Summary: | crash when opening a particular jpg file | ||
---|---|---|---|
Product: | [Applications] kuickshow | Reporter: | Simon Morlat <simon.morlat> |
Component: | general | Assignee: | Carsten Pfeiffer <pfeiffer> |
Status: | RESOLVED FIXED | ||
Severity: | crash | ||
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Debian testing | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Simon Morlat
2003-02-12 16:26:26 UTC
Subject: Re: New: crash when opening a particular jpg file
On Wednesday 12 February 2003 16:26, you wrote:
> One of my personal jpg photos makes kuickshow crash when opening it. It
> also makes konqueror crash when browsing the directory where the photos
> are. It seems to be a bug in the low level library (kfile_jpeg.so).
> However I think my jpg file is not corrupted because gimp opens it
> correctly. Here is the gdb trace:
Thank for for the report, I'm investigating...
Best wishes
Carsten Pfeiffer
-----BEGIN PGP SIGNATURE-----
iQEVAwUBPkqtu6WgYMJuwmZtAQEdtAf+Nf1Cym2lkT+ScJ/xKHCZ9fK5Nak5LMKe
1Xd46BPJssLoVprzGUfaSN2yp8jbuUm/MgIJ7fn6aqHWGHhqBnzeaA9VZATQ5ElF
HXmk2btV3R/fB6ik/OBg5w0g7DCOiUUqR4LMoo5++Q2tojEcFDJaJAyue34behZe
LpQ4fQmHCd3O6g8E1QGT1vQg76XpRkOmmwdjsc73nSdLB6T767LrR5js1rEpLT6+
bCGOozyUpvc5e8PwvTLs1PD//qfdPZh13Ddsp9A59Qa9lfTNVwsbM55LsIIXbpi4
+13nEHX7DK0s6bx2czKpsEgScqpiQY+i0nTyo6xmQIRS05C5x7pQbg==
=wyBw
-----END PGP SIGNATURE-----
Subject: kdegraphics/kfile-plugins/jpeg CVS commit by pfeiffer: Don't crash on some (well, one at least) weird jpegs, that has an unexpected value on a certain place (causing a uint overflow) CCMAIL: 54542-close@bugs.kde.org My first commit with Gideon -- it looks like this qeditor thing has a sane auto-indenting mode! M +4 -1 exif.cpp 1.4 --- kdegraphics/kfile-plugins/jpeg/exif.cpp #1.3:1.4 @@ -690,5 +690,8 @@ void ExifData::ProcessExifDir(unsigned c if (DIR_ENTRY_ADDR(DirStart, NumDirEntries) + 4 <= OffsetBase+ExifLength){ Offset = Get32u(DIR_ENTRY_ADDR(DirStart, NumDirEntries)); - if (Offset){ + // There is at least one jpeg from an HP camera having an Offset of almost MAXUINT. + // Adding OffsetBase to it produces an overflow, so compare with ExifLength here. + // See http://bugs.kde.org/show_bug.cgi?id=54542 + if (Offset && Offset < ExifLength){ SubdirStart = OffsetBase + Offset; if (SubdirStart > OffsetBase+ExifLength){ |