Bug 177457

Summary: digikam crash when tagging files
Product: [Applications] digikam Reporter: Geoff King <gsking1>
Component: Metadata-EngineAssignee: Digikam Developers <digikam-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: ahuggel, caulier.gilles
Priority: NOR    
Version: 0.10.0   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In: 7.3.0
Sentry Crash Report:
Attachments: example of file that crashes exiv2 when modifying

Description Geoff King 2008-12-11 03:30:39 UTC 
Version:           0.10.0 SVN Rev. 875310 (using KDE 4.1.3)
Compiler:          gcc 
OS:                Linux
Installed from:    Ubuntu Packages

I was modifying and adding a Caption to several images in an album.  It crashes repeatedly on this group of pictures, but other albums do not have this problem. 

Application: digiKam (digikam), signal SIGABRT
[Thread debugging using libthread_db enabled]
[New Thread 0xb4b60920 (LWP 4597)]
[New Thread 0xac1d3b90 (LWP 4631)]
[New Thread 0xadffeb90 (LWP 4610)]
[New Thread 0xad341b90 (LWP 4609)]
[New Thread 0xae800b90 (LWP 4606)]
[New Thread 0xaf001b90 (LWP 4604)]
[New Thread 0xb2952b90 (LWP 4602)]
[New Thread 0xb2151b90 (LWP 4601)]
[New Thread 0xb349bb90 (LWP 4598)]
[KCrash handler]
#6  0xb80c8424 in __kernel_vsyscall ()
#7  0xb5255880 in raise () from /lib/tls/i686/cmov/libc.so.6
#8  0xb5257248 in abort () from /lib/tls/i686/cmov/libc.so.6
#9  0xb529310d in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb52993f4 in ?? () from /lib/tls/i686/cmov/libc.so.6
#11 0xb529b456 in free () from /lib/tls/i686/cmov/libc.so.6
#12 0xb5450031 in operator delete () from /usr/lib/libstdc++.so.6
#13 0xb4caf3b4 in Exiv2::DataValue::~DataValue ()
   from /usr/local/lib/libexiv2.so.5
#14 0xb4c96716 in Exiv2::Internal::TiffEntryBase::~TiffEntryBase ()
   from /usr/local/lib/libexiv2.so.5
#15 0xb4c9677c in Exiv2::Internal::TiffMnEntry::~TiffMnEntry ()
   from /usr/local/lib/libexiv2.so.5
#16 0xb4c97386 in Exiv2::Internal::TiffDirectory::~TiffDirectory ()
   from /usr/local/lib/libexiv2.so.5
#17 0xb4c968ae in Exiv2::Internal::TiffSubIfd::~TiffSubIfd ()
   from /usr/local/lib/libexiv2.so.5
#18 0xb4c97386 in Exiv2::Internal::TiffDirectory::~TiffDirectory ()
   from /usr/local/lib/libexiv2.so.5
#19 0xb4c9dd80 in Exiv2::Internal::TiffParserWorker::encode ()
   from /usr/local/lib/libexiv2.so.5
#20 0xb4c9e180 in Exiv2::TiffParser::encode ()
   from /usr/local/lib/libexiv2.so.5
#21 0xb4c3c1f8 in Exiv2::ExifParser::encode ()
   from /usr/local/lib/libexiv2.so.5
#22 0xb4c4ef8c in Exiv2::JpegBase::doWriteMetadata ()
   from /usr/local/lib/libexiv2.so.5
#23 0xb4c5047e in Exiv2::JpegBase::writeMetadata ()
   from /usr/local/lib/libexiv2.so.5
#24 0xb54d4a76 in KExiv2Iface::KExiv2::save (this=0xbfec74b4, 
    filePath=@0xba476b4)
    at /home/gsking/programs/src/svn/digikam4/kdegraphics/libs/libkexiv2/libkexiv2/kexiv2.cpp:420
#25 0xb54d4d57 in KExiv2Iface::KExiv2::applyChanges (this=0xbfec74b4)
    at /home/gsking/programs/src/svn/digikam4/kdegraphics/libs/libkexiv2/libkexiv2/kexiv2.cpp:439
#26 0x082acf84 in Digikam::MetadataHub::write (this=0xc0b3ebc, 
    filePath=@0xbfec7568, writeMode=Digikam::MetadataHub::FullWrite, 
    settings=@0xbfec7514)
    at /home/gsking/programs/src/svn/digikam4/graphics/digikam/digikam/metadatahub.cpp:596
#27 0x080bd3df in Digikam::ImageDescEditTab::slotApplyAllChanges (
    this=0xc0abbd0)
    at /home/gsking/programs/src/svn/digikam4/graphics/digikam/libs/imageproperties/imagedescedittab.cpp:522
#28 0x080be8b9 in Digikam::ImageDescEditTab::qt_metacall (this=0xc0abbd0, 
    _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0xbfec76ac)
    at /home/gsking/programs/src/svn/digikam4/graphics/build/digikam/digikam/imagedescedittab.moc:136
#29 0xb7fbaa60 in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#30 0xb7fbae60 in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#31 0xb667be61 in QAbstractButton::clicked () from /usr/lib/libQtGui.so.4
#32 0xb63cf199 in ?? () from /usr/lib/libQtGui.so.4
#33 0xb63d0d94 in ?? () from /usr/lib/libQtGui.so.4
#34 0xb63d1026 in QAbstractButton::mouseReleaseEvent ()
   from /usr/lib/libQtGui.so.4
#35 0xb60e5962 in QWidget::event () from /usr/lib/libQtGui.so.4
#36 0xb63cf03e in QAbstractButton::event () from /usr/lib/libQtGui.so.4
#37 0xb6475910 in QPushButton::event () from /usr/lib/libQtGui.so.4
#38 0xb608d8ec in QApplicationPrivate::notify_helper ()
   from /usr/lib/libQtGui.so.4
#39 0xb60960e1 in QApplication::notify () from /usr/lib/libQtGui.so.4
#40 0xb7aa7b2d in KApplication::notify () from /usr/lib/libkdeui.so.5
#41 0xb7fa5e61 in QCoreApplication::notifyInternal ()
   from /usr/lib/libQtCore.so.4
#42 0xb609536e in QApplicationPrivate::sendMouseEvent ()
   from /usr/lib/libQtGui.so.4
#43 0xb60ff656 in ?? () from /usr/lib/libQtGui.so.4
#44 0xb60fe9e5 in QApplication::x11ProcessEvent () from /usr/lib/libQtGui.so.4
#45 0xb61287aa in ?? () from /usr/lib/libQtGui.so.4
#46 0xb519c6f8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#47 0xb519fda3 in ?? () from /usr/lib/libglib-2.0.so.0
#48 0xb519ff61 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#49 0xb7fd0478 in QEventDispatcherGlib::processEvents ()
   from /usr/lib/libQtCore.so.4
#50 0xb6127ea5 in ?? () from /usr/lib/libQtGui.so.4
#51 0xb7fa452a in QEventLoop::processEvents () from /usr/lib/libQtCore.so.4
#52 0xb7fa46ea in QEventLoop::exec () from /usr/lib/libQtCore.so.4
#53 0xb7fa6da5 in QCoreApplication::exec () from /usr/lib/libQtCore.so.4
#54 0xb608d767 in QApplication::exec () from /usr/lib/libQtGui.so.4
#55 0x082a9cc5 in main (argc=1, argv=0xbfec8824)
    at /home/gsking/programs/src/svn/digikam4/graphics/digikam/digikam/main.cpp:180
#0  0xb80c8424 in __kernel_vsyscall ()
Comment 1 Geoff King 2008-12-11 03:32:28 UTC 
I should  note that this is with latest svn for exiv2 (Rev: 1693), and libs and digikam 0.10.0
Comment 2 caulier.gilles 2008-12-11 05:51:34 UTC 
Andreas,

