Open travispaul opened 1 month ago
I'm unable to reproduce this locally.
an exit code of 5
On Windows this exit code often indicates some kind of file permission problem e.g. input file owned by admin user but process run as non-admin.
Interesting, I wasn't having the same issue with PNG or TIFF formats, but is consistent with GIF. I'll try another PC and see what happens, thanks for the quick response.
I see the same behavior on a Windows 10 machine:
System:
OS: Windows 10 10.0.19045
CPU: (8) x64 Intel(R) Core(TM) i7-7700T CPU @ 2.90GHz
Memory: 25.32 GB / 31.89 GB
Binaries:
Node: 18.20.2 - C:\Program Files\nodejs\node.EXE
npm: 10.5.0 - C:\Program Files\nodejs\npm.CMD
npmPackages:
sharp: ^0.33.4 => 0.33.4
I tried running the reproducer in an Administrator Command prompt to see if the behavior was any different but saw the same results. The files are all created by and owned by the same user. Any tips for debugging further?
Worth noting, just tried with a newer node (v20.14.0) and receive a Segmentation Fault message printed to stderr (I see no message with v18) and an exit code of 139
Thanks for the extra info, I'll try on another machine later.
Are you able to get a backtrace of the crash? The PDB symbol files for libvips v8.15.2 and its dependencies (as provided by sharp v0.33.4) are available at https://s3.eu-west-1.amazonaws.com/libvips-packaging/pdb/8.15.2/vips-pdb-w64-web-8.15.2-static.zip
I wasn't having the same issue with PNG
My current thinking is that this relates to palette generation/mapping, as used for GIF output. Are you able to create a palette-based PNG via .png({ palette: true })
?
@lovell I am able to invoke .png({ palette: true })
on the image without error, and PNG is created. I've included a stacktrace below using Node.js v20.14.0. Let me know if you'd like me to gather any additional info.
0:013> g
(6740.31b8): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** WARNING: Unable to verify checksum for \\?\X:\src\misc\sharptest\node_modules\@img\sharp-win32-x64\lib\libvips-42.dll
ucrtbase!memcpy+0x2bb:
00007ffc`feb214bb c4a17e7f8c0960ffffff vmovdqu ymmword ptr [rcx+r9-0A0h],ymm1 ds:0000025f`e6fb8fe1=00
0:013> k
# Child-SP RetAddr Call Site
00 000000a3`493fdd78 00007ffc`47234466 ucrtbase!memcpy+0x2bb
01 (Inline Function) --------`-------- libvips_42!create_byte_list_block+0xac [/var/tmp/tmp-cgif-x86_64-w64-mingw32.static.posix.web/cgif-0.3.2.build_/../cgif-0.3.2/src/cgif_raw.c @ 287]
02 000000a3`493fdd80 00007ffc`472338e5 libvips_42!LZW_GenerateStream+0x5d6 [/var/tmp/tmp-cgif-x86_64-w64-mingw32.static.posix.web/cgif-0.3.2.build_/../cgif-0.3.2/src/cgif_raw.c @ 331]
03 000000a3`493fde60 00007ffc`46fadd07 libvips_42!cgif_raw_addframe+0x155 [/var/tmp/tmp-cgif-x86_64-w64-mingw32.static.posix.web/cgif-0.3.2.build_/../cgif-0.3.2/src/cgif_raw.c @ 564]
04 000000a3`493fdf60 00007ffc`46fadd53 libvips_42!flushFrame+0xf07 [/var/tmp/tmp-cgif-x86_64-w64-mingw32.static.posix.web/cgif-0.3.2.build_/../cgif-0.3.2/src/cgif.c @ 340]
05 000000a3`493fe090 00007ffc`46db6d69 libvips_42!cgif_close+0x23 [/var/tmp/tmp-cgif-x86_64-w64-mingw32.static.posix.web/cgif-0.3.2.build_/../cgif-0.3.2/src/cgif.c @ 462]
06 000000a3`493fe0d0 00007ffc`46db7920 libvips_42!vips_foreign_save_cgif_build+0x3a9 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/foreign/cgifsave.c @ 873]
