Segfault in wandtest on sparc10.

[pmevawala]

#export PLATFORM=sparc-sun-solaris2.10

ImageMagick-6.5.5-6 Configured as
./configure CC="gcc -m64 -static-libgcc" CXX="g++ -m64 -static-libgcc" CXXFLAGS="-DNDEBUG -g -O2" CFLAGS="-DNDEBUG -g -O2" CPPFLAGS="-I${EXT_HOME}/${PLATFORM}/include" LDFLAGS="-L${EXT_HOME}/${PLATFORM}/lib" --with-quantum-depth=8 --without-perl --without-tiff --without-x --without-gslib --without-freetype --disable-installed --without-magick-plus-plus --enable-embeddable --without-modules

We build these libs (zlib 1.2.3, jpeg-6b, bzip2-1.0.2, libpng-1.2.24) ourselves and provide them with CXXFLAGS and LDFLAGS.

Same configration and build as 64 bit works fine on Solaris 10 x86_64. Found same crash in ImageMagick-6.6.4-10 on sparc10.

It segfaults on this line in ImageMagick-6.5.5-6/ImageMagick-6.5.5-6/wand/wandtest.c

status=MagickDrawImage(magick_wand,drawing_wand);

bash-3.00# /usr/sfw/bin/gcc -v
Reading specs from /usr/sfw/lib/gcc/sparc-sun-solaris2.10/3.4.3/specs
Configured with: /sfw10/builds/build/sfw10-patch/usr/src/cmd/gcc/gcc-3.4.3/configure --prefix=/usr/sfw --with-as=/usr/ccs/bin/as --without-gnu-as --with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ --enable-shared
Thread model: posix
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)

bash-3.00# ./wandtest wandtest_out.miff
Reading images...
Iterate forward...
index 0 scene 0
index 1 scene 1
index 2 scene 2
index 3 scene 3
index 4 scene 4
Iterate reverse...
index 4 scene 4
index 3 scene 3
index 2 scene 2
index 1 scene 1
index 0 scene 0
Remove scene 1...
index 0 scene 0
index 1 scene 2
index 2 scene 3
index 3 scene 4
Insert scene 1 back in sequence...
index 0 scene 0
index 1 scene 1
index 2 scene 2
index 3 scene 3
index 4 scene 4
Set scene 2 to scene 1...
index 0 scene 0
index 1 scene 1
index 2 scene 1
index 3 scene 3
index 4 scene 4
Apply image processing options...
Segmentation Fault (core dumped)

[pmevawala]

If I comment these lines in ImageMagick-6.5.5-6/wand/wandtest.c then segfault goes away.
(void) DrawAnnotation(drawing_wand,15,5,(const unsigned char *) "Magick");
status=MagickAnnotateImage(magick_wand,drawing_wand,70,5,90,"Image");

Further debugging shows that,
If I comment this line in DrawAnnotation () function ( ImageMagick-6.5.5-6/wand/drawing-wand.c) then segfault goes away.
(void) MvgPrintf(wand,"text %g,%g '%s'\n",x,y,escaped_text);

So my observation is that something is wrong with MvgPrintf() code on sparc10.
I dont think this code is probalem a but not 100% sure.
#if defined(MAGICKCORE_HAVE_VSNPRINTF)
formatted_length=vsnprintf(wand->mvg+wand->mvg_length,
wand->mvg_alloc-wand->mvg_length-1,format,argp);
#else
...
#endif

Can anyone please hep?

[magick]

There was a recent patch to MvgPrintf(). Download ImageMagick 6.6.7-1, the current release, and let us know if that fixes the problem. If not, we will investigate further. Thanks.

[pmevawala]

No luck with ImageMagick-6.6.7-1 as well. I even tried to use system libs instead of our built it binaries ( for zlib, bz2, jpeg, png). I'm building as 64 bit binaries. (see -m64 flag)

[magick]

We tried 6.6.7-1 under Solaris 10 but so far we cannot reproduce the problem. We'll look a little closer at the problem over the next few days.

