[Libexif-devel] Segfault / Leak - Exif 0.6.16

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

long story short. While using f-spot I stumbled into a 100%
reproduceable crash:

        /usr/lib/libexif.so.12(exif_set_short+0x2c) [0xb39119ac]
        /usr/lib/libexif.so.12 [0xb3908d2f]
        /usr/lib/libexif.so.12 [0xb390912b]
        /usr/lib/libexif.so.12(exif_data_save_data+0x1bf) [0xb39096af]

(The crash happens in exif_set_short, I *think* because
exif_data_save_data has a corrupted data struct or data->priv)
=20
So I went ahead and installed gexif in order to make a smaller test
case. Running gexif, loading the picture and then saving it again shows
problems (leak plus seagfault). The leaks get pretty big (this is always
just loading and saving an image in gexif without touching any values) :
 2527 michele   18   0 2284m 1.6g 2032 T    0 80.3   0:02.96 gexif =20

and then it crashes. Here is the full backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1218484544 (LWP 2527)]
0xb7f5895b in exif_set_sshort (b=3D0x1a6 <Address 0x1a6 out of bounds>,
order=3DEXIF_BYTE_ORDER_MOTOROLA, value=3D-28026) at exif-utils.c:113
113                     b[0] =3D (unsigned char) (value >> 8);
(gdb) bt full
#0  0xb7f5895b in exif_set_sshort (b=3D0x1a6 <Address 0x1a6 out of
bounds>, order=3DEXIF_BYTE_ORDER_MOTOROLA, value=3D-28026) at
exif-utils.c:113
No locals.
#1  0xb7f589ac in exif_set_short (b=3D0x1a6 <Address 0x1a6 out of bounds>,
order=3DEXIF_BYTE_ORDER_MOTOROLA, value=3D37510) at exif-utils.c:126
No locals.
#2  0xb7f4fd2f in exif_data_save_data_content (data=3D0x8207700,
ifd=3D0x8205ba8, d=3D0xbfb59f04, ds=3D0xbfb59f08, offset=3D222) at
exif-data.c:237
        j =3D 16
        n_ptr =3D <value optimized out>
        n_thumb =3D <value optimized out>
        i =3D EXIF_IFD_EXIF
#3  0xb7f5012b in exif_data_save_data_content (data=3D0x8207700,
ifd=3D0x8203100, d=3D0xbfb59f04, ds=3D0xbfb59f08, offset=3D142) at
exif-data.c:555
        j =3D 10
        n_ptr =3D <value optimized out>
        n_thumb =3D <value optimized out>
        i =3D EXIF_IFD_0
#4  0xb7f506af in exif_data_save_data (data=3D0x8207700, d=3D0xbfb59f04,
ds=3D0xbfb59f08) at exif-data.c:947
        fd =3D <value optimized out>
#5  0x0804b211 in jpeg_data_save_data (data=3D0x81938e8, d=3D0xbfb59f3c,
ds=3D0xbfb59f38) at jpeg-data.c:127
        i =3D 1
        eds =3D 2366559238
        s =3D {marker =3D JPEG_MARKER_APP1, content =3D {generic =3D {data =
=3D
0x8207700 "", size =3D 775305261}, app1 =3D 0x8207700}}
        ed =3D (unsigned char *) 0x0
#6  0x0804b2dd in jpeg_data_save_file (data=3D0x81938e8, path=3D0x82076e0
"/tmp/gexif/gexif/img-86.jpg") at jpeg-data.c:80
        f =3D <value optimized out>
        d =3D (unsigned char *) 0x81aaba0 "=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=
=BF=BDX\213\037\b\020"
        size =3D 4
#7  0x08049b9b in gexif_main_save_file (m=3D<value optimized out>,
path=3D0x9286 <Address 0x9286 out of bounds>) at gexif-main.c:190
No locals.
#8  0xb7d17428 in ?? () from /usr//lib/libgtk-x11-2.0.so.0
No symbol table info available.
#9  0x0807b000 in ?? ()
No symbol table info available.
#10 0x00000000 in ?? ()
No symbol table info available.

Let me know if you need further info.=20

thanks a lot for the library and regards,
Michele Baldessari

(culprit image is at http://michele.pupazzo.org/files/img-86.jpg)