07 000000a3`493fe530 00007ffc`46ef7d3b libvips_42!vips_foreign_save_cgif_file_build+0x30 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/foreign/cgifsave.c @ 1059]
08 000000a3`493fe560 00007ffc`46f0369b libvips_42!vips_object_build+0x1b [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/object.c @ 372]
09 000000a3`493fe5d0 00007ffc`5a048a70 libvips_42!vips_cache_operation_buildp+0x13b [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/cache.c @ 834]
0a 000000a3`493fe620 00007ffc`5a052ea0 libvips_cpp!vips::VImage::call_option_string+0x80
0b 000000a3`493fe690 00007ffc`5bda063e libvips_cpp!vips::VImage::gifsave+0xf0
0c 000000a3`493fe6d0 00007ffc`5bd8f1be sharp_win32_x64+0x2063e
0d 000000a3`493ff610 00007ff6`3bf1d058 sharp_win32_x64+0xf1be
0e 000000a3`493ff680 00007ff6`3c1f098e node!v8::base::RandomNumberGenerator::max+0x97d8
0f 000000a3`493ff730 00007ff6`3c1da99d node!uv_queue_work+0x28e
10 000000a3`493ff780 00007ff6`3d39ff10 node!uv_poll_stop+0xed
11 000000a3`493ff7d0 00007ffd`000b257d node!inflateValidate+0x25220
12 000000a3`493ff800 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
13 000000a3`493ff830 00000000`00000000 ntdll!RtlUserThreadStart+0x28
Here's a more detailed version as well:
0:013> ~*k
0 Id: 6740.5c0c Suspend: 1 Teb: 000000a3`42345000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`42bfe118 00007ffc`fe4ed554 ntdll!NtRemoveIoCompletionEx+0x14
01 000000a3`42bfe120 00007ff6`3c1eb3e8 KERNELBASE!GetQueuedCompletionStatusEx+0xc4
02 000000a3`42bfe1c0 00007ff6`3c1ec090 node!uv_loop_alive+0x358
03 000000a3`42bff250 00007ff6`3c1bd1c5 node!uv_run+0x150
04 000000a3`42bff290 00007ff6`3c0a48e2 node!node::SpinEventLoop+0x195
05 000000a3`42bff340 00007ff6`3c13d40d node!ENGINE_get_load_privkey_function+0x25bc2
06 000000a3`42bff490 00007ff6`3c13c110 node!node::Start+0x132d
07 000000a3`42bff5c0 00007ff6`3befd80c node!node::Start+0x30
08 000000a3`42bff600 00007ff6`3d37f08c node!AES_cbc_encrypt+0x24e3c
09 000000a3`42bff7c0 00007ffd`000b257d node!inflateValidate+0x439c
0a 000000a3`42bff800 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
0b 000000a3`42bff830 00000000`00000000 ntdll!RtlUserThreadStart+0x28
1 Id: 6740.1964 Suspend: 1 Teb: 000000a3`42347000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`433ff708 00007ffd`0104537e ntdll!NtWaitForWorkViaWorkerFactory+0x14
01 000000a3`433ff710 00007ffd`000b257d ntdll!TppWorkerThread+0x2ee
02 000000a3`433ff9f0 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
03 000000a3`433ffa20 00000000`00000000 ntdll!RtlUserThreadStart+0x28
2 Id: 6740.67d0 Suspend: 1 Teb: 000000a3`42349000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`43bff5a8 00007ffd`0104537e ntdll!NtWaitForWorkViaWorkerFactory+0x14
01 000000a3`43bff5b0 00007ffd`000b257d ntdll!TppWorkerThread+0x2ee
02 000000a3`43bff890 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
03 000000a3`43bff8c0 00000000`00000000 ntdll!RtlUserThreadStart+0x28
3 Id: 6740.5d38 Suspend: 1 Teb: 000000a3`4234b000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`443ffa98 00007ffd`0104537e ntdll!NtWaitForWorkViaWorkerFactory+0x14
01 000000a3`443ffaa0 00007ffd`000b257d ntdll!TppWorkerThread+0x2ee
02 000000a3`443ffd80 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
03 000000a3`443ffdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x28
4 Id: 6740.6250 Suspend: 1 Teb: 000000a3`4234d000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`44bff468 00007ffd`00d72a46 win32u!NtUserGetMessage+0x14
01 000000a3`44bff470 00007ff6`3c1cf45e USER32!GetMessageA+0x46
02 000000a3`44bff4d0 00007ffd`0105ca11 node!uv_udp_set_ttl+0x108e
03 000000a3`44bff550 00007ffd`01045986 ntdll!RtlpTpWorkCallback+0x171
04 000000a3`44bff630 00007ffd`000b257d ntdll!TppWorkerThread+0x8f6
05 000000a3`44bff910 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
06 000000a3`44bff940 00000000`00000000 ntdll!RtlUserThreadStart+0x28
5 Id: 6740.64bc Suspend: 1 Teb: 000000a3`4234f000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`453ff2f8 00007ffc`fe44952e ntdll!NtWaitForSingleObject+0x14
01 000000a3`453ff300 00007ff6`3c1cf4dd KERNELBASE!WaitForSingleObjectEx+0x8e
02 000000a3`453ff3a0 00007ffd`0105ca11 node!uv_udp_set_ttl+0x110d
03 000000a3`453ff3f0 00007ffd`01045986 ntdll!RtlpTpWorkCallback+0x171
04 000000a3`453ff4d0 00007ffd`000b257d ntdll!TppWorkerThread+0x8f6
05 000000a3`453ff7b0 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
06 000000a3`453ff7e0 00000000`00000000 ntdll!RtlUserThreadStart+0x28
6 Id: 6740.64e4 Suspend: 1 Teb: 000000a3`42351000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`45bff998 00007ffd`0104537e ntdll!NtWaitForWorkViaWorkerFactory+0x14
01 000000a3`45bff9a0 00007ffd`000b257d ntdll!TppWorkerThread+0x2ee
02 000000a3`45bffc80 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
03 000000a3`45bffcb0 00000000`00000000 ntdll!RtlUserThreadStart+0x28
7 Id: 6740.2590 Suspend: 1 Teb: 000000a3`42353000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`463fec18 00007ffc`fe4ed554 ntdll!NtRemoveIoCompletionEx+0x14
01 000000a3`463fec20 00007ff6`3c1eb3e8 KERNELBASE!GetQueuedCompletionStatusEx+0xc4
02 000000a3`463fecc0 00007ff6`3c1ec090 node!uv_loop_alive+0x358
03 000000a3`463ffd50 00007ff6`3c07facd node!uv_run+0x150
04 000000a3`463ffd90 00007ff6`3c1da99d node!ENGINE_get_load_privkey_function+0xdad
05 000000a3`463ffe10 00007ff6`3d39ff10 node!uv_poll_stop+0xed
06 000000a3`463ffe60 00007ffd`000b257d node!inflateValidate+0x25220
07 000000a3`463ffe90 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
08 000000a3`463ffec0 00000000`00000000 ntdll!RtlUserThreadStart+0x28
8 Id: 6740.6648 Suspend: 1 Teb: 000000a3`42355000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`46bff8e8 00007ffd`01078d24 ntdll!NtWaitForAlertByThreadId+0x14
01 000000a3`46bff8f0 00007ffc`fe47e9e9 ntdll!RtlSleepConditionVariableCS+0x104
02 000000a3`46bff970 00007ff6`3c1daa70 KERNELBASE!SleepConditionVariableCS+0x29
03 000000a3`46bff9a0 00007ff6`3c07efac node!uv_cond_wait+0x10
04 000000a3`46bff9d0 00007ff6`3c1da99d node!ENGINE_get_load_privkey_function+0x28c
05 000000a3`46bffa60 00007ff6`3d39ff10 node!uv_poll_stop+0xed
06 000000a3`46bffab0 00007ffd`000b257d node!inflateValidate+0x25220
07 000000a3`46bffae0 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
08 000000a3`46bffb10 00000000`00000000 ntdll!RtlUserThreadStart+0x28
9 Id: 6740.4f58 Suspend: 1 Teb: 000000a3`42357000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`473ffa88 00007ffd`01078d24 ntdll!NtWaitForAlertByThreadId+0x14
01 000000a3`473ffa90 00007ffc`fe47e9e9 ntdll!RtlSleepConditionVariableCS+0x104
02 000000a3`473ffb10 00007ff6`3c1daa70 KERNELBASE!SleepConditionVariableCS+0x29
03 000000a3`473ffb40 00007ff6`3c07efac node!uv_cond_wait+0x10
04 000000a3`473ffb70 00007ff6`3c1da99d node!ENGINE_get_load_privkey_function+0x28c
05 000000a3`473ffc00 00007ff6`3d39ff10 node!uv_poll_stop+0xed
06 000000a3`473ffc50 00007ffd`000b257d node!inflateValidate+0x25220
07 000000a3`473ffc80 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
08 000000a3`473ffcb0 00000000`00000000 ntdll!RtlUserThreadStart+0x28
10 Id: 6740.1d64 Suspend: 1 Teb: 000000a3`42359000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`47bffa68 00007ffd`01078d24 ntdll!NtWaitForAlertByThreadId+0x14
01 000000a3`47bffa70 00007ffc`fe47e9e9 ntdll!RtlSleepConditionVariableCS+0x104
02 000000a3`47bffaf0 00007ff6`3c1daa70 KERNELBASE!SleepConditionVariableCS+0x29
03 000000a3`47bffb20 00007ff6`3c07efac node!uv_cond_wait+0x10
04 000000a3`47bffb50 00007ff6`3c1da99d node!ENGINE_get_load_privkey_function+0x28c
05 000000a3`47bffbe0 00007ff6`3d39ff10 node!uv_poll_stop+0xed
06 000000a3`47bffc30 00007ffd`000b257d node!inflateValidate+0x25220
07 000000a3`47bffc60 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
08 000000a3`47bffc90 00000000`00000000 ntdll!RtlUserThreadStart+0x28
11 Id: 6740.2054 Suspend: 1 Teb: 000000a3`4235b000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`483ff9e8 00007ffd`01078d24 ntdll!NtWaitForAlertByThreadId+0x14
01 000000a3`483ff9f0 00007ffc`fe47e9e9 ntdll!RtlSleepConditionVariableCS+0x104
02 000000a3`483ffa70 00007ff6`3c1daa70 KERNELBASE!SleepConditionVariableCS+0x29
03 000000a3`483ffaa0 00007ff6`3c07efac node!uv_cond_wait+0x10
04 000000a3`483ffad0 00007ff6`3c1da99d node!ENGINE_get_load_privkey_function+0x28c
05 000000a3`483ffb60 00007ff6`3d39ff10 node!uv_poll_stop+0xed
06 000000a3`483ffbb0 00007ffd`000b257d node!inflateValidate+0x25220
07 000000a3`483ffbe0 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
08 000000a3`483ffc10 00000000`00000000 ntdll!RtlUserThreadStart+0x28
12 Id: 6740.65cc Suspend: 1 Teb: 000000a3`4235d000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`48bffa78 00007ffd`0104537e ntdll!NtWaitForWorkViaWorkerFactory+0x14
01 000000a3`48bffa80 00007ffd`000b257d ntdll!TppWorkerThread+0x2ee
02 000000a3`48bffd60 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
03 000000a3`48bffd90 00000000`00000000 ntdll!RtlUserThreadStart+0x28
# 13 Id: 6740.31b8 Suspend: 1 Teb: 000000a3`42361000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`493fdd78 00007ffc`47234466 ucrtbase!memcpy+0x2bb
01 (Inline Function) --------`-------- libvips_42!create_byte_list_block+0xac [/var/tmp/tmp-cgif-x86_64-w64-mingw32.static.posix.web/cgif-0.3.2.build_/../cgif-0.3.2/src/cgif_raw.c @ 287]
02 000000a3`493fdd80 00007ffc`472338e5 libvips_42!LZW_GenerateStream+0x5d6 [/var/tmp/tmp-cgif-x86_64-w64-mingw32.static.posix.web/cgif-0.3.2.build_/../cgif-0.3.2/src/cgif_raw.c @ 331]
03 000000a3`493fde60 00007ffc`46fadd07 libvips_42!cgif_raw_addframe+0x155 [/var/tmp/tmp-cgif-x86_64-w64-mingw32.static.posix.web/cgif-0.3.2.build_/../cgif-0.3.2/src/cgif_raw.c @ 564]
04 000000a3`493fdf60 00007ffc`46fadd53 libvips_42!flushFrame+0xf07 [/var/tmp/tmp-cgif-x86_64-w64-mingw32.static.posix.web/cgif-0.3.2.build_/../cgif-0.3.2/src/cgif.c @ 340]
05 000000a3`493fe090 00007ffc`46db6d69 libvips_42!cgif_close+0x23 [/var/tmp/tmp-cgif-x86_64-w64-mingw32.static.posix.web/cgif-0.3.2.build_/../cgif-0.3.2/src/cgif.c @ 462]
06 000000a3`493fe0d0 00007ffc`46db7920 libvips_42!vips_foreign_save_cgif_build+0x3a9 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/foreign/cgifsave.c @ 873]
07 000000a3`493fe530 00007ffc`46ef7d3b libvips_42!vips_foreign_save_cgif_file_build+0x30 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/foreign/cgifsave.c @ 1059]
08 000000a3`493fe560 00007ffc`46f0369b libvips_42!vips_object_build+0x1b [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/object.c @ 372]
09 000000a3`493fe5d0 00007ffc`5a048a70 libvips_42!vips_cache_operation_buildp+0x13b [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/cache.c @ 834]
0a 000000a3`493fe620 00007ffc`5a052ea0 libvips_cpp!vips::VImage::call_option_string+0x80
0b 000000a3`493fe690 00007ffc`5bda063e libvips_cpp!vips::VImage::gifsave+0xf0
0c 000000a3`493fe6d0 00007ffc`5bd8f1be sharp_win32_x64+0x2063e
0d 000000a3`493ff610 00007ff6`3bf1d058 sharp_win32_x64+0xf1be
0e 000000a3`493ff680 00007ff6`3c1f098e node!v8::base::RandomNumberGenerator::max+0x97d8
0f 000000a3`493ff730 00007ff6`3c1da99d node!uv_queue_work+0x28e
10 000000a3`493ff780 00007ff6`3d39ff10 node!uv_poll_stop+0xed
11 000000a3`493ff7d0 00007ffd`000b257d node!inflateValidate+0x25220
12 000000a3`493ff800 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
13 000000a3`493ff830 00000000`00000000 ntdll!RtlUserThreadStart+0x28
14 Id: 6740.180c Suspend: 1 Teb: 000000a3`42363000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`49bff808 00007ffd`01078d24 ntdll!NtWaitForAlertByThreadId+0x14
01 000000a3`49bff810 00007ffc`fe47e9e9 ntdll!RtlSleepConditionVariableCS+0x104
02 000000a3`49bff890 00007ff6`3c1daa70 KERNELBASE!SleepConditionVariableCS+0x29
03 000000a3`49bff8c0 00007ff6`3c1f0894 node!uv_cond_wait+0x10
04 000000a3`49bff8f0 00007ff6`3c1da99d node!uv_queue_work+0x194
05 000000a3`49bff940 00007ff6`3d39ff10 node!uv_poll_stop+0xed
06 000000a3`49bff990 00007ffd`000b257d node!inflateValidate+0x25220
07 000000a3`49bff9c0 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
08 000000a3`49bff9f0 00000000`00000000 ntdll!RtlUserThreadStart+0x28
15 Id: 6740.17c8 Suspend: 1 Teb: 000000a3`42365000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`4a3ffb58 00007ffd`01078d24 ntdll!NtWaitForAlertByThreadId+0x14
01 000000a3`4a3ffb60 00007ffc`fe47e9e9 ntdll!RtlSleepConditionVariableCS+0x104
02 000000a3`4a3ffbe0 00007ff6`3c1daa70 KERNELBASE!SleepConditionVariableCS+0x29
03 000000a3`4a3ffc10 00007ff6`3c1f0894 node!uv_cond_wait+0x10
04 000000a3`4a3ffc40 00007ff6`3c1da99d node!uv_queue_work+0x194
05 000000a3`4a3ffc90 00007ff6`3d39ff10 node!uv_poll_stop+0xed
06 000000a3`4a3ffce0 00007ffd`000b257d node!inflateValidate+0x25220
07 000000a3`4a3ffd10 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
08 000000a3`4a3ffd40 00000000`00000000 ntdll!RtlUserThreadStart+0x28
16 Id: 6740.60b4 Suspend: 1 Teb: 000000a3`42367000 Unfrozen
# Child-SP RetAddr Call Site
00 000000a3`4abff9c8 00007ffd`01078d24 ntdll!NtWaitForAlertByThreadId+0x14
01 000000a3`4abff9d0 00007ffc`fe47e9e9 ntdll!RtlSleepConditionVariableCS+0x104
02 000000a3`4abffa50 00007ff6`3c1daa70 KERNELBASE!SleepConditionVariableCS+0x29
03 000000a3`4abffa80 00007ff6`3c1f0894 node!uv_cond_wait+0x10
04 000000a3`4abffab0 00007ff6`3c1da99d node!uv_queue_work+0x194
05 000000a3`4abffb00 00007ff6`3d39ff10 node!uv_poll_stop+0xed
06 000000a3`4abffb50 00007ffd`000b257d node!inflateValidate+0x25220
07 000000a3`4abffb80 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
08 000000a3`4abffbb0 00000000`00000000 ntdll!RtlUserThreadStart+0x28
17 Id: 6740.68d8 Suspend: 1 Teb: 000000a3`42369000 Unfrozen "libvips worker"
