sharp: Electron beta appears to use system zlib, can conflict with sharp
https://github.com/lovell/sharp/issues/843#issuecomment-318771819 reported by @Apophenia
ELECTRON_ASAR.js:173 Uncaught Error: /lib/x86_64-linux-gnu/libz.so.1: version `ZLIB_1.2.9' not found (required by /[path]/electron-quick-start/node_modules/sharp/build/Release/../../vendor/lib/libpng16.so.16)
at process.module.(anonymous function) [as dlopen] (ELECTRON_ASAR.js:173:20)
at Object.Module._extensions..node (module.js:598:18)
at Object.module.(anonymous function) [as .node] (ELECTRON_ASAR.js:173:20)
at Module.load (module.js:488:32)
at tryModuleLoad (module.js:447:12)
at Function.Module._load (module.js:439:3)
at Module.require (module.js:498:17)
at require (internal/module.js:20:19)
at Object.<anonymous> ([path]/electron-quick-start/node_modules/sharp/lib/constructor.js:9:15)
at Object.<anonymous> ([path]/electron-quick-start/node_modules/sharp/lib/constructor.js:234:3)
Electron v1.7.5 beta
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 2
- Comments: 37 (16 by maintainers)
Commits related to this issue
- Added workaround for lovell/sharp#892 — committed to vicary/resin-electronjs by vicary 7 years ago
I am running on my local ubuntu 14.04 VM. Setting up the environment variable using the following command did NOT work for me.
LD_PRELOAD="/app/node_modules/sharp/vendor/lib/libz.so"However, copying the libz.so* to /lib/x86_64-linux-gnu/ worked for mecp /app/node_modules/sharp/vendor/lib/libz.so* /lib/x86_64-linux-gnu/Possible workaround for systems that still provide only zlib 1.2.8 would be to use something like:
@jardakotesovec I had the same problem with the Amazon AMI.
From what I remember the CVEs aren’t actually exploits (it’s more obvious if you read the audit that lead to the CVEs). They are “undefined behaviour” which depends on the compiler.
Red Hat, Ubuntu, etc have marked them as “won’t fix” because they’ve confirmed the undefined behaviour doesn’t exist with how they built zlib with gcc. Presumably sharp could also build a safe version of 1.2.8.
@lovell I set up a very basic Electron repo using Sharp (the only Node package used) here: https://github.com/bendrick92/electron-sharp-test
Simply launching the app
npm startproduces the error.sharp v0.19.0 with libvips v8.6.1 compiled using the approach mentioned in https://github.com/lovell/sharp/issues/892#issuecomment-329981594 is now available.