376898 – Crash when scanning photo containing exif with empty Jis comment (Digikam::MetaEngine::getExifComment, QTextCodec::toUnicode) [patch]

Bug 376898 - Crash when scanning photo containing exif with empty Jis comment (Digikam::MetaEngine::getExifComment, QTextCodec::toUnicode) [patch]

Summary: Crash when scanning photo containing exif with empty Jis comment (Digikam::Me...

Status:	RESOLVED FIXED

Alias:	None

Product:	digikam
Classification:	Applications
Component:	Metadata-Exif (show other bugs)
Version:	5.5.0
Platform:	Arch Linux Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Digikam Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-02-24 23:52 UTC by Mladen Milinkovic, Max
Modified:	2017-08-13 07:27 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	https://commits.kde.org/digikam/4cc8880fa70a943d8b1978b7987b3a47bd586e8d
Version Fixed In:	5.5.0
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Mladen Milinkovic, Max 2017-02-24 23:52:15 UTC

Application crashes when scanning a jpeg file with funky exif metadata.
When MetaEngine::Private::convertCommentValue() gets called for exif comment encoded using "Jis" charset and comment contains "\000\000..." (empty string) whole application segfaults.

Am using arch linux with:
extra/digikam 5.4.0-2
extra/qt5-base 5.8.0-5
extra/exiv2 0.25-3
extra/libkexiv2 16.12.2-1

Have also tried rebuilding digikam from git (master commit 1546044e48) and it crashes with same stacktrace, below is stack trace and patch that avoided the crash.


Thread 4 "Digikam::ScanCo" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffab5ef700 (LWP 20074)]
0x00007ffff427c3be in QTextCodec::toUnicode(char const*) const () from /usr/lib/libQt5Core.so.5
(gdb) bt
#0  0x00007ffff427c3be in QTextCodec::toUnicode(char const*) const () at /usr/lib/libQt5Core.so.5
#1  0x00007ffff65f1309 in  () at /usr/lib/libdigikamcore.so.5.5.0
#2  0x00007ffff6609409 in Digikam::MetaEngine::getExifComment() const () at /usr/lib/libdigikamcore.so.5.5.0
#3  0x00007ffff663baaa in Digikam::DMetadata::getImageComments(Digikam::DMetadataSettingsContainer const&) const () at /usr/lib/libdigikamcore.so.5.5.0
#4  0x00007ffff3ccf6ac in Digikam::ImageScanner::scanImageComments() () at /usr/lib/libdigikamdatabase.so.5.5.0
#5  0x00007ffff3cd1076 in Digikam::ImageScanner::scanFile(Digikam::ImageScanner::ScanMode) () at /usr/lib/libdigikamdatabase.so.5.5.0
#6  0x00007ffff3bfa86c in Digikam::CollectionScanner::scanNewFile(QFileInfo const&, int) () at /usr/lib/libdigikamdatabase.so.5.5.0
#7  0x00007ffff3bfc446 in Digikam::CollectionScanner::scanAlbum(Digikam::CollectionLocation const&, QString const&) () at /usr/lib/libdigikamdatabase.so.5.5.0
#8  0x00007ffff3bfc376 in Digikam::CollectionScanner::scanAlbum(Digikam::CollectionLocation const&, QString const&) () at /usr/lib/libdigikamdatabase.so.5.5.0
#9  0x00007ffff3bfca79 in Digikam::CollectionScanner::scanAlbumRoot(Digikam::CollectionLocation const&) () at /usr/lib/libdigikamdatabase.so.5.5.0
#10 0x00007ffff3bfccbb in Digikam::CollectionScanner::completeScan() () at /usr/lib/libdigikamdatabase.so.5.5.0
#11 0x00007ffff740c345 in Digikam::ScanController::run() () at /usr/lib/libdigikamgui.so.5.5.0
#12 0x00007ffff40476d8 in  () at /usr/lib/libQt5Core.so.5
#13 0x00007fffedfaa454 in start_thread () at /usr/lib/libpthread.so.0
#14 0x00007ffff33457df in clone () at /usr/lib/libc.so.6



diff --git a/libs/dmetadata/metaengine_p.cpp b/libs/dmetadata/metaengine_p.cpp
index 2b44e06c21..1819c503ea 100644
--- a/libs/dmetadata/metaengine_p.cpp
+++ b/libs/dmetadata/metaengine_p.cpp
@@ -416,7 +416,8 @@ QString MetaEngine::Private::convertCommentValue(const Exiv2::Exifdatum& exifDat
                else if (charset == "\"Jis\"")
                {
                        QTextCodec* const codec = QTextCodec::codecForName("JIS7");
-                       return codec->toUnicode(comment.c_str());
+                       const char *tmp = comment.c_str();
+                       return *tmp ? codec->toUnicode(tmp) : QStringLiteral("");
                }
                else if (charset == "\"Ascii\"")
                {

Comment 1 caulier.gilles 2017-02-25 08:03:36 UTC

Can you share an image with this kind of Exif::Jis comment ?

Gilles Caulier

Comment 2 caulier.gilles 2017-02-25 08:58:42 UTC

Git commit 4cc8880fa70a943d8b1978b7987b3a47bd586e8d by Gilles Caulier.
Committed on 25/02/2017 at 08:55.
Pushed by cgilles into branch 'master'.

apply patch from maxrd2@smoothware.net to prevent crash when Exif::Jis comment is badly encoded with empty string.
Fix coding style and polish
FIXED-IN: 5.5.0

M  +57   -35   libs/dmetadata/metaengine_p.cpp
M  +15   -15   libs/dmetadata/metaengine_p.h

https://commits.kde.org/digikam/4cc8880fa70a943d8b1978b7987b3a47bd586e8d