ==27007== by 0x4098C8F: wcstombs (in /lib/libc-2.6.1.so) ==27007== by 0x403824C: ReadEmbeddedTextTag (cmsio1.c:1575) ==27007== by 0x403843B: cmsTakeProductName (cmsio1.c:2111) ==27007== by 0x8048586: main (in /home/udif/sf/ufraw/prod) ==27007== Address 0x41DBA60 is 0 bytes after a block of size 40 alloc'd ==27007== at 0x4024765: malloc (vg_replace_malloc.c:149) ==27007== by 0x40381F4: ReadEmbeddedTextTag (lcms.h:1412) ==27007== by 0x403843B: cmsTakeProductName (cmsio1.c:2111) ==27007== by 0x8048586: main (in /home/udif/sf/ufraw/prod) ==27007== ==27007== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 15 from 1) ==27007== malloc/free: in use at exit: 0 bytes in 0 blocks. ==27007== malloc/free: 3 allocs, 3 frees, 2,520 bytes allocated. ==27007== For counts of detected errors, rerun with: -v ==27007== All heap blocks were freed -- no leaks are possible.
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Lcms-user mailing list Lcms-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lcms-user
