<div dir="ltr"><div><div>Hi,<br><br></div><div>Probably one of my changes is the cause for this.<br><br></div>One of the problems is that CVE-2004-0200-3.jpg is a semi corrupt file. Usually it can be read fine but doing any transform operations fails. For example jpegtrans fails for this file, GIMP does not open it, ImageMagick's convert does not work. <br>

>From the memcheck I can see that libjpeg6 was used - maybe this is what triggers the problem as libjpeg8 is usually used today.<br><br></div>Regards, Tomaž<br><div><div><div><div class="gmail_extra"><br><div class="gmail_quote">

On Sun, May 12, 2013 at 10:05 AM, Markus Mohrhard <span dir="ltr"><<a href="mailto:markus.mohrhard@googlemail.com" target="_blank">markus.mohrhard@googlemail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hey Caolan, *,<br>
<br>
so after we got several complains about test failure in vcl with the<br>
same file I looked at it with memcheck and can at least produce an<br>
output there. The test does not fail for me or at the tinderbox but we<br>
had now 3 independet people having problems with the same file on<br>
different systems.<br>
<br>
The memcheck output is:<br>
<br>
file:///home/moggi/devel/libo4/vcl/qa/cppunit/graphicfilter/data/jpg/pass/CVE-2004-0200-3.jpg,==13272==<br>
Invalid read of size 8<br>
==13272==    at 0xF1FF117: ??? (in /usr/lib64/libjpeg.so.62.0.0)<br>
==13272==  Address 0x15779db0 is 32 bytes inside a block of size 36 alloc'd<br>
==13272==    at 0x4C2ABED: malloc (in<br>
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)<br>
==13272==    by 0x4E5D899: rtl_allocateMemory_SYSTEM(unsigned long)<br>
(alloc_global.cxx:269)<br>
==13272==    by 0x4E5D9A0: rtl_allocateMemory (alloc_global.cxx:302)<br>
==13272==    by 0xC9F5D18: JPEGReader::CreateBitmap(void*) (JpegReader.cxx:282)<br>
==13272==    by 0xC9F527A: CreateBitmapFromJPEGReader (JpegReader.cxx:41)<br>
==13272==    by 0xC88C596: ReadJPEG (jpegc.c:151)<br>
==13272==    by 0xC9F67E2: JPEGReader::Read(Graphic&) (JpegReader.cxx:428)<br>
==13272==    by 0xC9F50AB: ImportJPEG(SvStream&, Graphic&, void*, int)<br>
(jpeg.cxx:50)<br>
==13272==    by 0xC9CD5C1: GraphicFilter::ImportGraphic(Graphic&,<br>
String const&, SvStream&, unsigned short, unsigned short*, unsigned<br>
int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>*,<br>
WMF_EXTERNALHEADER*) (graphicfilter.cxx:1498)<br>
==13272==    by 0xC9CCD3B: GraphicFilter::ImportGraphic(Graphic&,<br>
String const&, SvStream&, unsigned short, unsigned short*, unsigned<br>
int, WMF_EXTERNALHEADER*) (graphicfilter.cxx:1327)<br>
==13272==    by 0xB38AB00: VclFiltersTest::load(rtl::OUString const&,<br>
rtl::OUString const&, rtl::OUString const&, unsigned int, unsigned<br>
int, unsigned int) (filters-test.cxx:53)<br>
==13272==    by 0xC413C0A:<br>
test::FiltersTest::recursiveScan(test::filterStatus, rtl::OUString<br>
const&, rtl::OUString const&, rtl::OUString const&, unsigned int,<br>
unsigned int, unsigned int) (filters-test.cxx:113)<br>
==13272==    by 0xC41463E: test::FiltersTest::testDir(rtl::OUString<br>
const&, rtl::OUString const&, rtl::OUString const&, unsigned int,<br>
