libkdcraw is crashing on decoding some files. At least Sigma.x3f from Image-ExifTool-5.72 test files. I experienced this with KPhotoAlbum, but it is not only KPA but at least dngconverter crashes as well. Reproducible: Always Steps to Reproduce: 1. Move Sigma.x3f from Image-ExifTool-5.72 to a directory indexed by KPhotoAlbum 2. Start KPA 3. KPA crashes immediately Actual Results: Executable: kphotoalbum PID: 26516 Signal: Aborted (6) Application: KPhotoAlbum (kphotoalbum), signal: Aborted Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Current thread is 1 (Thread 0x7f6bab295800 (LWP 26516))] Thread 6 (Thread 0x7f6b93c3c700 (LWP 26519)): #0 0x00007f6b9b7c843d in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 #1 0x00007f6ba3646618 in g_main_context_prepare () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #2 0x00007f6ba3646cab in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #3 0x00007f6ba36471e2 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #4 0x00007f6b9b8254a6 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 #5 0x00007f6ba366a645 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #6 0x00007f6ba6cc1e9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #7 0x00007f6ba6fcaccd in clone () from /lib/x86_64-linux-gnu/libc.so.6 #8 0x0000000000000000 in ?? () Thread 5 (Thread 0x7f6b9443d700 (LWP 26538)): #0 0x00007f6ba6cc3f69 in pthread_mutex_lock () from /lib/x86_64-linux-gnu/libpthread.so.0 #1 0x00007f6ba3683e21 in g_mutex_lock () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #2 0x00007f6ba3646623 in g_main_context_prepare () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #3 0x00007f6ba3646cab in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #4 0x00007f6ba3646ea4 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #5 0x00007f6ba7c51c46 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #6 0x00007f6ba7c222ef in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #7 0x00007f6ba7c22578 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #8 0x00007f6ba7b23b40 in QThread::exec() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #9 0x00007f6ba7c029df in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #10 0x00007f6ba7b26b1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #11 0x00007f6ba6cc1e9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #12 0x00007f6ba6fcaccd in clone () from /lib/x86_64-linux-gnu/libc.so.6 #13 0x0000000000000000 in ?? () Thread 4 (Thread 0x7f6b890ce700 (LWP 26553)): #0 0x00007f6ba6fbd6dd in open64 () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007f6ba7bf9805 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f6ba7bf137f in QFSFileEngine::open(QFlags<QIODevice::OpenModeFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f6ba7baed2e in QFile::open(QFlags<QIODevice::OpenModeFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #4 0x00007f6ba89489e8 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #5 0x00007f6ba89495a0 in QImageReader::read(QImage*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #6 0x00007f6ba894976f in QImageReader::read() () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #7 0x00007f6ba893ea11 in QImage::load(QString const&, char const*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #8 0x00000000004ef670 in ?? () #9 0x00000000004efc43 in ?? () #10 0x00007f6ba7b26b1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #11 0x00007f6ba6cc1e9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #12 0x00007f6ba6fcaccd in clone () from /lib/x86_64-linux-gnu/libc.so.6 #13 0x0000000000000000 in ?? () Thread 3 (Thread 0x7f6b888cd700 (LWP 26554)): [KCrash Handler] #5 0x00007f6ba6f0d425 in raise () from /lib/x86_64-linux-gnu/libc.so.6 #6 0x00007f6ba6f10b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6 #7 0x00007f6ba6f4b39e in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #8 