Bug 141980

An example file causing the crashes is here:
http://bacon.no-ip.info/digikam/

Geoff,

Thanks for this report.

Can you test if you use current Exiv2 implementation from svn (next 0.13 release) instead current stable 0.12, the problem still exist. i'm not sure, but there is a chance to have this problem already fixed.

Andreas, i CC you to this bug for info...

Gilles

The exiv2 SVN did help (original example file now scans), but I am still getting the error on other files. 

See example file: IMG_9915-error.jpg

Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1246402896 (LWP 23959)]
[New Thread -1256346720 (LWP 23973)]
[KCrash handler]
#6  0xffffe410 in __kernel_vsyscall ()
#7  0xb5bba770 in raise () from /lib/tls/i686/cmov/libc.so.6
#8  0xb5bbbef3 in abort () from /lib/tls/i686/cmov/libc.so.6
#9  0xb5bb3dbb in __assert_fail () from /lib/tls/i686/cmov/libc.so.6
#10 0xb73fb97d in Exiv2::StringValueBase::copy (this=0x883a0b0, 
    buf=0x5d97 <Address 0x5d97 out of bounds>) at value.cpp:203
#11 0xb73bebc8 in Exiv2::Iptcdatum::copy (this=0x8849124, buf=0x0, 
    byteOrder=Exiv2::bigEndian) at iptc.hpp:128
#12 0xb744f661 in KExiv2Iface::KExiv2::getIptcTagData ()
   from /usr/lib/libkexiv2.so.0
#13 0xb7ee725e in Digikam::DMetadata::getImageRating (this=0xbfd2d9ec)
    at dmetadata.cpp:198
#14 0xb7d2fdfc in Digikam::ScanLib::storeItemInDatabase (this=0xbfd2dd6c, 
    albumURL=@0xbfd2dad0, filename=@0xbfd2daf0, albumID=3) at scanlib.cpp:425
#15 0xb7d30308 in Digikam::ScanLib::allFiles (this=0xbfd2dd6c, 
    directory=@0xbfd2dbfc) at scanlib.cpp:367
#16 0xb7d3041d in Digikam::ScanLib::allFiles (this=0xbfd2dd6c, 
    directory=@0xbfd2dc94) at scanlib.cpp:372
#17 0xb7d3103b in Digikam::ScanLib::findMissingItems (this=0xbfd2dd6c)
    at scanlib.cpp:207
#18 0xb7d316a0 in Digikam::ScanLib::startScan (this=0xbfd2dd6c)
    at scanlib.cpp:100
#19 0xb7cf7c1e in Digikam::DigikamApp::slotDatabaseRescan (this=0x8157270)
    at digikamapp.cpp:1738
#20 0xb7d03b7c in Digikam::DigikamApp::qt_invoke (this=0x8157270, _id=101, 
    _o=0xbfd2de4c) at digikamapp.moc:290
#21 0xb641b957 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#22 0xb641c3fc in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#23 0xb6d60069 in KAction::activated () from /usr/lib/libkdeui.so.4
#24 0xb6d98842 in KAction::slotActivated () from /usr/lib/libkdeui.so.4
#25 0xb6e65b9d in KAction::slotPopupActivated () from /usr/lib/libkdeui.so.4
#26 0xb6e65e61 in KAction::qt_invoke () from /usr/lib/libkdeui.so.4
#27 0xb641b957 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#28 0xb67a7f44 in QSignal::signal () from /usr/lib/libqt-mt.so.3
#29 0xb643b8ea in QSignal::activate () from /usr/lib/libqt-mt.so.3
#30 0xb6541fd3 in QPopupMenu::mouseReleaseEvent () from /usr/lib/libqt-mt.so.3
#31 0xb6d66efe in KPopupMenu::mouseReleaseEvent () from /usr/lib/libkdeui.so.4
#32 0xb6452729 in QWidget::event () from /usr/lib/libqt-mt.so.3
#33 0xb63b2b88 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3
#34 0xb63b4d46 in QApplication::notify () from /usr/lib/libqt-mt.so.3
#35 0xb6b5dc82 in KApplication::notify () from /usr/lib/libkdecore.so.4
#36 0xb63453fd in QApplication::sendSpontaneousEvent ()
   from /usr/lib/libqt-mt.so.3
#37 0xb6343d3f in QETWidget::translateMouseEvent ()
   from /usr/lib/libqt-mt.so.3
#38 0xb634214c in QApplication::x11ProcessEvent () from /usr/lib/libqt-mt.so.3
#39 0xb6359320 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3
#40 0xb63cd25e in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3
#41 0xb63cd06e in QEventLoop::exec () from /usr/lib/libqt-mt.so.3
#42 0xb63b4731 in QApplication::exec () from /usr/lib/libqt-mt.so.3
#43 0x0804b0ad in main (argc=-1208529908, argv=0xbfd2eca4) at main.cpp:306

Created attachment 19760 [details]
example image that causes crash

Gilles,

It appears that
    KExiv2Iface::KExiv2::getIptcTagData 
calls 
    Exiv2::Iptcdatum::copy 
with buf = 0x0. That is not expected and will cause the assertion to fail.
I don't understand why it's not 0x0 in #10 of the backtrace though.

-ahu.

Andreas, 

sound like a problem at kexiv2.cpp line 1248 :

QByteArray KExiv2::getIptcTagData(const char *iptcTagName) const
{
    try
    {
        Exiv2::IptcKey iptcKey(iptcTagName);
        Exiv2::IptcData iptcData(d->iptcMetadata);
        Exiv2::IptcData::iterator it = iptcData.findKey(iptcKey);
        if (it != iptcData.end())
        {
            QByteArray data((*it).size());
            (*it).copy((Exiv2::byte*)data.data(), Exiv2::bigEndian); // HERE
            return data;
        }
    }
    catch( Exiv2::Error &e )
    {
        qDebug("Cannot find Iptc key '%s' into image using Exiv2 (%s)", 
                iptcTagName, e.what().c_str());
    }

    return QByteArray();
}

... but why ?

Gilles

Geoff,

In backtrace #3, libkexiv2 is not compiled using full debug options. I would to see witch values are passed to methods. Can you recompile it and try again ?

Gilles

Geof,

No need to recompile. I can reproduce it :

#6  0xbfffe410 in __kernel_vsyscall ()
#7  0xb59e2fc0 in raise () from /lib/i686/libc.so.6
#8  0xb59e4851 in abort () from /lib/i686/libc.so.6
#9  0xb59dc53b in __assert_fail () from /lib/i686/libc.so.6
#10 0xb73a041d in Exiv2::StringValueBase::copy (this=) at value.cpp:203
#11 0xb73638e8 in Exiv2::Iptcdatum::copy (this=0x87fd22c, buf=0x0, 
    byteOrder=Exiv2::bigEndian) at iptc.hpp:128
#12 0xb73f054a in KExiv2Iface::KExiv2::getIptcTagData (this=0xbfa74eac, 
    iptcTagName=0xb7ee480e "Iptc.Application2.Urgency") at kexiv2.cpp:1248
#13 0xb7e40562 in Digikam::DMetadata::getImageRating (this=0xbfa74eac)
    at dmetadata.cpp:202
#14 0xb7cc6c8c in Digikam::ScanLib::storeItemInDatabase (this=0xbfa7522c, 
    albumURL=@0xbfa74f58, filename=@0xbfa74fa4, albumID=5) at scanlib.cpp:425
#15 0xb7cc71dd in Digikam::ScanLib::allFiles (this=0xbfa7522c, 
    directory=@0xbfa750b0) at scanlib.cpp:367
#16 0xb7cc72f2 in Digikam::ScanLib::allFiles (this=0xbfa7522c, 
    directory=@0xbfa7513c) at scanlib.cpp:372
#17 0xb7cc7f47 in Digikam::ScanLib::findMissingItems (this=0xbfa7522c)
    at scanlib.cpp:207
#18 0xb7cc85b5 in Digikam::ScanLib::startScan (this=0xbfa7522c)
    at scanlib.cpp:100
#19 0xb7c8e662 in Digikam::DigikamApp::slotDatabaseRescan (this=0x80f8478)
    at digikamapp.cpp:1741

Gilles

SVN commit 635684 by cgilles:

libkexiv2 from trunk : sanity check if QByteArray are null size everywhere
Feedback welcome...

CCBUGS:141980



 M  +8 -4      kexiv2.cpp  


--- trunk/extragear/libs/libkexiv2/kexiv2.cpp #635683:635684
@@ -186,7 +186,8 @@
             Exiv2::ExifData& exif = d->exifMetadata;
             Exiv2::DataBuf c2 = exif.copy();
             QByteArray data(c2.size_);
-            memcpy(data.data(), c2.pData_, c2.size_);
+            if (data.size())
+                memcpy(data.data(), c2.pData_, c2.size_);
             return data;
         }
     }
@@ -226,7 +227,8 @@
                 c2 = iptc.copy();
 
             QByteArray data(c2.size_);
-            memcpy(data.data(), c2.pData_, c2.size_);
+            if (data.size())
+                memcpy(data.data(), c2.pData_, c2.size_);
             return data;
         }
     }
@@ -1222,7 +1224,8 @@
         if (it != exifData.end())
         {
             QByteArray data((*it).size());
-            (*it).copy((Exiv2::byte*)data.data(), exifData.byteOrder());
+            if (data.size())
+                (*it).copy((Exiv2::byte*)data.data(), exifData.byteOrder());
             return data;
         }
     }
@@ -1245,7 +1248,8 @@
         if (it != iptcData.end())
         {
             QByteArray data((*it).size());
-            (*it).copy((Exiv2::byte*)data.data(), Exiv2::bigEndian);
+            if (data.size())
+                (*it).copy((Exiv2::byte*)data.data(), Exiv2::bigEndian);
             return data;
         }
     }

It's fixed! Thanks.

Not reproducible with digiKam 7.3.0 and Exiv2 0.27.4