Look like the crash appears in EXIV2 library from trunk ...

Gilles
Comment 3 caulier.gilles 2008-12-11 05:55:08 UTC 
Geoff,

We need an image sample to test (it's a JPEG  file). Can you attach file here ?

Is this problem is reproducible to write something in image with Exiv2 command line tool ?

Gilles Caulier
Comment 4 caulier.gilles 2008-12-11 05:57:06 UTC 
Andreas,

Look like the crash appears when libkexiv2 call this method from Exiv2 :

http://lxr.kde.org/source/KDE/kdegraphics/libs/libkexiv2/libkexiv2/kexiv2.cpp#420

Gilles
Comment 5 Andreas Huggel 2008-12-11 06:30:08 UTC 
Yes, this looks like an Exiv2 issue. Geoff, can you send me one of the pictures that has this problem and describe exactly what tags you're adding/changing? Ideally, you provide a modify command for the exiv2 command line tool to reproduce the problem.

Andreas
Comment 6 Geoff King 2008-12-11 13:21:37 UTC 
I'll get you a few samples tomorrow evening.
Comment 7 Geoff King 2008-12-12 15:12:40 UTC 
Created attachment 29269 [details]
example of file that crashes exiv2 when modifying
Comment 8 Geoff King 2008-12-12 15:14:58 UTC 
One of the images that has this problem was just uploaded.  See below for an example error from command line exiv2. 

exiv2 -M"add Iptc.Application2.Caption String Demo" test.jpg

Error: Upper boundary of data for directory Sony, entry 0x9008 is out of bounds: Offset = 0x00000820, size = 200, exceeds buffer size by 76 Bytes; adjusting the size                                                         
Error: Upper boundary of data for directory Sony, entry 0x9008 is out of bounds: Offset = 0x00000820, size = 200, exceeds buffer size by 76 Bytes; adjusting the size                                                         
*** glibc detected *** exiv2: free(): invalid next size (fast): 0x08a261f8 ***                                 
======= Backtrace: =========                                                                                   
/lib/tls/i686/cmov/libc.so.6[0xb7b743f4]                                                                       
/lib/tls/i686/cmov/libc.so.6(cfree+0x96)[0xb7b76456]                                                           
/usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0xb7d52031]                                                               
/usr/local/lib/libexiv2.so.5(_ZN5Exiv27ExifKeyD0Ev+0x52)[0xb7e4f762]                                           
/usr/local/lib/libexiv2.so.5(_ZN5Exiv29ExifdatumD1Ev+0x46)[0xb7dfc196]                                         
/usr/local/lib/libexiv2.so.5(_ZN5Exiv210ExifParser6encodeERSt6vectorIhSaIhEEPKhjNS_9ByteOrderERKNS_8ExifDataE+0x56f)[0xb7dfe4df]                                                                                              
/usr/local/lib/libexiv2.so.5[0xb7e10f8c]                                                                       
/usr/local/lib/libexiv2.so.5(_ZN5Exiv28JpegBase13writeMetadataEv+0x12e)[0xb7e1247e]                            
exiv2[0x8057365]                                                                                               
exiv2[0x8050f62]                                                                                               
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7b1b685]                                               
exiv2[0x804c581]                                                                                               
======= Memory map: ========                                                                                   
08048000-08070000 r-xp 00000000 08:01 7602353    /usr/local/bin/exiv2                                          
08070000-08071000 r--p 00027000 08:01 7602353    /usr/local/bin/exiv2                                          
08071000-08072000 rw-p 00028000 08:01 7602353    /usr/local/bin/exiv2                                          
08a1f000-08a40000 rw-p 08a1f000 00:00 0          [heap]                                                        
b7700000-b7721000 rw-p b7700000 00:00 0                                                                        
b7721000-b7800000 ---p b7721000 00:00 0                                                                        
b7881000-b7882000 rw-p b7881000 00:00 0                                                                        
b7882000-b78c1000 r--p 00000000 08:01 7553614    /usr/lib/locale/en_US.utf8/LC_CTYPE                           
b78c1000-b78c2000 r--p 00000000 08:01 7553619    /usr/lib/locale/en_US.utf8/LC_NUMERIC                         
b78c2000-b78c3000 r--p 00000000 08:01 7553622    /usr/lib/locale/en_US.utf8/LC_TIME                            
b78c3000-b79a4000 r--p 00000000 08:01 7553613    /usr/lib/locale/en_US.utf8/LC_COLLATE                         
b79a4000-b7aad000 r--p 00000000 08:01 3932185    /usr/lib/locale/locale-archive                                
b7aad000-b7aaf000 rw-p b7aad000 00:00 0                                                                        
b7aaf000-b7ad3000 r-xp 00000000 08:01 7522086    /usr/lib/libexpat.so.1.5.2                                    
b7ad3000-b7ad5000 r--p 00023000 08:01 7522086    /usr/lib/libexpat.so.1.5.2                                    
b7ad5000-b7ad6000 rw-p 00025000 08:01 7522086    /usr/lib/libexpat.so.1.5.2                                    
b7ad6000-b7aea000 r-xp 00000000 08:01 7522789    /usr/lib/libz.so.1.2.3.3                                      
b7aea000-b7aec000 rw-p 00013000 08:01 7522789    /usr/lib/libz.so.1.2.3.3                                      
b7aec000-b7b01000 r-xp 00000000 08:01 3687599    /lib/tls/i686/cmov/libpthread-2.8.90.so                       
b7b01000-b7b02000 r--p 00014000 08:01 3687599    /lib/tls/i686/cmov/libpthread-2.8.90.so                       
b7b02000-b7b03000 rw-p 00015000 08:01 3687599    /lib/tls/i686/cmov/libpthread-2.8.90.so                       
b7b03000-b7b05000 rw-p b7b03000 00:00 0                                                                        
b7b05000-b7c5d000 r-xp 00000000 08:01 3687573    /lib/tls/i686/cmov/libc-2.8.90.so                             
b7c5d000-b7c5f000 r--p 00158000 08:01 3687573    /lib/tls/i686/cmov/libc-2.8.90.so                             
b7c5f000-b7c60000 rw-p 0015a000 08:01 3687573    /lib/tls/i686/cmov/libc-2.8.90.so                             
b7c60000-b7c63000 rw-p b7c60000 00:00 0                                                                        
b7c63000-b7c70000 r-xp 00000000 08:01 3670557    /lib/libgcc_s.so.1
b7c70000-b7c71000 r--p 0000c000 08:01 3670557    /lib/libgcc_s.so.1
b7c71000-b7c72000 rw-p 0000d000 08:01 3670557    /lib/libgcc_s.so.1
b7c72000-b7c96000 r-xp 00000000 08:01 3687581    /lib/tls/i686/cmov/libm-2.8.90.so
b7c96000-b7c97000 r--p 00023000 08:01 3687581    /lib/tls/i686/cmov/libm-2.8.90.so
b7c97000-b7c98000 rw-p 00024000 08:01 3687581    /lib/tls/i686/cmov/libm-2.8.90.so
b7c98000-b7c99000 rw-p b7c98000 00:00 0
b7c99000-b7d7c000 r-xp 00000000 08:01 7520598    /usr/lib/libstdc++.so.6.0.10
b7d7c000-b7d7d000 ---p 000e3000 08:01 7520598    /usr/lib/libstdc++.so.6.0.10
b7d7d000-b7d81000 r--p 000e3000 08:01 7520598    /usr/lib/libstdc++.so.6.0.10
b7d81000-b7d82000 rw-p 000e7000 08:01 7520598    /usr/lib/libstdc++.so.6.0.10
b7d82000-b7d88000 rw-p b7d82000 00:00 0
b7d98000-b7d99000 r--p 00000000 08:01 7553617    /usr/lib/locale/en_US.utf8/LC_MONETARY
b7d99000-b7d9a000 r--p 00000000 08:01 7553623    /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
b7d9a000-b7d9b000 r--p 00000000 08:01 7553620    /usr/lib/locale/en_US.utf8/LC_PAPER
b7d9b000-b7d9c000 r--p 00000000 08:01 7553618    /usr/lib/locale/en_US.utf8/LC_NAME
b7d9c000-b7d9d000 r--p 00000000 08:01 7553612    /usr/lib/locale/en_US.utf8/LC_ADDRESS
b7d9d000-b7d9e000 r--p 00000000 08:01 7553621    /usr/lib/locale/en_US.utf8/LC_TELEPHONE
b7d9e000-b7d9f000 r--p 00000000 08:01 7553616    /usr/lib/locale/en_US.utf8/LC_MEASUREMENT
b7d9f000-b7da6000 r--s 00000000 08:01 3473651    /usr/lib/gconv/gconv-modules.cache
b7da6000-b7da7000 r--p 00000000 08:01 7553615    /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
b7da7000-b7f12000 r-xp 00000000 08:01 7602351    /usr/local/lib/libexiv2.so.5.1.0
b7f12000-b7f20000 r--p 0016a000 08:01 7602351    /usr/local/lib/libexiv2.so.5.1.0
b7f20000-b7f21000 rw-p 00178000 08:01 7602351    /usr/local/lib/libexiv2.so.5.1.0
b7f21000-b7f2c000 rw-p b7f21000 00:00 0
b7f2c000-b7f46000 r-xp 00000000 08:01 3670035    /lib/ld-2.8.90.so
b7f46000-b7f47000 r-xp b7f46000 00:00 0          [vdso]
b7f47000-b7f48000 r--p 0001a000 08:01 3670035    /lib/ld-2.8.90.so
b7f48000-b7f49000 rw-p 0001b000 08:01 3670035    /lib/ld-2.8.90.so
bf934000-bf949000 rw-p bffeb000 00:00 0          [stack]
Aborted
Comment 9 caulier.gilles 2008-12-15 08:05:07 UTC 
Andreas,

What's news about this file ? Are you find the problem in Exiv2 ?

Gilles
Comment 10 Andreas Huggel 2008-12-15 08:57:59 UTC 
I didn't have time to look into this on the weekend. So far I've only run the test file on a Windows (MinGW) box and everything looks fine, it does not crash. Will have to try on Linux and check with Valgrind at home tonight.

Andreas
Comment 11 caulier.gilles 2008-12-15 09:41:14 UTC 
Ok, thanks 

Gilles
Comment 12 Andreas Huggel 2008-12-15 16:21:40 UTC 
Fixed. Thanks for the test image.

http://dev.robotbattle.com/cmtinfo_svn.php?r=10&v=1702

Andreas
Comment 13 caulier.gilles 2008-12-15 17:49:03 UTC 
Great. Another one closed...

Gilles
Comment 14 Geoff King 2008-12-16 01:37:26 UTC 
Works Here. Thanks, Geoff
Comment 15 caulier.gilles 2021-05-04 10:16:45 UTC 
Not reproducible with digiKam 7.3.0 and Exiv2 0.27.4