# Child-SP RetAddr Call Site
00 000000a3`4b3ff688 00007ffd`010791db ntdll!NtWaitForAlertByThreadId+0x14
01 000000a3`4b3ff690 00007ffc`fe47eaa9 ntdll!RtlSleepConditionVariableSRW+0x13b
02 000000a3`4b3ff710 00007ffc`46f77fa2 KERNELBASE!SleepConditionVariableSRW+0x29
03 000000a3`4b3ff750 00007ffc`46f18160 libvips_42!g_cond_wait_until+0x7e [/var/tmp/tmp-glib-x86_64-w64-mingw32.static.posix.web/glib-2.80.0.build_/../glib-2.80.0/glib/gthread-win32.c @ 282]
04 (Inline Function) --------`-------- libvips_42!vips__semaphore_downn_until+0x77 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/semaphore.c @ 127]
05 000000a3`4b3ff7c0 00007ffc`46eee745 libvips_42!vips_semaphore_down_timeout+0x90 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/semaphore.c @ 180]
06 000000a3`4b3ff810 00007ffc`46eee18f libvips_42!vips_threadset_work+0x85 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/threadset.c @ 117]
07 000000a3`4b3ff870 00007ffc`46f6d3d5 libvips_42!vips_thread_run+0x1f [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/thread.c @ 148]
08 000000a3`4b3ff8b0 00007ffc`46f78323 libvips_42!g_thread_proxy+0x3c [/var/tmp/tmp-glib-x86_64-w64-mingw32.static.posix.web/glib-2.80.0.build_/../glib-2.80.0/glib/gthread.c @ 835]
09 000000a3`4b3ff8e0 00007ffc`feaf9333 libvips_42!g_thread_win32_proxy+0x7 [/var/tmp/tmp-glib-x86_64-w64-mingw32.static.posix.web/glib-2.80.0.build_/../glib-2.80.0/glib/gthread-win32.c @ 437]
0a 000000a3`4b3ff910 00007ffd`000b257d ucrtbase!thread_start<unsigned int (__cdecl*)(void *),1>+0x93
0b 000000a3`4b3ff940 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
0c 000000a3`4b3ff970 00000000`00000000 ntdll!RtlUserThreadStart+0x28
18 Id: 6740.521c Suspend: 1 Teb: 000000a3`4236b000 Unfrozen "libvips worker"
# Child-SP RetAddr Call Site
00 000000a3`4bbff968 00007ffd`010791db ntdll!NtWaitForAlertByThreadId+0x14
01 000000a3`4bbff970 00007ffc`fe47eaa9 ntdll!RtlSleepConditionVariableSRW+0x13b
02 000000a3`4bbff9f0 00007ffc`46f77fa2 KERNELBASE!SleepConditionVariableSRW+0x29
03 000000a3`4bbffa30 00007ffc`46f18160 libvips_42!g_cond_wait_until+0x7e [/var/tmp/tmp-glib-x86_64-w64-mingw32.static.posix.web/glib-2.80.0.build_/../glib-2.80.0/glib/gthread-win32.c @ 282]
04 (Inline Function) --------`-------- libvips_42!vips__semaphore_downn_until+0x77 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/semaphore.c @ 127]
05 000000a3`4bbffaa0 00007ffc`46eee745 libvips_42!vips_semaphore_down_timeout+0x90 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/semaphore.c @ 180]
06 000000a3`4bbffaf0 00007ffc`46eee18f libvips_42!vips_threadset_work+0x85 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/threadset.c @ 117]
07 000000a3`4bbffb50 00007ffc`46f6d3d5 libvips_42!vips_thread_run+0x1f [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/thread.c @ 148]
08 000000a3`4bbffb90 00007ffc`46f78323 libvips_42!g_thread_proxy+0x3c [/var/tmp/tmp-glib-x86_64-w64-mingw32.static.posix.web/glib-2.80.0.build_/../glib-2.80.0/glib/gthread.c @ 835]
09 000000a3`4bbffbc0 00007ffc`feaf9333 libvips_42!g_thread_win32_proxy+0x7 [/var/tmp/tmp-glib-x86_64-w64-mingw32.static.posix.web/glib-2.80.0.build_/../glib-2.80.0/glib/gthread-win32.c @ 437]
0a 000000a3`4bbffbf0 00007ffd`000b257d ucrtbase!thread_start<unsigned int (__cdecl*)(void *),1>+0x93
0b 000000a3`4bbffc20 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
0c 000000a3`4bbffc50 00000000`00000000 ntdll!RtlUserThreadStart+0x28
