Png details that causes this crash:
Find Dictionary.png...
Image Width: 16 Image Length: 16
Bitdepth (Bits/Sample): 8
Channels (Samples/Pixel): 1
Pixel depth (Pixel Depth): 8
Colour Type (Photometric Interpretation): PALETTED COLOUR with alpha (256 colours, 1 transparent)
Image filter: Single row per byte filter
Interlacing: No interlacing
Compression Scheme: Deflate method 8, 32k window
Resolution: 2834, 2834 (pixels per meter)
FillOrder: msb-to-lsb
Byte Order: Network (Big Endian)
Number of text strings: 0 of 0
Problem code is:
File: pngcode.c
Function: gdip_load_png_image_from_file_or_stream
Problem: use of a call to png_get_tRNS without checking return value.
For this png return value is 0 (fail), and this causes use of a uninitialized variables trans_color and num_trans.
This causes seg fault if trans_color or num_trans. happen to be certian values.
I will a minimal test case that can be build using mono.
I will also attach a suggested patch, that checks return value of png_get_tRNS, and doesn't attempt to use unitilized variables.
StackTrace looks like this:
at <unknown> <0xffffffff>
at (wrapper managed-to-native) System.Drawing.GDIPlus.GdipLoadImageFromDelegate_linux (System.Drawing.GDIPlus/StreamGetHeaderDelegate,System.Drawing.GDIPlus/StreamGetBytesDelegate,System.Drawing.GDIPlus/StreamPutBytesDelegate,System.Drawing.GDIPlus/StreamSeekDelegate,System.Drawing.GDIPlus/StreamCloseDelegate,System.Drawing.GDIPlus/StreamSizeDelegate,intptr&) <0xffffffff>
at System.Drawing.Image.InitFromStream (System.IO.Stream) <0x001b3>
at System.Drawing.Image..ctor (System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext) <0x0010f>
at System.Drawing.Bitmap..ctor (System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext) <0x0002f>
at (wrapper runtime-invoke) <Module>.runtime_invoke_void__this___object_StreamingContext (object,intptr,intptr,intptr) <0xffffffff>
at <unknown> <0xffffffff>
at (wrapper managed-to-native) System.Reflection.MonoCMethod.InternalInvoke (System.Reflection.MonoCMethod,object,object[],System.Exception&) <0xffffffff>
at System.Reflection.MonoCMethod.InternalInvoke (object,object[]) <0x0003f>
at System.Reflection.MonoCMethod.DoInvoke (object,System.Reflection.BindingFlags,System.Reflection.Binder,object[],System.Globalization.CultureInfo) <0x00103>
at System.Reflection.MonoCMethod.Invoke (object,System.Reflection.BindingFlags,System.Reflection.Binder,object[],System.Globalization.CultureInfo) <0x00083>
at System.Reflection.MethodBase.Invoke (object,object[]) <0x00032>
at System.Runtime.Serialization.ObjectRecord.LoadData (System.Runtime.Serialization.ObjectManager,System.Runtime.Serialization.ISurrogateSelector,System.Runtime.Serialization.StreamingContext) <0x002ff>
at System.Runtime.Serialization.ObjectManager.DoFixups () <0x0015f>
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ReadNextObject (System.IO.BinaryReader) <0x00051>
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ReadObjectGraph (System.Runtime.Serialization.Formatters.Binary.BinaryElement,System.IO.BinaryReader,bool,object&,System.Runtime.Remoting.Messaging.Header[]&) <0x0010b>
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.NoCheckDeserialize (System.IO.Stream,System.Runtime.Remoting.Messaging.HeaderHandler) <0x00143>
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize (System.IO.Stream) <0x0001f>
at System.Resources.ResourceReader.ReadNonPredefinedValue (System.Type) <0x0003f>
at System.Resources.ResourceReader.ReadValueVer2 (int) <0x00443>
at System.Resources.ResourceReader.LoadResourceValues (System.Resources.ResourceReader/ResourceCacheItem[]) <0x0021f>
at System.Resources.ResourceReader/ResourceEnumerator.FillCache () <0x0009b>
at System.Resources.ResourceReader/ResourceEnumerator..ctor (System.Resources.ResourceReader) <0x00053>
at System.Resources.ResourceReader.GetEnumerator () <0x00033>
at System.Resources.ResourceSet.ReadResources () <0x0008d>
at System.Resources.ResourceSet.GetObjectInternal (string,bool) <0x0006b>
at System.Resources.ResourceSet.GetObject (string,bool) <0x00027>
at System.Resources.RuntimeResourceSet.GetObject (string,bool) <0x00033>
at System.Resources.ResourceManager.GetObject (string,System.Globalization.CultureInfo) <0x000a1>
at PngTest.MainClass.Main (string[]) <0x0007c>
at (wrapper runtime-invoke) <Module>.runtime_invoke_void_object (object,intptr,intptr,intptr) <0xffffffff>
The attachment "Suggest patch that initalizes variables to prevent uninitalized use." seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]