0x00007f6ba6f55b96 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #9 0x00007f6baa297fae in ?? () from /usr/lib/libkdcraw.so.21 #10 0x00007f6baa299a87 in ?? () from /usr/lib/libkdcraw.so.21 #11 0x00007f6baa28186d in KDcrawIface::KDcraw::loadHalfPreview(QImage&, QString const&) () from /usr/lib/libkdcraw.so.21 #12 0x00000000004f176e in ?? () #13 0x00000000004f127c in ?? () #14 0x00000000004ef603 in ?? () #15 0x00000000004efc43 in ?? () #16 0x00007f6ba7b26b1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #17 0x00007f6ba6cc1e9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #18 0x00007f6ba6fcaccd in clone () from /lib/x86_64-linux-gnu/libc.so.6 #19 0x0000000000000000 in ?? () Thread 2 (Thread 0x7f6b7ffff700 (LWP 26555)): #0 0x00007f6ba6fbd8cd in read () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007f6ba7bf2468 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f6ba7bf9eae in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f6ba7baf9c6 in QFile::readData(char*, long long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #4 0x00007f6ba7bb586d in QIODevice::read(char*, long long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #5 0x00007f6b8b3cc4b5 in ?? () from /usr/lib/x86_64-linux-gnu/qt4/plugins/imageformats/libqjpeg.so #6 0x00007f6baa9e9bee in jpeg_fill_bit_buffer () from /usr/lib/x86_64-linux-gnu/libjpeg.so.8 #7 0x00007f6baa9ea187 in ?? () from /usr/lib/x86_64-linux-gnu/libjpeg.so.8 #8 0x00007f6baa9e7459 in ?? () from /usr/lib/x86_64-linux-gnu/libjpeg.so.8 #9 0x00007f6baa9ebdc2 in ?? () from /usr/lib/x86_64-linux-gnu/libjpeg.so.8 #10 0x00007f6baa9e6490 in jpeg_read_scanlines () from /usr/lib/x86_64-linux-gnu/libjpeg.so.8 #11 0x00007f6b8b3ccc0a in ?? () from /usr/lib/x86_64-linux-gnu/qt4/plugins/imageformats/libqjpeg.so #12 0x00007f6b8b3ce242 in ?? () from /usr/lib/x86_64-linux-gnu/qt4/plugins/imageformats/libqjpeg.so #13 0x00007f6ba894922d in QImageReader::read(QImage*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #14 0x00007f6ba894976f in QImageReader::read() () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #15 0x00007f6ba893ea11 in QImage::load(QString const&, char const*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #16 0x00000000004ef670 in ?? () #17 0x00000000004efc43 in ?? () #18 0x00007f6ba7b26b1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #19 0x00007f6ba6cc1e9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #20 0x00007f6ba6fcaccd in clone () from /lib/x86_64-linux-gnu/libc.so.6 #21 0x0000000000000000 in ?? () Thread 1 (Thread 0x7f6bab295800 (LWP 26516)): #0 0x00007f6ba6fbd6dd in open64 () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007f6ba7bf9805 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f6ba7bf137f in QFSFileEngine::open(QFlags<QIODevice::OpenModeFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f6ba7baed2e in QFile::open(QFlags<QIODevice::OpenModeFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #4 0x00000000004f50b4 in ?? () #5 0x00000000004f027c in ?? () #6 0x00007f6ba7c384cc in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #7 0x00007f6ba8881e9c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #8 0x00007f6ba888630a in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #9 0x00007f6ba958aad6 in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5 #10 0x00007f6ba7c2359e in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #11 0x00007f6ba7c27421 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #12 0x00007f6ba7c51a93 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #13 0x00007f6ba3646ab5 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #14 0x00007f6ba3646de8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #15 0x00007f6ba3646ea4 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #16 0x00007f6ba7c51c26 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #17 