Bug#909632: pngmeta: segfault on bad png
Package: pngmeta
Version: 1.11-9
Severity: normal
File: /usr/bin/pngmeta
With file https://www.gutenberg.org/files/16713/16713-h/images/q248.png
(about 7 kbytes), running "pngmeta q248.png" gets a segfault.
I suspect some badness in that image, since some other programs don't
enjoy it either (xzgv "can't load", dillo "checksum error"), but I hoped
pngmeta would not segfault.
gdb gives a backtrace showing somewhere under the final
png_destroy_read_struct() call in pngmeta.c main().
#0 0xb7f8367a in png_free_data () from /usr/lib/i386-linux-gnu/libpng16.so.16
#1 0xb7f83ce2 in png_destroy_info_struct ()
from /usr/lib/i386-linux-gnu/libpng16.so.16
#2 0xb7f9022d in png_destroy_read_struct ()
from /usr/lib/i386-linux-gnu/libpng16.so.16
#3 0x80001b39 in main (argc=<optimized out>, argv=<optimized out>)
at pngmeta.c:588
-- System Information:
Debian Release: buster/sid
Architecture: i386 (i686)
Kernel: Linux 4.4.0-1-686-pae (SMP w/1 CPU core)
Locale: LANG=en_AU.iso88591, LC_CTYPE=en_AU.iso88591 (charmap=ISO-8859-1), LANGUAGE=en_AU:en_GB:en (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages pngmeta depends on:
ii libc6 2.27-6
ii libpng16-16 1.6.34-2
ii zlib1g 1:1.2.11.dfsg-1
pngmeta recommends no packages.
pngmeta suggests no packages.
-- no debconf information
Reply to: