Version: 0.8.5 (using KDE KDE 3.1) Installed from: Debian testing/unstable Packages OS: Linux One of my personal jpg photos makes kuickshow crash when opening it. It also makes konqueror crash when browsing the directory where the photos are. It seems to be a bug in the low level library (kfile_jpeg.so). However I think my jpg file is not corrupted because gimp opens it correctly. Here is the gdb trace: 0x40efba39 in wait4 () from /lib/libc.so.6 #0 0x40efba39 in wait4 () from /lib/libc.so.6 #1 0x40f6ebc0 in sys_sigabbrev () from /lib/libc.so.6 #2 0x40d2e061 in waitpid () from /lib/libpthread.so.0 #3 0x405bbd6b in KCrash::defaultCrashHandler(int) () from /usr/lib/libkdecore.so.4 #4 0x40e88898 in sigaction () from /lib/libc.so.6 #5 0x41795492 in ExifData::ProcessExifDir(unsigned char*, unsigned char*, unsigned) () from /usr/lib/kde3/kfile_jpeg.so #6 0x4179559a in ExifData::ProcessExifDir(unsigned char*, unsigned char*, unsigned) () from /usr/lib/kde3/kfile_jpeg.so #7 0x417956dd in ExifData::ProcessExifDir(unsigned char*, unsigned char*, unsigned) () from /usr/lib/kde3/kfile_jpeg.so #8 0x417956dd in ExifData::ProcessExifDir(unsigned char*, unsigned char*, unsigned) () from /usr/lib/kde3/kfile_jpeg.so #9 0x4179601d in ExifData::process_EXIF(unsigned char*, unsigned) () from /usr/lib/kde3/kfile_jpeg.so #10 0x41795216 in ExifData::ReadJpegSections(QFile&, ReadMode_t) () from /usr/lib/kde3/kfile_jpeg.so #11 0x4179666a in ExifData::scan(QString const&) () from /usr/lib/kde3/kfile_jpeg.so #12 0x41792638 in KJpegPlugin::readInfo(KFileMetaInfo&, unsigned) () from /usr/lib/kde3/kfile_jpeg.so #13 0x401f796e in KFileMetaInfo::KFileMetaInfo(QString const&, QString const&, unsigned) () from /usr/lib/libkio.so.4 #14 0x401d7ee7 in KFileItem::metaInfo(bool, int) const () from /usr/lib/libkio.so.4 #15 0x411fdd84 in KuickShow::slotHighlighted(KFileItem const*) () from /usr/lib/kuickshow.so #16 0x41200fc2 in KuickShow::qt_invoke(int, QUObject*) () from /usr/lib/kuickshow.so #17 0x40901a26 in QObject::activate_signal(QConnectionList*, QUObject*) () from /usr/lib/libqt-mt.so.3 #18 0x40236fe2 in KDirOperator::fileHighlighted(KFileItem const*) () from /usr/lib/libkio.so.4 #19 0x402372e1 in KDirOperator::qt_invoke(int, QUObject*) () from /usr/lib/libkio.so.4 #20 0x4120e547 in FileWidget::qt_invoke(int, QUObject*) () from /usr/lib/kuickshow.so #21 0x40901aaa in QObject::activate_signal(QConnectionList*, QUObject*) () from /usr/lib/libqt-mt.so.3 #22 0x40221fa6 in KFileViewSignaler::fileHighlighted(KFileItem const*) () from /usr/lib/libkio.so.4 #23 0x40224171 in KFileIconView::highlighted(QIconViewItem*) () from /usr/lib/libkio.so.4 #24 0x402254ff in KFileIconView::qt_invoke(int, QUObject*) () from /usr/lib/libkio.so.4 #25 0x40901a26 in QObject::activate_signal(QConnectionList*, QUObject*) () from /usr/lib/libqt-mt.so.3 #26 0x40b81720 in QIconView::selectionChanged(QIconViewItem*) () from /usr/lib/libqt-mt.so.3 #27 0x40a69865 in QIconViewItem::setSelected(bool, bool) () from /usr/lib/libqt-mt.so.3 #28 0x40a7150a in QIconView::contentsMousePressEventEx(QMouseEvent*) () from /usr/lib/libqt-mt.so.3 #29 0x40a70b06 in QIconView::contentsMousePressEvent(QMouseEvent*) () from /usr/lib/libqt-mt.so.3 #30 0x40433fdb in KIconView::contentsMousePressEvent(QMouseEvent*) () from /usr/lib/libkdeui.so.4 #31 0x409e2399 in QScrollView::viewportMousePressEvent(QMouseEvent*) () from /usr/lib/libqt-mt.so.3 #32 0x409e1df7 in