Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault on Sony Alpha RAW images with exiv2 0.28.0 #1105

Closed
shastah opened this issue Jun 11, 2023 · 5 comments
Closed

Segfault on Sony Alpha RAW images with exiv2 0.28.0 #1105

shastah opened this issue Jun 11, 2023 · 5 comments

Comments

@shastah
Copy link

shastah commented Jun 11, 2023
edited
Loading

ISSUE TYPE

  • Bug Report

GEEQIE VERSION

$ geeqie --version
Geeqie 2.0.1 GTK3
$ exiv2 --version
exiv2 0.28.0

OS / DISTRIBUTION

Using official Arch Linux packages:

[2023-06-09T01:48:34+0200] [ALPM] upgraded exiv2 (0.27.6-2 -> 0.28.0-1)
[2023-06-09T01:48:34+0200] [ALPM] upgraded libkexiv2 (23.04.1-1 -> 23.04.2-1)
[2023-06-09T01:48:34+0200] [ALPM] upgraded geeqie (2.0.1-5 -> 2.0.1-6)
[2023-06-09T01:48:34+0200] [ALPM] upgraded libgexiv2 (0.14.0-4 -> 0.14.1-1)

SUMMARY

I'm experiencing a segfault on certain Sony Alpha 7 RAW images, since upgrading exiv2

STEPS TO REPRODUCE

Can't show mine, but I can reproduce the problem with the first google result for a RAW file from Sony A7iii: https://cdn.alphashooters.com/images/raw/sel85f18/DSC00116.ARW

$ gdb geeqie 
(gdb) run DSC00116.ARW
Thread 1 "geeqie" received signal SIGSEGV, Segmentation fault.
image_loader_setup_source (il=il@entry=0x555556daf450) at ../geeqie-2.0.1/src/image-load.c:1017
1017                                    if (!(il->mapped_file[0] == 0xFF && il->mapped_file[1] == 0xD8))
(gdb) list -
1012	
1013				if (il->mapped_file)
1014					{
1015					/* Both exiv2 and libraw sometimes return a pointer to a file
1016					 * section that is not a jpeg */
1017					if (!(il->mapped_file[0] == 0xFF && il->mapped_file[1] == 0xD8))
1018						{
1019						il->mapped_file = NULL;
1020						}
1021					else
(gdb) bt
#0  image_loader_setup_source(ImageLoader*) (il=il@entry=0x555556daf450)
    at ../geeqie-2.0.1/src/image-load.c:1017
#1  0x0000555555606603 in image_loader_start_thread (il=0x555556daf450)
    at ../geeqie-2.0.1/src/image-load.c:1304
#2  image_loader_start(ImageLoader*) (il=0x555556daf450) at ../geeqie-2.0.1/src/image-load.c:1334
#3  0x0000555555606e44 in image_load_begin (fd=0x555556dbb050, imd=0x55555699b8e0)
    at ../geeqie-2.0.1/src/image.c:1050
#4  image_change_complete(ImageWindow*, gdouble) (imd=0x55555699b8e0, zoom=0)
    at ../geeqie-2.0.1/src/image.c:1128
#5  0x000055555560720b in image_change_real(ImageWindow*, FileData*, CollectionData*, CollectInfo*, gdouble)
    (imd=0x55555699b8e0, fd=0x555556dbb050, cd=<optimized out>, info=<optimized out>, zoom=0)
    at ../geeqie-2.0.1/src/image.c:1161
#6  0x000055555561e4a8 in image_change_fd (zoom=<optimized out>, fd=0x555556dbb050, imd=<optimized out>)
    at ../geeqie-2.0.1/src/image.c:1370
#7  image_change_fd (zoom=<optimized out>, fd=0x555556dbb050, imd=<optimized out>)
    at ../geeqie-2.0.1/src/image.c:1366
#8  layout_image_set_fd (lw=<optimized out>, fd=fd@entry=0x555556dbb050)
    at ../geeqie-2.0.1/src/layout_image.c:1442
...
(gdb) print *il
$1 = {parent = {g_type_instance = {g_class = 0x555556df8490 [g_type: None]}, ref_count = 1, qdata = 0x0}, 
  pixbuf = 0x0, fd = 0x555556dbb050, path = 0x0, bytes_read = 0, bytes_total = 521025, 
  preview = IMAGE_LOADER_PREVIEW_NONE, requested_width = 0, requested_height = 0, actual_width = 0, 
  actual_height = 0, shrunk = 0, done = 0, idle_id = 0, idle_priority = 200, loader = 0x0, error = 0x0, 
  backend = {loader_new = 0x0, set_size = 0x0, load = 0x0, write = 0x0, get_pixbuf = 0x0, close = 0x0, 
    abort = 0x0, free = 0x0, get_format_name = 0x0, get_format_mime_types = 0x0, set_page_num = 0x0, 
    get_page_total = 0x0}, idle_done_id = 0, area_param_list = 0x0, area_param_delayed_list = 0x0, 
  delay_area_ready = 0, data_mutex = 0x555556daf380, stopping = 0, can_destroy = 1, 
  can_destroy_cond = 0x555556daf590, thread = 1, 
  mapped_file = 0x55555700f4c0 <error: Cannot access memory at address 0x55555700f4c0>, 
  read_buffer_size = 4096, idle_read_loop_count = 1}

Others have similar issues with Nikon and Sony RAWs (see #1090 and Exiv2/exiv2#2638)
@waldbaer59
Copy link

Same for Pentax DNG RAW files.

@caclark caclark mentioned this issue Jun 13, 2023
Closed
@zackteo
Copy link

zackteo commented Jun 18, 2023

I'm getting a similar issue but for Nikon NEF RAW files

@yeezy69
Copy link

yeezy69 commented Jun 19, 2023

I also use Archlinux. My versions of geeqie and exif are identical to the bug reporter.

I use Sony and Canon cameras. For my Sony RAW files, the gdb output is as above.

When opening the Canon RAW files, the gdb output is

(gdb) run img_5019.cr2
Starting program: /usr/bin/geeqie img_5019.cr2

Thread 1 "geeqie" received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44	     return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;                                                                  
(gdb) list -
39	        delivery of all pending signals after unblocking in the code
40	        below.  POSIX only guarantees delivery of a single signal,
41	        which may not be the right one.)  */
42	     pid_t tid = INTERNAL_SYSCALL_CALL (gettid);
43	     int ret = INTERNAL_SYSCALL_CALL (tgkill, __getpid (), tid, signo);
44	     return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
45	   }
46	
47	 /* Block all signals, as required by pd->exit_lock.  */
48	 internal_sigset_t old_mask;
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007ffff5bb22d3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007ffff5b62a08 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff5b4b538 in __GI_abort () at abort.c:79
#4  0x00007ffff5b4c2db in __libc_message (fmt=fmt@entry=0x7ffff5cc6515 "%s\n") at ../sysdeps/posix/libc_fatal.c:150
#5  0x00007ffff5bbc1b7 in malloc_printerr (str=str@entry=0x7ffff5cc9378 "double free or corruption (out)") at malloc.c:5651
#6  0x00007ffff5bbe3b4 in _int_free (av=0x7ffff5d04ba0 <main_arena>, p=0x555556e8de60, have_lock=<optimized out>, have_lock@entry=0) at malloc.c:4574
#7  0x00007ffff5bc0cb3 in __GI___libc_free (mem=<optimized out>) at malloc.c:3367
#8  0x00007ffff5eaeaba in operator delete(void*) (ptr=<optimized out>) at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/del_op.cc:49
#9  0x00007ffff5eaeaea in operator delete[](void*) (ptr=<optimized out>) at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/del_opv.cc:35
#10 0x0000555555602176 in exif_free_preview (buf=<optimized out>) at ../geeqie-2.0.1/src/exiv2.cc:1265
#11 image_loader_stop_source(ImageLoader*) (il=il@entry=0x555556d13440) at ../geeqie-2.0.1/src/image-load.c:1095
#12 0x0000555555602246 in image_loader_stop (il=0x555556d13440) at ../geeqie-2.0.1/src/image-load.c:1129
#13 image_loader_finalize(GObject*) (object=0x555556d13440) at ../geeqie-2.0.1/src/image-load.c:206
#14 0x00007ffff77988b4 in g_object_unref (_object=0x555556d13440) at ../glib/gobject/gobject.c:3938
#15 g_object_unref (_object=0x555556d13440) at ../glib/gobject/gobject.c:3802
#16 0x00007ffff77b55d1 in g_value_unset (value=0x7fffffffd7c0) at ../glib/gobject/gvalue.c:313
#17 0x00007ffff77a967f in g_signal_emit_valist
    (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffffffd960)
    at ../glib/gobject/gsignal.c:3595
#18 0x00007ffff77a9d34 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at ../glib/gobject/gsignal.c:3622
#19 0x00005555555ff468 in image_loader_emit_done_cb(gpointer) (data=<optimized out>) at ../geeqie-2.0.1/src/image-load.c:304
#20 0x00007ffff7cf4981 in g_main_dispatch (context=0x5555564994c0) at ../glib/glib/gmain.c:3460
#21 g_main_context_dispatch (context=0x5555564994c0) at ../glib/glib/gmain.c:4200
#22 0x00007ffff7d51b39 in g_main_context_iterate.isra.0 (context=0x5555564994c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at ../glib/glib/gmain.c:4276
#23 0x00007ffff7cf3f3f in g_main_loop_run (loop=0x555556763980) at ../glib/glib/gmain.c:4479
#24 0x00007ffff6fecf6f in gtk_main () at ../gtk/gtk/gtkmain.c:1329
#25 0x00005555555c4574 in main(gint, gchar**) (argc=<optimized out>, argv=<optimized out>) at ../geeqie-2.0.1/src/main.c:1469
(gdb) quit

@caclark
Copy link
Collaborator

caclark commented Jun 19, 2023

There is progress being made here:
Exiv2/exiv2#2638

@caclark
Copy link
Collaborator

caclark commented Jun 21, 2023

Fixed in commit c45cca7

@caclark caclark closed this as completed Jun 21, 2023
@caclark caclark mentioned this issue Jun 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@caclark @zackteo @shastah @yeezy69 @waldbaer59