Bug 405210

Summary: baloo_file_extractor crashes somewhere in KFileMetadata on a specific JPEG file (attached)
Product: [Frameworks and Libraries] frameworks-kfilemetadata Reporter: Erasmo Caponio <erasmocaponio>
Component: generalAssignee: Pinak Ahuja <pinak.ahuja>
Status: RESOLVED FIXED    
Severity: crash CC: a.stippich, craig.a.denman, gjbr, jwest, nate, skierpage
Priority: NOR Keywords: drkonqi
Version: 5.55.0   
Target Milestone: ---   
Platform: Neon   
OS: Linux   
Latest Commit: Version Fixed In: 5.58
Sentry Crash Report:
Attachments: jpg file

Description Erasmo Caponio 2019-03-08 10:25:59 UTC
Application: baloo_file_extractor (5.55.0)

Qt Version: 5.12.0
Frameworks Version: 5.55.0
Operating System: Linux 4.15.0-46-generic x86_64
Distribution: KDE neon User Edition 5.15

-- Information about the crash:
every time I launch Baloo to index the content of files in some directories, baloofile_extractor crashes after a while

The crash can be reproduced every time.

-- Backtrace:
Application: Baloo File Extractor (baloo_file_extractor), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f912747fd80 (LWP 2270))]

Thread 3 (Thread 0x7f90fe60c700 (LWP 2272)):
#0  0x00007f9123f97bf9 in __GI___poll (fds=0x7f90f801a9c0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f91205a5539 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f91205a564c in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f91248da15b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007f912487b64a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007f91246a341a in QThread::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007f912626f015 in  () at /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5
#7  0x00007f91246a4bc2 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007f9122b9e6db in start_thread (arg=0x7f90fe60c700) at pthread_create.c:463
#9  0x00007f9123fa488f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7f9117c4a700 (LWP 2271)):
#0  0x00007f9123f97bf9 in __GI___poll (fds=0x7f9117c49c78, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f9120134747 in  () at /usr/lib/x86_64-linux-gnu/libxcb.so.1
#2  0x00007f912013636a in xcb_wait_for_event () at /usr/lib/x86_64-linux-gnu/libxcb.so.1
#3  0x00007f91191c532a in  () at /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#4  0x00007f91246a4bc2 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007f9122b9e6db in start_thread (arg=0x7f9117c4a700) at pthread_create.c:463
#6  0x00007f9123fa488f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7f912747fd80 (LWP 2270)):
[KCrash Handler]
#6  0x00007f9115e5a0e8 in Exiv2::ValueType<std::pair<unsigned int, unsigned int> >::toRational(long) const () at /usr/lib/x86_64-linux-gnu/libexiv2.so.26
#7  0x00007f9116242e3d in  () at /usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kfilemetadata/kfilemetadata_exiv2extractor.so
#8  0x00007f9116243589 in  () at /usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kfilemetadata/kfilemetadata_exiv2extractor.so
#9  0x000055568244123b in Baloo::App::index(Baloo::Transaction*, QString const&, unsigned long long) (this=this@entry=0x7ffe51342740, tr=0x5556840093f0, url=..., id=id@entry=1649267443715) at ./src/file/extractor/app.cpp:191
#10 0x0000555682441b7e in Baloo::App::processNextFile() (this=0x7ffe51342740) at ./src/file/extractor/app.cpp:111
#11 0x00007f91248b9d04 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x00007f91248ad94b in QObject::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007f912567383c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#14 0x00007f912567add0 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#15 0x00007f912487d328 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#16 0x00007f91248d95a9 in QTimerInfoList::activateTimers() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007f91248d9da9 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007f91205a5387 in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007f91205a55c0 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007f91205a564c in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007f91248da13f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#22 0x00007f912487b64a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00007f9124884800 in QCoreApplication::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x000055568244020d in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at ./src/file/extractor/main.cpp:60

Reported using DrKonqi
Comment 1 Méven Car 2019-03-13 09:49:16 UTC
*** Bug 405294 has been marked as a duplicate of this bug. ***
Comment 2 Alexander Stippich 2019-04-04 19:03:01 UTC
Can you retest with KF 5.56?
Comment 3 Christoph Feck 2019-04-25 09:29:08 UTC
If you can provide the information requested in comment #2, please add it.
Comment 4 Erasmo Caponio 2019-04-25 14:30:35 UTC
(In reply to Christoph Feck from comment #3)
> If you can provide the information requested in comment #2, please add it.

I update kde neon user edition regularly. The bug is still there.
Comment 5 Alexander Stippich 2019-04-26 05:58:24 UTC
Can you determine the crashing file using balooctl monitor?
Comment 6 Erasmo Caponio 2019-04-26 22:04:52 UTC
(In reply to Alexander Stippich from comment #5)
> Can you determine the crashing file using balooctl monitor?

Using balooctl monitor, I have realized that the indexing process stopped always at the same file. This was actually a corrupted jpg file. I've deleted it and after restarting baloo, everything works fine. Thank you for your suggestion!
Comment 7 Alexander Stippich 2019-04-27 13:42:58 UTC
Can you upload the corrupted file so that I can try to reproduce?
Comment 8 Erasmo Caponio 2019-04-27 15:30:01 UTC
Created attachment 119676 [details]
jpg file
Comment 9 Erasmo Caponio 2019-04-27 15:35:20 UTC
(In reply to Alexander Stippich from comment #7)
> Can you upload the corrupted file so that I can try to reproduce?

I had a copy of the file on another hard-disk and yes, the crash is reproducible (at least on my pc). I can add that the same file was also on another pc (synced with Unison) where I had no problem with baloo (maybe, the file had been stored on the baloo index there before something bad happened or the two copy passed the Unison sync procedure but they were not exactly the same...). Anyway, please find it attached on y previous message.
Comment 10 Nate Graham 2019-04-28 22:32:09 UTC
Thank you very much for attaching the problematic file!
Comment 11 Alexander Stippich 2019-04-29 19:06:08 UTC
Git commit e227a7ce4587f0a8a996906cc174586b2f7a9f48 by Alexander Stippich.
Committed on 29/04/2019 at 19:05.
Pushed by astippich into branch 'master'.

Fix exivextractor crash with malformed files

Summary:
Prevent a segfault by explicitly checking everywhere
for valid entries.

Reviewers: bruns, ngraham

Reviewed By: bruns, ngraham

Subscribers: kde-frameworks-devel, #baloo

Tags: #frameworks, #baloo

Differential Revision: https://phabricator.kde.org/D20877

M  +8    -3    src/extractors/exiv2extractor.cpp

https://commits.kde.org/kfilemetadata/e227a7ce4587f0a8a996906cc174586b2f7a9f48
Comment 12 Nate Graham 2020-11-05 14:18:49 UTC
*** Bug 404565 has been marked as a duplicate of this bug. ***
Comment 13 Nate Graham 2020-11-05 14:18:52 UTC
*** Bug 405017 has been marked as a duplicate of this bug. ***
Comment 14 Nate Graham 2020-11-05 14:19:38 UTC
*** Bug 131686 has been marked as a duplicate of this bug. ***
Comment 15 Nate Graham 2020-11-05 14:20:16 UTC
*** Bug 428726 has been marked as a duplicate of this bug. ***