Bug 253911

Summary: RawEngine access beyond array bounds (cameraXYZMatrix)
Product: [Applications] digikam Reporter: Mike Frysinger <vapier>
Component: Plugin-DImg-RAWAssignee: Digikam Developers <digikam-bugs-null>
Status: RESOLVED FIXED    
Severity: minor CC: caulier.gilles, tschenser
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In: 1.6.0
Sentry Crash Report:

Description Mike Frysinger 2010-10-12 01:58:40 UTC 
Version:           unspecified (using KDE 4.5.2) 
OS:                Linux

building libkdcraw results in:

libs/libkdcraw/libkdcraw/dcrawinfocontainer.cpp: In member function ‘bool KDcrawIface::DcrawInfoContainer::is
Empty()’:
libs/libkdcraw/libkdcraw/dcrawinfocontainer.cpp:123:29: warning: array subscript is above array bounds
libs/libkdcraw/libkdcraw/dcrawinfocontainer.cpp:127:29: warning: array subscript is above array bounds
libs/libkdcraw/libkdcraw/dcrawinfocontainer.cpp:131:29: warning: array subscript is above array bounds

looking at the source code, seems to be a mismatch of x and y coordinates:

dcrawinfocontainer.h:    float            cameraXYZMatrix[4][3];

dcrawinfocontainer.cpp:        cameraXYZMatrix[0][0]    == 0.0 &&
dcrawinfocontainer.cpp:        cameraXYZMatrix[0][1]    == 0.0 &&
dcrawinfocontainer.cpp:        cameraXYZMatrix[0][2]    == 0.0 &&
dcrawinfocontainer.cpp:        cameraXYZMatrix[0][3]    == 0.0 &&
dcrawinfocontainer.cpp:        cameraXYZMatrix[1][0]    == 0.0 &&
dcrawinfocontainer.cpp:        cameraXYZMatrix[1][1]    == 0.0 &&
dcrawinfocontainer.cpp:        cameraXYZMatrix[1][2]    == 0.0 &&
dcrawinfocontainer.cpp:        cameraXYZMatrix[1][3]    == 0.0 &&
dcrawinfocontainer.cpp:        cameraXYZMatrix[2][0]    == 0.0 &&
dcrawinfocontainer.cpp:        cameraXYZMatrix[2][1]    == 0.0 &&
dcrawinfocontainer.cpp:        cameraXYZMatrix[2][2]    == 0.0 &&
dcrawinfocontainer.cpp:        cameraXYZMatrix[2][3]    == 0.0 &&

looks like the indices are switched and should be [0..3][0..2] instead of [0..2][0..3]

Reproducible: Didn't try




using gcc-4.5.1
Comment 1 Jens Mueller 2010-10-12 07:38:29 UTC 
This is true, indices should be [0..3][0..2], i will change that.
Comment 2 Jens Mueller 2010-10-12 17:56:17 UTC 
SVN commit 1185210 by jmueller:

Fix compiler warning

BUGS: 253911

 M  +3 -3      dcrawinfocontainer.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1185210
Comment 3 caulier.gilles 2010-10-13 11:40:42 UTC 
SVN commit 1185411 by cgilles:

index to matrix must be inverted there, else we touch outside of allocated memory.
CCBUGS: 253911


 M  +1 -1      dcrawinfocontainer.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1185411