86137 – graphics/fly 2.0 segfaults when using "copy" function to copy in gif digits for a counter.

Bug 86137 - graphics/fly 2.0 segfaults when using "copy" function to copy in gif digits for a counter.

Summary: graphics/fly 2.0 segfaults when using "copy" function to copy in gif digits f...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Sam Lawrance

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-09-14 23:10 UTC by Nick Fishman
Modified:	2005-10-17 15:01 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nick Fishman 2005-09-14 23:10:12 UTC

      When using the "copy" function inside a script file for fly, fly dumps core and exits with a segmentation fault. Other functions appear to be working, but further testing is needed.

      This problem was initially mentioned on the ports@freebsd.org mailing list by Warren Block. It affects his FreeBSD 4.11 system, as well.

Fix: 

Unknown.
How-To-Repeat:       Prepare a sample GIF file, about 32x32 pixels in size. Generate the following script file:
new
size 26,20
copy 0,0,-1,-1,-1,-1,/path/to/your.gif
copy 13,0,-1,-1,-1,-1,/path/to/your.gif

Run "fly -i scriptfile". It will dump core.

Comment 1 Sam Lawrance freebsd_committer

2005-09-15 05:45:26 UTC

Responsible Changed
From-To: freebsd-ports-bugs->lawrance

Take it

Comment 2 Simon Barner freebsd_committer

2005-09-15 13:49:14 UTC

The lastest version of graphics/fly seems to be 2.0.0:
http://martin.gleeson.com/fly/

Since this port has no maintainer, please try to do the update to see if
the bug is fixed there, and submit it as an follow-up to this PR.

If you have questions, feel free to ask on the freebsd-ports@ mailing
list, but please consult the Porter's Handbook first.

Comment 3 Simon Barner freebsd_committer

2005-09-15 13:53:06 UTC

I did not two things:
 - fly is already at 2.0
 - Sam Lawrance began working on this PR five minutes before me :-)

Please disregard my last email.

Simon

Comment 4 Warren Block 2005-09-16 15:19:36 UTC

As reported by Mario Hoerich:

The problem here seems to be the image-type:  the default type
is set to PNG and the program seems to never check the type of
the image loaded with copy.  As a result, the gif file runs through

1271    img_file = gdImageCreateFromPng(img_to_copy);
                                    ^^^
That returns an unchecked NULL, which is dereferenced just
a couple of lines down:

1298    arg[4] = img_file->sx;

Program received signal SIGSEGV, Segmentation fault.
0x0804cf46 in copy_to_img (infile=0x281a22c0, img=0x8053000, resize=0)
    at fly.c:1298

Comment 5 Warren Block 2005-09-16 15:22:06 UTC

As reported by Mario Hoerich <spambox@MHoerich.de>:

The problem here seems to be the image-type:  the default type
is set to PNG and the program seems to never check the type of
the image loaded with copy.  As a result, the gif file runs through

1271    img_file = gdImageCreateFromPng(img_to_copy);
                                    ^^^
That returns an unchecked NULL, which is dereferenced just
a couple of lines down:

1298    arg[4] = img_file->sx;

Program received signal SIGSEGV, Segmentation fault.
0x0804cf46 in copy_to_img (infile=0x281a22c0, img=0x8053000, resize=0)
    at fly.c:1298

Comment 6 Sam Lawrance freebsd_committer

2005-10-17 14:59:45 UTC

State Changed
From-To: open->closed

An extra check was added to fail gracefully.  As before, 
you must still supply the file type in the script file 
for fly to work correctly.