Summary: | Baloo file extractor crashes in libexiv2 in Exiv2::ValueType() | ||
---|---|---|---|
Product: | [Frameworks and Libraries] frameworks-kfilemetadata | Reporter: | Brad Hubbard <bhubbard> |
Component: | general | Assignee: | Pinak Ahuja <pinak.ahuja> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | aspotashev, jr.linux, nate, strobel, vhradice, zhuravlov.ip |
Priority: | NOR | Keywords: | drkonqi |
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | unspecified | ||
OS: | Linux | ||
Latest Commit: | https://commits.kde.org/kfilemetadata/5eee9ac75b7d6bb19795c2d3b964fe05fd8fc47c | Version Fixed In: | 5.52 |
Sentry Crash Report: |
Description
Brad Hubbard
2015-09-17 20:38:56 UTC
Git commit 5eee9ac75b7d6bb19795c2d3b964fe05fd8fc47c by Igor Poboiko. Committed on 16/10/2018 at 13:56. Pushed by poboiko into branch 'master'. Don't crash on invalid exiv2 data Summary: The file from bug 375131 crashes `baloo_file_extractor`. The problem is that its EXIF data contains a key `Exif.Photo.FocalLength`, whose type is `Exiv2::unsignedRational`, and whose value is empty. On the other hand, the `Exiv2::Value::toFloat()` call relies on at least single component of a value, causing undefined behavior (i.e. crash) if there is none. This is simple workaround: if we got a property with no value, just return an empty QVariant(). (unfortunately, didn't manage to reproduce the hang reported in the bug originally) Related: bug 353848, bug 361259, bug 375131 Test Plan: `baloo_file_extractor` no longer crashes on the file, it processes the file and extracts all the necessary data Reviewers: #baloo, #frameworks, astippich Reviewed By: astippich Subscribers: bruns, astippich, kde-frameworks-devel Tags: #frameworks, #baloo Differential Revision: https://phabricator.kde.org/D16165 M +3 -0 src/extractors/exiv2extractor.cpp https://commits.kde.org/kfilemetadata/5eee9ac75b7d6bb19795c2d3b964fe05fd8fc47c *** Bug 372235 has been marked as a duplicate of this bug. *** *** Bug 369522 has been marked as a duplicate of this bug. *** *** Bug 375950 has been marked as a duplicate of this bug. *** *** Bug 384607 has been marked as a duplicate of this bug. *** |