unsigned int, unsigned int) (filters-test.cxx:137)<br>
==13272==    by 0xB38AC1F: VclFiltersTest::testCVEs() (filters-test.cxx:61)<br>
==13272==    by 0xB38CBB3:<br>
CppUnit::TestCaller<VclFiltersTest>::runTest() (TestCaller.h:166)<br>
==13272==    by 0x516529B:<br>
CppUnit::TestCaseMethodFunctor::operator()() const (TestCase.cpp:32)<br>
==13272==    by 0x7AE29DE: (anonymous<br>
namespace)::Prot::protect(CppUnit::Functor const&,<br>
CppUnit::ProtectorContext const&) (unobootstrapprotector.cxx:88)<br>
==13272==    by 0x515D3D6:<br>
CppUnit::ProtectorChain::ProtectFunctor::operator()() const<br>
(ProtectorChain.cpp:20)<br>
==13272==    by 0x6799481: (anonymous<br>
namespace)::Prot::protect(CppUnit::Functor const&,<br>
CppUnit::ProtectorContext const&) (unoexceptionprotector.cxx:64)<br>
==13272==    by 0x515D3D6:<br>
CppUnit::ProtectorChain::ProtectFunctor::operator()() const<br>
(ProtectorChain.cpp:20)<br>
==13272==    by 0x514ED4B:<br>
CppUnit::DefaultProtector::protect(CppUnit::Functor const&,<br>
CppUnit::ProtectorContext const&) (DefaultProtector.cpp:15)<br>
==13272==    by 0x515D3D6:<br>
CppUnit::ProtectorChain::ProtectFunctor::operator()() const<br>
(ProtectorChain.cpp:20)<br>
==13272==    by 0x515D26B:<br>
CppUnit::ProtectorChain::protect(CppUnit::Functor const&,<br>
CppUnit::ProtectorContext const&) (ProtectorChain.cpp:77)<br>
==13272==    by 0x5174481:<br>
CppUnit::TestResult::protect(CppUnit::Functor const&, CppUnit::Test*,<br>
std::string const&) (TestResult.cpp:181)<br>
==13272==    by 0x5164D6B:<br>
CppUnit::TestCase::run(CppUnit::TestResult*) (TestCase.cpp:92)<br>
==13272==    by 0x5165B07:<br>
CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*)<br>
(TestComposite.cpp:64)<br>
==13272==    by 0x5165991:<br>
CppUnit::TestComposite::run(CppUnit::TestResult*)<br>
(TestComposite.cpp:23)<br>
==13272==    by 0x5165B07:<br>
CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*)<br>
(TestComposite.cpp:64)<br>
==13272==    by 0x5165991:<br>
CppUnit::TestComposite::run(CppUnit::TestResult*)<br>
(TestComposite.cpp:23)<br>
==13272==    by 0x517B66D:<br>
CppUnit::TestRunner::WrappingSuite::run(CppUnit::TestResult*)<br>
(TestRunner.cpp:47)<br>
==13272==    by 0x517418B:<br>
CppUnit::TestResult::runTest(CppUnit::Test*) (TestResult.cpp:148)<br>
==13272==    by 0x517B8CB:<br>
CppUnit::TestRunner::run(CppUnit::TestResult&, std::string const&)<br>
(TestRunner.cpp:96)<br>
==13272==    by 0x403E5E: (anonymous<br>
namespace)::ProtectedFixtureFunctor::run() const<br>
(cppunittester.cxx:151)<br>
==13272==    by 0x4044F0: sal_main() (cppunittester.cxx:243)<br>
==13272==    by 0x404138: main (cppunittester.cxx:167)<br>
<br>
<br>
I can't see anything obviously wrong there but maybe you see something.<br>
<br>
Regards,<br>
MArkus<br>
_______________________________________________<br>
LibreOffice mailing list<br>
<a href="mailto:LibreOffice@lists.freedesktop.org" target="_blank">LibreOffice@lists.freedesktop.org</a><br>
<a href="http://lists.freedesktop.org/mailman/listinfo/libreoffice" target="_blank">http://lists.freedesktop.org/mailman/listinfo/libreoffice</a><br>
</blockquote></div><br></div></div></div></div></div>