19 Id: 6740.198 Suspend: 1 Teb: 000000a3`4236d000 Unfrozen "libvips worker"
# Child-SP RetAddr Call Site
00 000000a3`4c3ff4b8 00007ffd`010791db ntdll!NtWaitForAlertByThreadId+0x14
01 000000a3`4c3ff4c0 00007ffc`fe47eaa9 ntdll!RtlSleepConditionVariableSRW+0x13b
02 000000a3`4c3ff540 00007ffc`46f77fa2 KERNELBASE!SleepConditionVariableSRW+0x29
03 000000a3`4c3ff580 00007ffc`46f18160 libvips_42!g_cond_wait_until+0x7e [/var/tmp/tmp-glib-x86_64-w64-mingw32.static.posix.web/glib-2.80.0.build_/../glib-2.80.0/glib/gthread-win32.c @ 282]
04 (Inline Function) --------`-------- libvips_42!vips__semaphore_downn_until+0x77 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/semaphore.c @ 127]
05 000000a3`4c3ff5f0 00007ffc`46eee745 libvips_42!vips_semaphore_down_timeout+0x90 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/semaphore.c @ 180]
06 000000a3`4c3ff640 00007ffc`46eee18f libvips_42!vips_threadset_work+0x85 [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/threadset.c @ 117]
07 000000a3`4c3ff6a0 00007ffc`46f6d3d5 libvips_42!vips_thread_run+0x1f [/var/tmp/tmp-vips-web-x86_64-w64-mingw32.static.posix.web/vips-8.15.2.build_/../vips-8.15.2/libvips/iofuncs/thread.c @ 148]
08 000000a3`4c3ff6e0 00007ffc`46f78323 libvips_42!g_thread_proxy+0x3c [/var/tmp/tmp-glib-x86_64-w64-mingw32.static.posix.web/glib-2.80.0.build_/../glib-2.80.0/glib/gthread.c @ 835]
09 000000a3`4c3ff710 00007ffc`feaf9333 libvips_42!g_thread_win32_proxy+0x7 [/var/tmp/tmp-glib-x86_64-w64-mingw32.static.posix.web/glib-2.80.0.build_/../glib-2.80.0/glib/gthread-win32.c @ 437]
0a 000000a3`4c3ff740 00007ffd`000b257d ucrtbase!thread_start<unsigned int (__cdecl*)(void *),1>+0x93
0b 000000a3`4c3ff770 00007ffd`0106aa48 KERNEL32!BaseThreadInitThunk+0x1d
0c 000000a3`4c3ff7a0 00000000`00000000 ntdll!RtlUserThreadStart+0x28
Thank you, this is very helpful, and suggests the crash might be from within the LZW compression logic of the cgif dependency.
The segfault appears to occur in one of the two calls to memcpy
here:
I assume this code is attempting to write beyond the end of byteListBlock
, which is allocated here:
https://github.com/dloebl/cgif/blob/43976ce4ace9ad60ba3cf7cf5aaabc2d480170f9/src/cgif_raw.c#L327
I'll keep investigating.
I was able to reproduce this issue on Windows using:
$ vips copy 337010030-e9a3fdbf-b30f-4b60-8e73-9f98a5446695.jpg x.gif
$ echo %errorlevel%
-1073741819
However, I was unable to reproduce the issue on Linux, even when running with ASan/UBSan sanitizers:
$ python infra/helper.py reproduce libvips gifsave_buffer_fuzzer ~/Downloads/337010030-e9a3fdbf-b30f-4b60-8e73-9f98a5446695.jpg
(with this check removed)
I thought this might be a security feature of UCRT (Universal C Runtime in Windows), but linking against the debug version of the UCRT did not provide any additional information.
I'll try to build the binaries with ASan/UBSan on Windows, hopefully that will provide extra information.
AddressSanitizer reports it as heap-buffer-overflow:
@dloebl Daniel, you may be interested in this discussion.
Thanks for letting me know, @lovell! It's strange that this issue only shows up on Windows. I'll take a look today
I may have found the culprit. It appears that the MaxByteListLen
and MaxByteListBlockLen
calculations in cgif assume that unsigned long
is always 64 bits. However, on Windows and 32-bit systems, unsigned long
is 32 bits.
