Bug 404565

Summary: baloo_file_extractor crashes in Exiv2::DataValue::toLong() in kfilemetadata_exiv2extractor on specific image file
Product: [Frameworks and Libraries] frameworks-kfilemetadata Reporter: Craig Denman <craig.a.denman>
Component: generalAssignee: Pinak Ahuja <pinak.ahuja>
Status: RESOLVED DUPLICATE    
Severity: crash CC: a.stippich, nate, skierpage
Priority: NOR Keywords: drkonqi
Version: 5.54.0   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Craig Denman 2019-02-19 18:05:04 UTC 
Application: baloo_file_extractor (5.54.0)

Qt Version: 5.11.1
Frameworks Version: 5.54.0
Operating System: Linux 4.18.0-16-generic x86_64
Distribution: Ubuntu 18.10

-- Information about the crash:
- What I was doing when the application crashed:  I had first attempted to install the downloaded app from EasyEDA.com for my x64 KDE Linux system.  The installation failed.  I realized then that the app is based on Electron -- the developer app -- so I proceeded to install Electron.  I started with installing npm, but that too failed to install correctly.  After figuring out what was wrong, as a means to fix the npm installation, I adjusted the chmod and chown of the /usr/local/lib/node_modules with the recursive -R option.  The npm installation was now able to complete.  I then performed the npm install -g electron and it installed without a problem.  I also performed npm update and npm outdated.  This then prompted me to complete the update of mathjax with npm update -g mathjax.  All of this proceeded with a problem.  After all this EasyEDA still does not work, and I am left with a crashing baloo_file_extractor.

-- Backtrace:
Application: Baloo File Extractor (baloo_file_extractor), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7fa0f7554d80 (LWP 30410))]

Thread 3 (Thread 0x7fa0f4eb4700 (LWP 30432)):
#0  0x00007fa0fc2fa6d9 in __GI___poll (fds=0x7fa0e80131e0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fa0fa816e46 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fa0fa816f6c in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fa0fc81d15b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007fa0fc7ca16b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007fa0fc6190b6 in QThread::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007fa0fd787545 in  () at /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5
#7  0x00007fa0fc622c87 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007fa0fc1cd164 in start_thread (arg=<optimized out>) at pthread_create.c:486
#9  0x00007fa0fc306def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7fa0f5ac5700 (LWP 30424)):
#0  0x00007fa0fc2fa6d9 in __GI___poll (fds=0x7fa0f5ac4cb8, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fa0fa7a1917 in  () at /usr/lib/x86_64-linux-gnu/libxcb.so.1
#2  0x00007fa0fa7a353a in xcb_wait_for_event () at /usr/lib/x86_64-linux-gnu/libxcb.so.1
#3  0x00007fa0f6e62159 in  () at /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#4  0x00007fa0fc622c87 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007fa0fc1cd164 in start_thread (arg=<optimized out>) at pthread_create.c:486
#6  0x00007fa0fc306def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7fa0f7554d80 (LWP 30410)):
[KCrash Handler]
#6  0x00007fa0efec4bb8 in Exiv2::DataValue::toLong(long) const () at /usr/lib/x86_64-linux-gnu/libexiv2.so.14
#7  0x00007fa0f46a7155 in  () at /usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kfilemetadata/kfilemetadata_exiv2extractor.so
#8  0x00007fa0f46a7799 in  () at /usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kfilemetadata/kfilemetadata_exiv2extractor.so
#9  0x0000555e57f3fe6b in  ()
#10 0x0000555e57f41d07 in  ()
#11 0x00007fa0fc8004a6 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x00007fa0fc7f4f4b in QObject::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007fa0fd18c4a1 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#14 0x00007fa0fd193ae0 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#15 0x00007fa0fc7cb499 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#16 0x00007fa0fc81c558 in QTimerInfoList::activateTimers() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007fa0fc81cdb4 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007fa0fa816c3e in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007fa0fa816ed8 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007fa0fa816f6c in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007fa0fc81d143 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#22 0x00007fa0f6ef3e51 in  () at /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#23 0x00007fa0fc7ca16b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00007fa0fc7d22e2 in QCoreApplication::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x0000555e57f3f323 in  ()
#26 0x00007fa0fc21009b in __libc_start_main (main=0x555e57f3f0e0, argc=1, argv=0x7ffc30503d28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc30503d18) at ../csu/libc-start.c:308
#27 0x0000555e57f3f3ca in  ()
[Inferior 1 (process 30410) detached]

Reported using DrKonqi
Comment 1 Nate Graham 2019-02-20 04:09:02 UTC 
Crashing in Exiv2::DataValue::toLong(), but called by KFileMetadata.
Comment 2 Alexander Stippich 2019-02-23 15:27:54 UTC 
It crashes in the exiv2 extractor, so likely reading from a corrupted image file.
Can you determine the file at which it hangs using balooctl monitor?
Comment 3 Christoph Feck 2019-03-12 09:39:15 UTC 
If you can provide the information requested in comment #2, please add it.
Comment 4 Nate Graham 2019-03-12 13:43:28 UTC 
A file that causes this crash can be found in the comment on this duped bug: https://bugs.kde.org/show_bug.cgi?id=405017#c4
Comment 5 Nate Graham 2019-03-12 13:43:43 UTC 
*** Bug 405017 has been marked as a duplicate of this bug. ***
Comment 6 Craig Denman 2019-03-12 14:10:17 UTC 
I cannot figure out how to find the offending file.

In the referenced bug report 40517 I see that I can use: Balooctl Status 
<filename>

Is there a way to do something like a recursive scan to find the error.  
I am suspecting the installation directories at 
/usr/local/lib/node_modules where there are installations of electron, 
mathjax and npm.

