Bug ID 1043479
Summary xv crashes reading gimp created png image
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware x86-64
OS Other
Status NEW
Severity Major
Priority P5 - None
Component X11 Applications
Assignee bnc-team-screening@forge.provo.novell.com
Reporter rcoe@wi.rr.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker ---

opensuse Tumbleweed
xv-3.10a 1296.49

xv crashed while loading png images created by gimp.
 *** Error in `xv': free(): invalid next size (fast): 0x0000000000c7c380 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7383b)[0x7ff155f6983b]
/lib64/libc.so.6(+0x79dee)[0x7ff155f6fdee]
/lib64/libc.so.6(+0x7a5fe)[0x7ff155f705fe]
xv[0x42396e]
xv[0x412698]
xv[0x40bd7f]
/lib64/libc.so.6(__libc_start_main+0xf1)[0x7ff155f16541]
xv[0x40d44a]

I ran valgrind, but the default does not have line numbers, and I had to build
the opensuse version with debug.

==16988== Invalid write of size 1
==16988==    at 0x4C32638: __stpcpy_sse2_unaligned (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==16988==    by 0x1A04F8: strcat (string3.h:147)
==16988==    by 0x1A04F8: LoadPNG (xvpng.c:1162)
==16988==    by 0x124F98: openPic (xv.c:2520)
==16988==    by 0x11DD5C: openFirstPic (xv.c:3666)
==16988==    by 0x11DD5C: mainLoop (xv.c:3785)
==16988==    by 0x11DD5C: main (xv.c:1043)
==16988==  Address 0x7953d8b is 0 bytes after a block of size 11 alloc'd
==16988==    at 0x4C2C0AF: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==16988==    by 0x1A045C: LoadPNG (xvpng.c:1154)
==16988==    by 0x124F98: openPic (xv.c:2520)
==16988==    by 0x11DD5C: openFirstPic (xv.c:3666)
==16988==    by 0x11DD5C: mainLoop (xv.c:3785)
==16988==    by 0x11DD5C: main (xv.c:1043)


You are receiving this mail because: