NetBSD Problem Report #46518
From www@NetBSD.org Sat Jun 2 14:19:54 2012
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id 2BC9963B89C
for <gnats-bugs@gnats.NetBSD.org>; Sat, 2 Jun 2012 14:19:54 +0000 (UTC)
Message-Id: <20120602141953.4A68A63B882@www.NetBSD.org>
Date: Sat, 2 Jun 2012 14:19:53 +0000 (UTC)
From: nathanialsloss@yahoo.com.au
Reply-To: nathanialsloss@yahoo.com.au
To: gnats-bugs@NetBSD.org
Subject: stbi splash: compressed PNG file causes panic
X-Send-Pr-Version: www-1.0
>Number: 46518
>Category: kern
>Synopsis: stbi splash: compressed PNG file causes panic
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jun 02 14:20:00 +0000 2012
>Closed-Date: Sat Jun 02 14:34:37 +0000 2012
>Last-Modified: Sat Jun 02 17:55:01 +0000 2012
>Originator: Nat Sloss
>Release: NetBSD Current 6.99.6
>Organization:
>Environment:
NetBSD beast 6.99.6 NetBSD 6.99.6 (LOCKDEBUG) #54: Sat Jun 2 17:32:26 EST 2012 build@beast:/usr/src/sys/arch/i386/compile/obj/LOCKDEBUG i386
>Description:
When booting with a splash screen picture that is a compressed PNG picture the kernel crashes.
>How-To-Repeat:
Create a compressed PNG image:
bmptopnm splash.bmp| pnmtopng - -compression 9 > /splash.png
Then boot with it:
vesa 800x600x16
splash splash.png
boot
>Fix:
The problem stems from the fact that one of the pointers is NULL and it is then freed so to fix it I applied this patch:
===================================================================
RCS file: /cvsroot/src/sys/dev/stbi/stb_image.c,v
retrieving revision 1.2
diff -u -r1.2 stb_image.c
--- sys/dev/stbi/stb_image.c 20 Jan 2012 23:13:47 -0000 1.2
+++ sys/dev/stbi/stb_image.c 2 Jun 2012 14:18:05 -0000
@@ -3050,9 +3050,12 @@
*y = p->s.img_y;
if (n) *n = p->s.img_n;
}
- FREE(p->out); p->out = NULL;
- FREE(p->expanded); p->expanded = NULL;
- FREE(p->idata); p->idata = NULL;
+ if (p->out != NULL)
+ FREE(p->out); p->out = NULL;
+ if (p->expanded != NULL)
+ FREE(p->expanded); p->expanded = NULL;
+ if (p->idata != NULL)
+ FREE(p->idata); p->idata = NULL;
return result;
}
Note: This patch is my own work which I submit under the NetBSD license.
Regards,
Nat.
>Release-Note:
>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/46518 CVS commit: src/sys/dev/stbi
Date: Sat, 2 Jun 2012 10:30:05 -0400
Module Name: src
Committed By: christos
Date: Sat Jun 2 14:30:04 UTC 2012
Modified Files:
src/sys/dev/stbi: stb_image.c
Log Message:
PR/46518: Nat Sloss: stbi splash: compressed PNG file causes panic
Make the kernel FREE macro behave like the userland free(3), i.e. accept NULL
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/sys/dev/stbi/stb_image.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Sat, 02 Jun 2012 14:34:37 +0000
State-Changed-Why:
Christos fixed it, thanks for the report
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/46518: stbi splash: compressed PNG file causes panic
Date: Sat, 2 Jun 2012 16:31:04 +0200
p->expanded and p->idata can not be NULL, but p->out will always be.
Just deleting the FREE(p->out)... line should be the correct fix, the
memory is now pointed to by result and is what this function returns.
Can you test that?
Martin
From: jnemeth@victoria.tc.ca (John Nemeth)
To: gnats-bugs@NetBSD.org, kern-bug-people@NetBSD.org, netbsd-bugs@NetBSD.org,
gnats-admin@NetBSD.org, martin@NetBSD.org, nathanialsloss@yahoo.com.au
Cc:
Subject: Re: kern/46518 (stbi splash: compressed PNG file causes panic)
Date: Sat, 2 Jun 2012 10:40:10 -0700
On Sep 18, 2:42am, martin@NetBSD.org wrote:
}
} Synopsis: stbi splash: compressed PNG file causes panic
}
} State-Changed-From-To: open->closed
} State-Changed-By: martin@NetBSD.org
} State-Changed-When: Sat, 02 Jun 2012 14:34:37 +0000
} State-Changed-Why:
} Christos fixed it, thanks for the report
Shouldn't this be pulled up, along with kern/46516?
}-- End of excerpt from martin@NetBSD.org
From: christos@zoulas.com (Christos Zoulas)
To: jnemeth@victoria.tc.ca (John Nemeth), gnats-bugs@NetBSD.org,
kern-bug-people@NetBSD.org, netbsd-bugs@NetBSD.org,
gnats-admin@NetBSD.org, martin@NetBSD.org, nathanialsloss@yahoo.com.au
Cc:
Subject: Re: kern/46518 (stbi splash: compressed PNG file causes panic)
Date: Sat, 2 Jun 2012 13:54:47 -0400
On Jun 2, 10:40am, jnemeth@victoria.tc.ca (John Nemeth) wrote:
-- Subject: Re: kern/46518 (stbi splash: compressed PNG file causes panic)
| On Sep 18, 2:42am, martin@NetBSD.org wrote:
| }
| } Synopsis: stbi splash: compressed PNG file causes panic
| }
| } State-Changed-From-To: open->closed
| } State-Changed-By: martin@NetBSD.org
| } State-Changed-When: Sat, 02 Jun 2012 14:34:37 +0000
| } State-Changed-Why:
| } Christos fixed it, thanks for the report
|
| Shouldn't this be pulled up, along with kern/46516?
sure.
christos
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.