QScrollView::eventFilter(QObject*, QEvent*) () from /usr/lib/libqt-mt.so.3 #33 0x40a75afb in QIconView::eventFilter(QObject*, QEvent*) () from /usr/lib/libqt-mt.so.3 #34 0x40225033 in KFileIconView::eventFilter(QObject*, QEvent*) () from /usr/lib/libkio.so.4 #35 0x408ffce4 in QObject::activate_filters(QEvent*) () from /usr/lib/libqt-mt.so.3 #36 0x408ffc32 in QObject::event(QEvent*) () from /usr/lib/libqt-mt.so.3 #37 0x4092ed62 in QWidget::event(QEvent*) () from /usr/lib/libqt-mt.so.3 #38 0x408adc36 in QApplication::internalNotify(QObject*, QEvent*) () from /usr/lib/libqt-mt.so.3 #39 0x408ad4ee in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libqt-mt.so.3 #40 0x4055bba8 in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdecore.so.4 #41 0x4085c58e in QETWidget::translateMouseEvent(_XEvent const*) () from /usr/lib/libqt-mt.so.3 #42 0x4085a3cf in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/libqt-mt.so.3 #43 0x4086d12d in QEventLoop::processEvents(unsigned) () from /usr/lib/libqt-mt.so.3 #44 0x408bf1d7 in QEventLoop::enterLoop() () from /usr/lib/libqt-mt.so.3 #45 0x408bf094 in QEventLoop::exec() () from /usr/lib/libqt-mt.so.3 #46 0x408ade30 in QApplication::exec() () from /usr/lib/libqt-mt.so.3 #47 0x41204482 in main () from /usr/lib/kuickshow.so #48 0x0804c8f0 in strcpy () #49 0x0804d42f in strcpy () #50 0x0804d8a6 in strcpy () #51 0x0804e469 in strcpy () #52 0x40e779f1 in __libc_start_main () from /lib/libc.so.6 The crashing photo is here: http://simon.morlat.free.fr/photos/hpim0045.jpg This is the only one I've found to crash. Thank you.
Subject: Re: New: crash when opening a particular jpg file On Wednesday 12 February 2003 16:26, you wrote: > One of my personal jpg photos makes kuickshow crash when opening it. It > also makes konqueror crash when browsing the directory where the photos > are. It seems to be a bug in the low level library (kfile_jpeg.so). > However I think my jpg file is not corrupted because gimp opens it > correctly. Here is the gdb trace: Thank for for the report, I'm investigating... Best wishes Carsten Pfeiffer -----BEGIN PGP SIGNATURE----- iQEVAwUBPkqtu6WgYMJuwmZtAQEdtAf+Nf1Cym2lkT+ScJ/xKHCZ9fK5Nak5LMKe 1Xd46BPJssLoVprzGUfaSN2yp8jbuUm/MgIJ7fn6aqHWGHhqBnzeaA9VZATQ5ElF HXmk2btV3R/fB6ik/OBg5w0g7DCOiUUqR4LMoo5++Q2tojEcFDJaJAyue34behZe LpQ4fQmHCd3O6g8E1QGT1vQg76XpRkOmmwdjsc73nSdLB6T767LrR5js1rEpLT6+ bCGOozyUpvc5e8PwvTLs1PD//qfdPZh13Ddsp9A59Qa9lfTNVwsbM55LsIIXbpi4 +13nEHX7DK0s6bx2czKpsEgScqpiQY+i0nTyo6xmQIRS05C5x7pQbg== =wyBw -----END PGP SIGNATURE-----
Subject: kdegraphics/kfile-plugins/jpeg CVS commit by pfeiffer: Don't crash on some (well, one at least) weird jpegs, that has an unexpected value on a certain place (causing a uint overflow) CCMAIL: 54542-close@bugs.kde.org My first commit with Gideon -- it looks like this qeditor thing has a sane auto-indenting mode! M +4 -1 exif.cpp 1.4 --- kdegraphics/kfile-plugins/jpeg/exif.cpp #1.3:1.4 @@ -690,5 +690,8 @@ void ExifData::ProcessExifDir(unsigned c if (DIR_ENTRY_ADDR(DirStart, NumDirEntries) + 4 <= OffsetBase+ExifLength){ Offset = Get32u(DIR_ENTRY_ADDR(DirStart, NumDirEntries)); - if (Offset){ + // There is at least one jpeg from an HP camera having an Offset of almost MAXUINT. + // Adding OffsetBase to it produces an overflow, so compare with ExifLength here. + // See http://bugs.kde.org/show_bug.cgi?id=54542 + if (Offset && Offset < ExifLength){ SubdirStart = OffsetBase + Offset; if (SubdirStart > OffsetBase+ExifLength){