-
-
Notifications
You must be signed in to change notification settings - Fork 665
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
double free or corruption error in "vips_image_new_from_buffer" #1423
Comments
Hi, thanks for report. I built git master libvips like this:
I tried this test program: /*
* Test.c
*
* Created on: 27-Aug-2019
* Author: dinesh
*
* Compile with:
* gcc -g -Wall dinesh.c `pkg-config vips --cflags --libs`
*/
#include <vips/vips.h>
static char*
vipsThumbnail(char* inBuffer, size_t inBufferSize, size_t* outBufferSize)
{
int width = 1024;
int height = 1024;
VipsImage *vipsImageOut;
void *outBuffer;
if(vips_thumbnail_buffer(inBuffer, inBufferSize, &vipsImageOut, width,
"height", height,
NULL))
return NULL;
if(vips_image_write_to_buffer(vipsImageOut, ".jpg", &outBuffer,
outBufferSize, NULL)) {
g_object_unref(vipsImageOut);
return NULL;
}
g_object_unref(vipsImageOut);
return outBuffer;
}
int
main(int argc, char** argv)
{
size_t inBufferSize;
char* inBuffer;
size_t outBufferSize;
char* outBuffer;
if(VIPS_INIT(argv[0]))
vips_error_exit("error!!");
vips_leak_set(TRUE);
if(!g_file_get_contents(argv[1], &inBuffer, &inBufferSize, NULL))
vips_error_exit("error!!");
if(!(outBuffer =
vipsThumbnail(inBuffer, inBufferSize, &outBufferSize)))
vips_error_exit("error!!");
if(!g_file_set_contents(argv[2], outBuffer, outBufferSize, NULL))
vips_error_exit("error!!");
g_free(inBuffer);
g_free(outBuffer);
vips_shutdown();
return 0;
} And ran like this:
So I think (hope) it's OK. What version did you try, what platform, what test image, exactly what test code did you run, etc. |
It is occuring sometimes , not always . Im not using |
No, you don't need to call I think you are almost certainly seeing a bug in your Java bindings. Are you perhaps freeing the buffer twice? |
Thank you . Will check on my side . |
Hi , Identified the issue , Im copying |
Add vips_error_buffer_copy() to fix a race in error buffer fetch. See #1423 Thanks @dineshkannaa
Hmm I guess there is a race there, you're right. I've added In the meantime, don't copy to a fixed-size char pointer without You could also use char *message;
message = g_strdup (vips_error_buffer ());
vips_error_clear ();
do_something (message);
g_free (message); |
Oh, or the char message[256];
strncpy (message, vips_error_buffer(), 256);
vips_error_clear(); I wouldn't call |
Thank you . Is there anyway to reset vips ? I tried calling vips_error_clear() before copying the error buffer to solve the problem and applied patch . but it is not working . The process crashes and restarts again and again |
Don't patch libvips, instead do the copy safely in your code. |
I didnt patch in libvips , I patched my code in the same running thread where my buffer overflowed . like this
but it didnt solve my problem . The process restarts again and again . |
Don't use Use the |
I have loaded a heic image , using
vips_image_new_from_buffer(buffer, fileLen, "", "access",VIPS_ACCESS_SEQUENTIAL,NULL)
and I got this after .
note: I didnt link libheif, just tried this to check error handling .
you can reproduce it with the code given in #1414 , with a multiple iterations
The text was updated successfully, but these errors were encountered: