Skip to content

Segmentation fault while loading JPEG #2761

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kstanikviacbs opened this issue Apr 13, 2022 · 6 comments
Closed

Segmentation fault while loading JPEG #2761

kstanikviacbs opened this issue Apr 13, 2022 · 6 comments
Labels
bug

Comments

@kstanikviacbs
Copy link

kstanikviacbs commented Apr 13, 2022
edited
Loading

Hey there! First of all - thanks for marvellous job you keep doing by maintaining and developing vips!

We face an issue with SEGFAULT that's difficult to reproduce, but happens once per thousands of requests, based on the backtrace from gdb this seems to happen while decoding JPEG file.

OS: Linux ba01b6d4e809 5.10.93-0-virt #1-Alpine SMP Thu
Vips: 8.12.2

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f1a0447448d in __memmove_avx_unaligned_erms () from /usr/lib/libc.so.6
[Current thread is 1 (Thread 0x7f19f4ff9640 (LWP 47))]
(gdb) bt
#0  0x00007f1a0447448d in __memmove_avx_unaligned_erms () at /usr/lib/libc.so.6
#1  0x00007f1a048c0455 in vips_source_read () at /usr/lib/libvips.so.42
#2  0x00007f1a048762f5 in  () at /usr/lib/libvips.so.42
#3  0x00007f1a022ee360 in jpeg_fill_bit_buffer () at /usr/lib/libjpeg.so.8
#4  0x00007f1a022ee4c5 in jpeg_huff_decode () at /usr/lib/libjpeg.so.8
#5  0x00007f1a022eea74 in  () at /usr/lib/libjpeg.so.8
#6  0x00007f1a022e98af in  () at /usr/lib/libjpeg.so.8
#7  0x00007f1a022f0aee in  () at /usr/lib/libjpeg.so.8
#8  0x00007f1a022e83a1 in jpeg_read_scanlines () at /usr/lib/libjpeg.so.8
#9  0x00007f1a04876db8 in  () at /usr/lib/libvips.so.42
#10 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#11 0x00007f1a048d8429 in  () at /usr/lib/libvips.so.42
#12 0x00007f1a048dcc65 in vips_region_prepare_to () at /usr/lib/libvips.so.42
#13 0x00007f1a047f69c4 in  () at /usr/lib/libvips.so.42
#14 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#15 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#16 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#17 0x00007f1a047f7271 in  () at /usr/lib/libvips.so.42
#18 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#19 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#20 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#21 0x00007f1a048010e3 in  () at /usr/lib/libvips.so.42
#22 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#23 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#24 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#25 0x00007f1a048cc17f in  () at /usr/lib/libvips.so.42
#26 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#27 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#28 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#29 0x00007f1a0486ba2f in  () at /usr/lib/libvips.so.42
#30 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#31 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#32 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#33 0x00007f1a048cc17f in  () at /usr/lib/libvips.so.42
#34 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#35 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#36 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#37 0x00007f1a047f73af in  () at /usr/lib/libvips.so.42
#38 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#39 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#40 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#41 0x00007f1a047f73af in  () at /usr/lib/libvips.so.42
#42 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#43 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#44 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#45 0x00007f1a047fc457 in  () at /usr/lib/libvips.so.42
#46 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#47 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#48 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#49 0x00007f1a047a85cc in  () at /usr/lib/libvips.so.42
#50 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#51 0x00007f1a048d8429 in  () at /usr/lib/libvips.so.42
#52 0x00007f1a048dcc65 in vips_region_prepare_to () at /usr/lib/libvips.so.42
#53 0x00007f1a047f69c4 in  () at /usr/lib/libvips.so.42
#54 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#55 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#56 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#57 0x00007f1a047f7271 in  () at /usr/lib/libvips.so.42
#58 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#59 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#60 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#61 0x00007f1a048cc17f in  () at /usr/lib/libvips.so.42
#62 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#63 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#64 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#65 0x00007f1a047f73af in  () at /usr/lib/libvips.so.42
#66 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#67 0x00007f1a048d8429 in  () at /usr/lib/libvips.so.42
#68 0x00007f1a048dcc65 in vips_region_prepare_to () at /usr/lib/libvips.so.42
#69 0x00007f1a047fc5af in  () at /usr/lib/libvips.so.42
#70 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#71 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#72 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#73 0x00007f1a0479cf99 in  () at /usr/lib/libvips.so.42
#74 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#75 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#76 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#77 0x00007f1a048cc17f in  () at /usr/lib/libvips.so.42
#78 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#79 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#80 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#81 0x00007f1a048cc17f in  () at /usr/lib/libvips.so.42
#82 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#83 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#84 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#85 0x00007f1a048cc17f in  () at /usr/lib/libvips.so.42
#86 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#87 0x00007f1a048d8d0a in vips_region_fill () at /usr/lib/libvips.so.42
#88 0x00007f1a048dc7f5 in vips_region_prepare () at /usr/lib/libvips.so.42
#89 0x00007f1a047f73af in  () at /usr/lib/libvips.so.42
#90 0x00007f1a048d4506 in  () at /usr/lib/libvips.so.42
#91 0x00007f1a048d8429 in  () at /usr/lib/libvips.so.42
#92 0x00007f1a048dcc65 in vips_region_prepare_to () at /usr/lib/libvips.so.42
#93 0x00007f1a048dcd3e in  () at /usr/lib/libvips.so.42
#94 0x00007f1a048d2ef7 in  () at /usr/lib/libvips.so.42
#95 0x00007f1a048dd498 in  () at /usr/lib/libvips.so.42
#96 0x00007f1a0467b7e7 in  () at /usr/lib/libglib-2.0.so.0
#97 0x00007f1a04678815 in  () at /usr/lib/libglib-2.0.so.0
#98 0x00007f1a0437b5c2 in start_thread () at /usr/lib/libc.so.6
#99 0x00007f1a04400584 in clone () at /usr/lib/libc.so.6

Any ideas what might be wrong?

Thanks in advance for help!
@jcupitt
Copy link
Member

jcupitt commented Apr 13, 2022

Hi @kstanikviacbs,

Thank for the detailed report. This will be a tough one to find :( I'll have a look at that bit of code again.

@kleisauke
Copy link
Member

OS: Linux ba01b6d4e809 5.10.93-0-virt #1-Alpine SMP Thu

Alpine uses musl as the standard C library, which provides a default thread stack size of 128k, see:
https://wiki.musl-libc.org/functional-differences-from-glibc.html#Thread-stack-size

It might be worth to increase this stack size by setting VIPS_MIN_STACK_SIZE environment variable, for example:

# Increase the minimum stack size to 2MB
export VIPS_MIN_STACK_SIZE=2m

Note that I'm not sure if this would resolve this segfault, but I'm aware that libaom and Poppler would need this.
https://gitlab.alpinelinux.org/alpine/aports/-/issues/11740
#1287

@jcupitt
Copy link
Member

jcupitt commented Apr 16, 2022
edited
Loading

Yes, it could be a stack overflow. Perhaps libvips should always try to set a 2mb minimum stack size, even if VIPS_MIN_STACK_SIZE has not been set?

(this stack trace is obviously not overflowing, but an earlier overflow could have possibly corrupted the heap)

@kstanikviacbs
Copy link
Author

Thanks both! Sorry to confuse you, but previous OS info was wrong, this is Arch Linux instead however I would still give that one a try and play a bit with VIPS_MIN_STACK_SIZE . Will keep this thread posted.

As for setting 2mb minimum stack size attempt - that one sounds like a good improvement to me given that's not really obvious for majority of vips users.

jcupitt added a commit that referenced this issue Apr 19, 2022
@jcupitt
try to always set the min stack size
43db398 
since musl users often don't know about this

see #2761
@jcupitt
Copy link
Member

jcupitt commented Apr 19, 2022

8.13 ought to attempt to set a 2mb stack on startup. I'd still set VIPS_MIN_STACK_SIZE though.

@jcupitt
Copy link
Member

jcupitt commented Jun 4, 2022

I'll close. Please open a new issue is this is still a problem.

@jcupitt jcupitt closed this as completed Jun 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jcupitt @kleisauke @kstanikviacbs