search

CapishoX / jpeg-compressor

Automatically exported from code.google.com/p/jpeg-compressor
0 stars 0 forks source link

Double free in compress_image_to_jpeg_file #2

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?

   jpge::params params;
   params.m_quality = 95;
   params.m_subsampling = jpge::H2V1;

   compress_image_to_jpeg_file("test.jpg", width, height, 3, image, params);

What is the expected output? What do you see instead?

Expect to write test.jpg. Writes the file correctly but crashes.
Program received signal SIGABRT, Aborted.
0xb7fdf424 in __kernel_vsyscall ()
(gdb) bt
#0  0xb7fdf424 in __kernel_vsyscall ()
#1  0xb6d16c8f in __GI_raise (sig=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0xb6d1a2b5 in __GI_abort () at abort.c:92
#3  0xb6d4cdfc in __libc_message (do_abort=2, 
    fmt=0xb6e26080 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#4  0xb6d57bc2 in malloc_printerr (action=<optimized out>, str=<optimized out>, 
ptr=0x85c62d0)
    at malloc.c:6283
#5  0xb6d58862 in _int_free (av=0xb6e62400, p=0x85c62c8) at malloc.c:4795
#6  0xb6d5b94d in __GI___libc_free (mem=0x85c62d0) at malloc.c:3738
#7  0xb6d470b4 in _IO_new_fclose (fp=0x85c62d0) at iofclose.c:88
#8  0x080ce2ce in jpge::cfile_stream::close (this=0xbfffaea8)
    at gLucifer/Viewer/src/jpeg/jpge.cpp:923
#9  0x080ce1dc in jpge::cfile_stream::~cfile_stream (this=0xbfffaea8, 
__in_chrg=<optimized out>)
    at gLucifer/Viewer/src/jpeg/jpge.cpp:908
#10 0x080cde0b in jpge::compress_image_to_jpeg_file (pFilename=0x815c070 
"test.jpg", width=800, 
    height=600, num_channels=3, pImage_data=0xaff60008 "", comp_params=...)
    at Viewer/src/jpeg/jpge.cpp:946

What version of the product are you using? On what operating system?
jpge 1.03, Ubuntu 11.10

Please provide any additional information below.

If I edit the cfile_stream.close() method in jpge.cpp by inserting
      m_pFile = NULL;   //Prevent double close
at line 928 it works fine.

Original issue reported on code.google.com by owen.kal...@gmail.com on 8 Nov 2011 at 12:49

GoogleCodeExporter commented 8 years ago 
Thank you very much for the report owen - I'll integrate this fix. I'm 
currently working on a miniz update right now, then I'll get to this.

Original comment by richge...@gmail.com on 20 May 2012 at 2:39

GoogleCodeExporter commented 8 years ago 
Yup, I messed that up (holding my head down in shame - can't believe I missed 
this). Fixing it right now, and I'll credit you for the fix.

Original comment by richge...@gmail.com on 20 May 2012 at 5:22

GoogleCodeExporter commented 8 years ago 
Hi Owen - This is fixed in v1.04 (just released). I put your name in the 
credits.
Thanks!
-Rich

Original comment by richge...@gmail.com on 20 May 2012 at 8:25

GoogleCodeExporter commented 8 years ago 
Hey Rich, thanks for the update and credit! Just noticed this now (my other 
email address wasn't forwarding mail, oops)

Original comment by owen.kal...@gmail.com on 21 Nov 2012 at 3:44