0x00007f6ba8926c1e in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #18 0x00007f6ba7c278cf in QCoreApplication::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #19 0x000000000051394e in ?? () #20 0x0000000000513f5f in ?? () #21 0x0000000000513f5f in ?? () #22 0x0000000000513f5f in ?? () #23 0x0000000000516754 in ?? () #24 0x0000000000510b3e in ?? () #25 0x000000000051120e in ?? () #26 0x00007f6ba7c3846e in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #27 0x00007f6ba8881e9c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #28 0x00007f6ba888630a in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #29 0x00007f6ba958aad6 in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5 #30 0x00007f6ba7c2359e in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #31 0x00007f6ba7c27421 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #32 0x00007f6ba7c51a93 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #33 0x00007f6ba3646ab5 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #34 0x00007f6ba3646de8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #35 0x00007f6ba3646ea4 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #36 0x00007f6ba7c51c26 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #37 0x00007f6ba8926c1e in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #38 0x00007f6ba7c222ef in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #39 0x00007f6ba7c22578 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #40 0x00007f6ba7c27738 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #41 0x000000000043b2cd in ?? () #42 0x00007f6ba6ef876d in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #43 0x0000000000445051 in _start () Expected Results: No crash Application: kphotoalbum (4.4) KDE Platform Version: 4.10.2 Qt Version: 4.8.3 Operating System: Linux 3.5.0-28-generic x86_64 Distribution: Ubuntu 12.10
Created attachment 79973 [details] Example file causing the crash A example file causing the crash
1/ We need to know which libkdcraw/libraw versions you use. do to Help button from DNG converter for info. 2/ the crash is in libkdcraw, and probably in libraw, but it miss debug symbols to see where in code. Please install libkdcraw debug package and run dngconverter in gdb as it's explained here : http://www.digikam.org/contrib 3/ We need a Sigma raw file sample to try to reproduce here. Share it somewhere in web. Gilles Caulier
(In reply to comment #2) > 1/ We need to know which libkdcraw/libraw versions you use. do to Help > button from DNG converter for info. LibRaw 0.15.0-Beta1 LibKdcraw 2.2.0 > 2/ the crash is in libkdcraw, and probably in libraw, but it miss debug > symbols to see where in code. Please install libkdcraw debug package and run > dngconverter in gdb as it's explained here : (gdb) run Starting program: /usr/bin/dngconverter warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffe24b2700 (LWP 29847)] [New Thread 0x7fffe1cb1700 (LWP 29848)] [New Thread 0x7fffd89f4700 (LWP 29849)] [New Thread 0x7fffcffff700 (LWP 29850)] [New Thread 0x7fffce765700 (LWP 29854)] [Thread 0x7fffe24b2700 (LWP 29847) exited] Corrupt JPEG data: 27 extraneous bytes before marker 0xd9 JPEG datastream contains no image /mnt/server/manfred/restore/Image-ExifTool-5.72/t/CanonRaw.crw: Unexpected end of file /mnt/server/manfred/restore/Image-ExifTool-5.72/t/Sigma.x3f: Unexpected end of file Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffce765700 (LWP 29854)] __GI___libc_free (mem=0x7fffcc28c010) at malloc.c:2892 2892 malloc.c: Datei oder Verzeichnis nicht gefunden. (gdb) bt #0 __GI___libc_free (mem=0x7fffcc28c010) at malloc.c:2892 #1 0x00007ffff74414eb in ?? () from /usr/lib/libkdcraw.so.22 #2 0x00007ffff7446905 in ?? () from /usr/lib/libkdcraw.so.22 #3 0x00007ffff742bae5 in KDcrawIface::KDcraw::loadHalfPreview(QImage&, QString const&) () from /usr/lib/libkdcraw.so.22 #4 0x00007ffff6fc703d in KIPIPlugins::KPRawThumbThread::run() () from /usr/lib/libkipiplugins.so.3 #5 0x00007ffff602cbec in QThreadPrivate::start (arg=0xd91b90) at thread/qthread_unix.cpp:338 #6 0x00007ffff71f6f8e in start_thread (arg=0x7fffce765700) at pthread_create.c:311 #7 0x00007ffff45eee1d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 > 3/ We need a Sigma raw file sample to try to reproduce here. Share it > somewhere in web. I already did attach it to this bug. Thanks, Manfred
Alex, I can confirm that sample X3F image crash libraw on my computer : (gdb) bt #0 0x00007ffff2a39a65 in raise () from /lib64/libc.so.6 #1 0x00007ffff2a3b0c8 in abort () from /lib64/libc.so.6 #2 0x00007ffff2a7920b in __libc_message () from /lib64/libc.so.6 #3 0x00007ffff2a801d6 in _int_free () from /lib64/libc.so.6 #4 0x00007ffff6f87fb0 in LibRaw::recycle (this=this@entry=0x7fffc3175460) at /mnt/devel/GIT/3.x/extra/libkdcraw/libraw/src/libraw_cxx.cpp:410 #5 0x00007ffff6f89f44 in LibRaw::unpack (this=0x7fffc3175460) at /mnt/devel/GIT/3.x/extra/libkdcraw/libraw/src/libraw_cxx.cpp:1196 #6 0x00007ffff6f6d3a7 in KDcrawIface::KDcraw::loadHalfPreview (image=..., path=...) at /mnt/devel/GIT/3.x/extra/libkdcraw/libkdcraw/kdcraw.cpp:182 #7 0x00007ffff78cf7d2 in Digikam::ThumbnailCreator::createThumbnail (this=0x18c41b0, info=..., detailRect=...) at /mnt/devel/GIT/3.x/core/libs/threadimageio/thumbnailcreator.cpp:514 #8 0x00007ffff78ce21d in Digikam::ThumbnailCreator::load (this=0x18c41b0, path=..., rect=..., pregenerate=false) at /mnt/devel/GIT/3.x/core/libs/threadimageio/thumbnailcreator.cpp:260 #9 0x00007ffff78cde46 in Digikam::ThumbnailCreator::load (this=0x18c41b0, path=...) at /mnt/devel/GIT/3.x/core/libs/threadimageio/thumbnailcreator.cpp:199 #10 0x00007ffff78dce16 in Digikam::ThumbnailLoadingTask::execute (this=0x27ff520) at /mnt/devel/GIT/3.x/core/libs/threadimageio/thumbnailtask.cpp:172 #11 0x00007ffff78b7fcd in Digikam::LoadSaveThread::run (this=0x19dc740) at /mnt/devel/GIT/3.x/core/libs/threadimageio/loadsavethread.cpp:136 #12 0x00007ffff78f56d6 in Digikam::DynamicThread::DynamicThreadPriv::run (this=0x19dbca0) at /mnt/devel/GIT/3.x/core/libs/threads/dynamicthread.cpp:186 #13 0x00007ffff3a6823d in QThreadPoolThread::run() () from /lib64/libQtCore.so.4 #14 0x00007ffff3a745ec in QThreadPrivate::start(void*) () from /lib64/libQtCore.so.4 #15 0x00007ffff37e4d18 in start_thread () from /lib64/libpthread.so.0 #16 0x00007ffff2af47cd in clone () from /lib64/libc.so.6 #17 0x0000000000000000 in ?? () (gdb) Note : this X3F file sound like corrupted or something like that. File size is 1,5Kb only. I check file structure, and it's really a X3F file, but with no image data. I don't know how this file have been generated, but in all case, libraw must not crash as well... Gilles Caulier
Reproduced with command-line LibRaw tool (dcraw_emu) , thanks for sample.
Created attachment 80087 [details] Proposed patch to fix double-free() on broken full-color images Proposed patch to fix double-free() on broken full-color images
Please try the proposed patch (above). Works for me (Win32) :)
Alex, Patch work fine. There is no crash in digiKam and Showfoto now... Gilles Caulier
Fine. Expect LibRaw 0.15.2 within next few days.
Git commit 655c5ac08726eee4219d0a8830953a22d7f3d371 by Gilles Caulier. Committed on 26/05/2013 at 11:39. Pushed by cgilles into branch 'master'. update internal Libraw to last 0.15.2 M +6 -0 libraw/Changelog.txt M +1 -1 libraw/internal/dcraw_common.cpp M +2 -2 libraw/libraw/libraw.h M +1 -1 libraw/libraw/libraw_version.h M +1 -1 libraw/src/libraw_c_api.cpp M +9 -3 libraw/src/libraw_cxx.cpp M +2 -2 libraw/src/libraw_datastream.cpp http://commits.kde.org/libkdcraw/655c5ac08726eee4219d0a8830953a22d7f3d371
Not reproducible with digiKam 7.0.0-beta1.