For example, consider the following test program:
#include <stdio.h>
#include <stdint.h>
#include <inttypes.h>
#define MAX_CODE_LEN 12
#define BLOCK_SIZE 0xFF
int main() {
uint32_t lzwPos = 1847622;
uint64_t MaxByteListLen = MAX_CODE_LEN*lzwPos/8ul +2ul +1ul;
uint64_t MaxByteListBlockLen = MAX_CODE_LEN*lzwPos*(BLOCK_SIZE+1ul)/8ul/BLOCK_SIZE +2ul +1ul +1ul;
printf("MaxByteListLen: %" PRIu64 "\n", MaxByteListLen);
printf("MaxByteListBlockLen: %" PRIu64 "\n", MaxByteListBlockLen);
return 0;
}
When run on Fedora:
$ docker run --rm -v ${PWD}:/src -w /src -it fedora:40 sh -c "dnf install -y gcc && gcc test-cgif.c && ./a.out"
MaxByteListLen: 2771436
MaxByteListBlockLen: 2782305
And on Windows:
$ docker run --rm -v ${PWD}:/src -w /src -it mstorsjo/llvm-mingw:latest x86_64-w64-mingw32-clang test-cgif.c -o test.exe
$ ./test.exe
MaxByteListLen: 2771436
MaxByteListBlockLen: 676929
By changing the constants to unsigned long long
:
@@ -7,8 +7,8 @@
int main() {
uint32_t lzwPos = 1847622;
- uint64_t MaxByteListLen = MAX_CODE_LEN*lzwPos/8ul +2ul +1ul;
- uint64_t MaxByteListBlockLen = MAX_CODE_LEN*lzwPos*(BLOCK_SIZE+1ul)/8ul/BLOCK_SIZE +2ul +1ul +1ul;
+ uint64_t MaxByteListLen = MAX_CODE_LEN*lzwPos/8ull +2ull +1ull;
+ uint64_t MaxByteListBlockLen = MAX_CODE_LEN*lzwPos*(BLOCK_SIZE+1ull)/8ull/BLOCK_SIZE +2ull +1ull +1ull;
printf("MaxByteListLen: %" PRIu64 "\n", MaxByteListLen);
printf("MaxByteListBlockLen: %" PRIu64 "\n", MaxByteListBlockLen);
The output for MaxByteListBlockLen
becomes consistent on both platforms, both showing 2782305
.
PR https://github.com/dloebl/cgif/pull/70 should fix this.
As an aside, this also affects the WebAssembly builds. For example, running the sample in this playground link results in a crash with the error message: RuntimeError: memory access out of bounds
.
I've just tagged a new release (v0.4.1) that should fix this issue: https://github.com/dloebl/cgif/releases/tag/v0.4.1
Thank you @kleisauke for investigating this and thank you @dloebl for fixing cgif.
cgif v0.4.1 will hopefully be included in sharp as part of the next release, v0.33.5.
Possible bug
Is this a possible bug in a feature of sharp, unrelated to installation?
npm install sharp
completes without error.node -e "require('sharp')"
completes without error.If you cannot confirm both of these, please open an installation issue instead.
Are you using the latest version of sharp?
sharp
as reported bynpm view sharp dist-tags.latest
.If you cannot confirm this, please upgrade to the latest version and try again before opening an issue.
If you are using another package which depends on a version of
sharp
that is not the latest, please open an issue against that package instead.What is the output of running
npx envinfo --binaries --system --npmPackages=sharp --npmGlobalPackages=sharp
?Does this problem relate to file caching?
The default behaviour of libvips is to cache input files, which can lead to
EBUSY
orEPERM
errors on Windows. Usesharp.cache(false)
to switch this feature off.sharp.cache(false)
does not fix this problem.Does this problem relate to images appearing to have been rotated by 90 degrees?
Images that contain EXIF Orientation metadata are not auto-oriented. By default, EXIF metadata is removed.
To auto-orient pixel values use the parameter-less
rotate()
operation.To retain EXIF Orientation use
keepExif()
.[x] Using
rotate()
orkeepExif()
does not fix this problem.What are the steps to reproduce?
Using the reproducer, attempt to convert the attached JPEG image, into a GIF.
What is the expected behaviour?
The JPEG input image is converted into a GIF image or an error is returned in the
catch()
handler.Please provide a minimal, standalone code sample, without other dependencies, that demonstrates this problem
Running the following script as:
node ./index.js 1.jpg
Where1.jpg
is the attached image will cause node to crash and return with an exit code of5
The fileconverted.gif
will be created but contains 0 bytes. Neither thethen()
orcatch()
handlers are invoked.Please provide sample image(s) that help explain this problem