I would like to be able to scan the directory node-modules.

On 3/12/19 2:43 PM, Nate Graham wrote:
> https://bugs.kde.org/show_bug.cgi?id=404565
>
> Nate Graham <nate@kde.org> changed:
>
>             What    |Removed                     |Added
> ----------------------------------------------------------------------------
>                   CC|                            |skierpage@gmail.com
>
> --- Comment #5 from Nate Graham <nate@kde.org> ---
> *** Bug 405017 has been marked as a duplicate of this bug. ***
>
Comment 7 Alexander Stippich 2019-03-17 11:54:44 UTC 
You should be able to find the file when you type "balooctl monitor" in a console.
It shows files that are currently indexed by baloo. If there is a crash somewhere, baloo monitor is usually stuck and shows the filename of the crashing file.
Comment 8 Alexander Stippich 2019-04-04 19:01:30 UTC 
KDE Frameworks 5.56 contains a change that may also fix your crash. Can you retest?
Comment 9 Alexander Stippich 2019-04-26 05:56:48 UTC 
Please provide the required info
Comment 10 skierpage 2019-05-02 04:01:20 UTC 
(In reply to Craig Denman from comment #6)
> I cannot figure out how to find the offending file.

I filed bug 405247 requesting some way to get baloo_file_extractor to report the problem file.

In a terminal
  balooctl monitor
  balooctl disable
  # if it's not running
  balooctl enable
and you should eventually get the crash report near the failure.

(In reply to Alexander Stippich from comment #8)
> KDE Frameworks 5.56 contains a change that may also fix your crash. Can you
> retest?
Alas brand-new Fedora 30 only ships KDE Frameworks 5.55.0. I may be able to rebuild the kf5-kfilemetadata srpm to newer Rawhide git commit 5.56 tag blurhg asdff, if I get a lot smarter ... :-)
Comment 11 skierpage 2019-05-13 22:12:27 UTC 
Fedora 30 updated to KDE Frameworks 5.57 (and exiv2-0.27.1), and bad news, I get a very similar crash as before when Baloo processes the problem panorama JPG from duplicate bug 405017 comment 4. Note that my crash stack seems similar but not identical to that of the original reporter of this bug.

Dr Konqi reports
Application: Baloo File Extractor (baloo_file_extractor), signal: Aborted
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f0148b9c800 (LWP 10037))]

...

Thread 1 (Thread 0x7f0148b9c800 (LWP 10037)):
[KCrash Handler]
#6  0x00007f014b81eeb5 in raise () from /lib64/libc.so.6
#7  0x00007f014b809895 in abort () from /lib64/libc.so.6
#8  0x00007f0139adf008 in std::__replacement_assert (__file=__file@entry=0x7f0139be4f60 "/usr/include/c++/9/bits/stl_vector.h", __line=__line@entry=1060, __function=__function@entry=0x7f0139c11ae0 "std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) const [with _Tp = unsigned char; _Alloc = std::allocator<unsigned char>; std::vector"..., __condition=__condition@entry=0x7f0139be4e10 "__builtin_expect(__n < this->size(), true)") at /usr/include/c++/9/x86_64-redhat-linux/bits/c++config.h:2510
#9  0x00007f0139b40415 in std::vector<unsigned char, std::allocator<unsigned char> >::operator[] (__n=<optimized out>, this=<optimized out>) at /usr/src/debug/exiv2-0.27.1-1.fc30.x86_64/src/value.cpp:257
#10 Exiv2::DataValue::write (os=..., this=<optimized out>) at /usr/src/debug/exiv2-0.27.1-1.fc30.x86_64/src/value.cpp:261
#11 0x00007f0139b40449 in Exiv2::DataValue::toLong (this=<optimized out>, n=<optimized out>) at /usr/include/c++/9/bits/stl_vector.h:1058
#12 0x00007f013a4fc8aa in KFileMetaData::Exiv2Extractor::fetchGpsAltitude (this=<optimized out>, data=...) at /usr/src/debug/kf5-kfilemetadata-5.57.0-1.fc30.x86_64/src/extractors/exiv2extractor.cpp:303
#13 0x00007f013a4fcf2f in KFileMetaData::Exiv2Extractor::extract (this=0x55e3fbe4b9d0, result=0x7ffc46deb470) at /usr/src/debug/kf5-kfilemetadata-5.57.0-1.fc30.x86_64/src/extractors/exiv2extractor.cpp:214
#14 0x000055e3faf495af in Baloo::App::index (this=this@entry=0x7ffc46debbc0, tr=0x55e3fc8eb220, url=..., id=id@entry=1391285936064515) at /usr/src/debug/kf5-baloo-5.57.0-1.fc30.x86_64/src/file/extractor/app.cpp:192
#15 0x000055e3faf4b7df in Baloo::App::processNextFile (this=0x7ffc46debbc0) at /usr/src/debug/kf5-baloo-5.57.0-1.fc30.x86_64/src/file/extractor/app.cpp:112
...
Comment 12 Alexander Stippich 2019-05-17 05:44:33 UTC 
Please re-check with KF 5.58, another fix was added for the exivextractor there
Comment 13 Nate Graham 2019-05-17 13:08:29 UTC 
(Please re-open if it persists with 5.58)
Comment 14 skierpage 2019-05-26 22:50:01 UTC 
(In reply to Alexander Stippich from comment #12)
> Please re-check with KF 5.58, another fix was added for the exivextractor
> there

Good news, Fedora 30 KDE spin updated to KDE Frameworks 5.58.0, and baloo_file_extractor doesn't crash on my panorama image any more. Thanks!
Comment 15 Nate Graham 2020-11-05 14:18:49 UTC 

*** This bug has been marked as a duplicate of bug 405210 ***