[pmevawala]

Did you try with the exact same configuration on sparc10 with gcc343?

./configure CC="gcc -m64 -static-libgcc" CXX="g++ -m64 -static-libgcc" CXXFLAGS="-DNDEBUG -g -O2" CFLAGS="-DNDEBUG -g -O2" --with-quantum-depth=8 --without-perl --without-tiff --without-x --without-gslib --without-freetype --disable-installed --without-magick-plus-plus --enable-embeddable --without-modules

Thanks a lot for being in touch and responding soon.
-Pinakin

[pmevawala]

Basically code gets segfault because of these two lines in wand/wandtest.c

(void) DrawAnnotation(drawing_wand,15,5,(const unsigned char *) "Magick");
...
status=MagickAnnotateImage(magick_wand,drawing_wand,70,5,90,"Image");

Firstly I commented status=MagickAnnotateImage(magick_wand,drawing_wand,70,5,90,"Image");
Then I made this code change into wand/drawing-wand.c and segfault went away. Note that I'm using strlen() instead of formatted_length returned by vsnprintf().

Code: Select all

#if defined(MAGICKCORE_HAVE_VSNPRINTF)
    formatted_length=vsnprintf(wand->mvg+wand->mvg_length,
      wand->mvg_alloc-wand->mvg_length-1,format,argp);
#else
    formatted_length=vsprintf(wand->mvg+wand->mvg_length,
      format,argp);
#endif
    va_end(argp);
    if (formatted_length < 0)
      ThrowDrawException(DrawError,"UnableToPrint",format)
    else
      {
//        wand->mvg_length+= formatted_length;
        wand->mvg_length+= strlen(wand->mvg);
        wand->mvg_width+=formatted_length;
      }

Now my suspicion goes on vsnprintf(). Is it possible that I may need some system lib upgrade? I would have old OS version installed and there would be new updates needed. Let me know how to find those info if that’s the case.

bash-3.00# uname -a
SunOS sol101 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-V240
bash-3.00# cat /etc/re
reboot release remote resolv.conf resolv.conf~
bash-3.00# cat /etc/release
Solaris 10 5/08 s10s_u5wos_10 SPARC
Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 24 March 2008

I want to turn on the logging to see whats actually going on here. How to do this in ImageMagick? Where to look for the log entries? Please help.

[magick]

According to C99, vsnprintf() returns the number of formatted bytes which would have been written (not including the trailing '\0') if there was sufficient space available. If an output error occurs, then a negative value is returned.

Under Linux glibc 2.0.6 and earlier, -1 is returned when the output has been truncated.

Consider downloading ImageMagick 6.6.7-4 which has a slight change to the MvgPrintf() method. Add a write statement to print the value of count (formatted_length in your version).

You can get debugging information with the MAGICK_DEBUG environment variable. See
http://www.imagemagick.org/script/resou ... nvironment.

[pmevawala]

Looks like I've uncovered the bug in IM.
I was getting segfaults with the annotation functions. This was happening only on sparc10 with all the IM releases including the latest  6.6.7-4. We have same version working properly on other platforms (Solaris 10 x86_64 etc.)

Changed this code and segfault went away.

magick/annotate.c
Code flow was like ...->AnnotateImage()->RenderType()->RenderFreetype()

#else
static MagickBooleanType RenderFreetype(Image *image,const DrawInfo *draw_info,
const char *magick_unused(encoding),const PointInfo *offset,
TypeMetric *metrics)
{
(void) ThrowMagickException(&image->exception,GetMagickModule(),
MissingDelegateWarning,"DelegateLibrarySupportNotBuiltIn","`%s' (Freetype)",
//draw_info->font);
draw_info->font != (char *) NULL ? draw_info->font : "none");
return(RenderPostscript(image,draw_info,offset,metrics));
}
#endif

Please confirm this as fix.

[magick]

Good catch. Thanks for the analysis and patch. We'll get the patch into ImageMagick 6.6.7-5 Beta by sometime tomorrow.