- attached tgabug.c
reading tga file cause segfault
Program received signal SIGSEGV, Segmentation fault.
0x004085b9 in read_image_tga (ctx=ctx@entry=0xce5020, tga=tga@entry=0xce5060) at gd_tga.c:253
253 tga->bitmap[buffer_caret] = (int) conversion_buffer[buffer_caret];
(gdb) bt
#0 0x004085b9 in read_image_tga (ctx=ctx@entry=0xce5020, tga=tga@entry=0xce5060) at gd_tga.c:253
#1 0x004086b7 in gdImageCreateFromTgaCtx@4 (ctx=ctx@entry=0xce5020) at gd_tga.c:74
#2 0x00408894 in gdImageCreateFromTga@4 (fp=fp@entry=0x77c2fce0) at gd_tga.c:25
#3 0x0050f328 in main (argc=<optimized out>, argv=0xce3e88) at repng2jpeg.c:66
(gdb) p buffer_caret
$1 = 152568
Comments (4)
-
-
- attached img-ref.tga
Image used by tgabug.c, attached above.
-
Actually the crash occurs because we misread the bps, have to check what it is used with these two images.
-
- changed status to resolved
fix
#84, double free and overrun due to wrong alloc type, uint8_t instead of int→ <<cset acdebc814843>>
- Log in to comment
This happens to me as well. I'm attaching a program+image that reproduces the problem under Linux.
A quick look seems to indicate it's a double free but don't quote me on that.