Ubuntu
jasper package

[libjasper1 1.900.1-3ubuntu0.8.04.1 (amd64 binary) in ubuntu hardy] tries to use /tmptmp.XXXXXXXXXX as a mkstemp() template

Bug #620633 reported by Nathan Phillip Brink (binki)
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
jasper (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

ohnobinki@ohnopublishing /tmp $ strings usr/lib/libjasper.so.1.0.0 | grep tmp
jas_stream_tmpfile
/tmp
%stmp.XXXXXXXXXX
!((tmp >> 3) & (~0x1f))
enc->tmpstream
cannot open tmp file
(tmpval & (1 << (wordsize - 1))) == 0

-- it seems that the first two entries of strings's output indicate that libjasper does something like:
``
char *template;
char *tmpdir = "/tmp";
asprintf(template, "%stmp.XXXXXXXXXX");
mkstemp(template);
''
which results in an attempt to open a file in / instead of in /tmptmp. This means that any non-root application using an imagemagick suite tool to load a jpeg2k image will fail as jasper fails if it can't create this file:

npb5@julian:~$ mogrify -format png /tmp/*.jp2
error: cannot decode code stream
mogrify: unable to decode image file `/tmp/presbyterianbook00oxfouoft_wm_0499.jp2'.

strace outputs:
open("/tmptmp.XXXXuphIuc", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)

I was able to work arouind fix this by putting the following C code into an LD_PRELOADed shared object. However, it would be wonderful if libjasper in ubuntu hardy 8.04 LTS could be fixed and a new release made:
/**
 * Rewrite a bad template of /tmptmp , a bug in libjasper on ubunto 8
 * LTS, to /tmp/tmp. Truncate one of the Xes at the end of the
 * template.
 */
int mkstemp(char *template)
{
  int ret;

  size_t counter;

  static void *libc = NULL;
  static int(*libc_mkstemp)(char *template);

  if (!libc)
    {
      libc = dlopen("/lib/libc.so.6", RTLD_LOCAL | RTLD_NOW);
      if(!libc)
 abort();
      libc_mkstemp = dlsym(libc, "mkstemp");
      if(!libc_mkstemp)
 abort();
    }

  if (!strncmp(template, "/tmptmp", strlen("/tmptmp")))
    {
      fprintf(stderr, "mkstemp() hack: rewriting %s", template);
      for (counter = strlen(template) - 1; counter > 4; counter --)
 template[counter] = template[counter - 1];
      template[4] = '/';
      fprintf(stderr, " to %s\n", template);
    }

  ret = (*libc_mkstemp)(template);

  return ret;
}

Tags: patch
Revision history for this message
Nathan Phillip Brink (binki) (ohnobinki) wrote :

> which results in an attempt to open a file in / instead of in /tmptmp.

I meant to say ``instead of in /tmp''.

Revision history for this message
Nathan Phillip Brink (binki) (ohnobinki) wrote :

Sorry, I should've place more lines of context from strace(1) to prove the causation relation from the messages printed to stderr and the EACCES error:

open("/tmp/presbyterianbook00oxfouoft_wm_0499.jp2", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=619379, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0908f53000
read(3, "\0\0\0\fjP \r\n\207\n\0\0\0\24ftypjp2 \0\0\0\0jp2 "..., 4096) = 4096
lseek(3, 0, SEEK_SET) = 0
read(3, "\0\0\0\fjP \r\n\207\n\0\0\0\24ftypjp2 \0\0\0\0jp2 "..., 8192) = 8192
open("/tmptmp.XXXXuphIuc", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
write(2, "error: cannot decode code stream"..., 33error: cannot decode code stream
) = 33
fstat(3, {st_mode=S_IFREG|0644, st_size=619379, ...}) = 0
close(3) = 0
munmap(0x7f0908f53000, 4096) = 0
write(2, "mogrify: unable to decode image "..., 82mogrify: unable to decode image file `/tmp/presbyterianbook00oxfouoft_wm_0499.jp2') = 82
write(2, ".\n", 2.
) = 2
munmap(0x7f09050ce000, 2115304) = 0
munmap(0x7f0904e79000, 2443752) = 0
munmap(0x7f09054f7000, 2206016) = 0
munmap(0x7f09052d3000, 2244536) = 0
exit_group(1) = ?
Process 29489 detached

Chris Adams (acdha)
Changed in jasper (Ubuntu):
status: New → Confirmed
Revision history for this message
Chris Adams (acdha) wrote :

This appears to make it impossible for anything which uses libjasper1 to open JP2 files: even something as simple as "gm identify example.jp2" will fail. I've attached the one-character patch, making the fix trivial:

sudo apt-get build-dep libjasper1
sudo apt-get source libjasper1
patch -p0 < bug_620633.patch
dpkg-buildpackage -rfakeroot
sudo dpkg -i ../libjasper1_1.900.1-6_amd64.deb

Brian Murray (brian-murray)
tags: added: patch
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.