[frameworks-baloo] [Bug 384607] New: baloo_file_extractor SIGSEGV on broken JPG

Mon, 11 Sep 2017 19:55:51 -0700 

https://bugs.kde.org/show_bug.cgi?id=384607

            Bug ID: 384607
           Summary: baloo_file_extractor SIGSEGV on broken JPG
           Product: frameworks-baloo
           Version: 5.26.0
          Platform: openSUSE RPMs
                OS: Linux
            Status: UNCONFIRMED
          Severity: crash
          Priority: NOR
         Component: Baloo File Daemon
          Assignee: pinak.ah...@gmail.com
          Reporter: zhuravlov...@ya.ru
  Target Milestone: ---

Created attachment 107808
  --> https://bugs.kde.org/attachment.cgi?id=107808&action=edit
this file crashes baloo_file_extractor

> lsb-release -a
LSB Version:    n/a
Distributor ID: openSUSE project
Description:    openSUSE Leap 42.2
Release:        42.2
Codename:       n/a

> uname -a
Linux myhostname 4.4.79-18.26-default #1 SMP Thu Aug 10 20:30:05 UTC 2017
(fa5a935) x86_64 x86_64 x86_64 GNU/Linux

> rpm -qa | egrep 'baloo|exiv2'
baloo5-file-5.26.0-2.1.x86_64
libexiv2-14-0.25-6.1.x86_64
baloo5-widgets-16.08.2-1.1.x86_64
exiv2-debugsource-0.25-6.1.x86_64
baloo5-5.26.0-2.1.x86_64
baloo5-file-debuginfo-5.26.0-2.1.x86_64
baloo5-imports-5.26.0-2.1.x86_64
baloo5-lang-5.26.0-2.1.noarch
libexiv2-14-debuginfo-0.25-6.1.x86_64
baloo5-kioslaves-5.26.0-2.1.x86_64
baloo5-tools-5.26.0-2.1.x86_64

> balooctl index /home/myusername/tmp/src/php-7.1.1/ext/exif/tests/bug60150.jpg
Ошибка сегментирования (core dumped)

> sudo journalctl -f
...
Sep 08 16:19:52 myhostname kernel: baloo_file_extr[11311]: segfault at 4 ip
00007f9e5e239a68 sp 00007ffcff6880b8 error 4 in
libexiv2.so.14.0.0[7f9e5e105000+2c7000]
Sep 08 16:20:42 myhostname systemd-coredump[12138]: Process 11311
(baloo_file_extr) of user 1000 dumped core.

> coredumpctl gdb 11311
...
Core was generated by `/usr/bin/baloo_file_extractor'.
Program terminated with signal SIGSEGV, Segmentation fault.
£0  Exiv2::ValueType<std::pair<unsigned int, unsigned int> >::toFloat
(this=0x57a0910, n=0) at /usr/src/debug/exiv2-0.25/include/exiv2/value.hpp:1695
1695            ok_ = (value_[n].second != 0);
[Current thread is 1 (Thread 0x7f9e6dd4c880 (LWP 11311))]
Missing separate debuginfos, use: zypper install ...
(gdb) l
1690        }
1691        // Specialization for unsigned rational
1692        template<>
1693        inline float ValueType<URational>::toFloat(long n) const
1694        {
1695            ok_ = (value_[n].second != 0);
1696            if (!ok_) return 0.0f;
1697            return static_cast<float>(value_[n].first) / value_[n].second;
1698        }
1699        // Default implementation
(gdb) p value_
$1 = {<std::_Vector_base<std::pair<unsigned int, unsigned int>,
std::allocator<std::pair<unsigned int, unsigned int> > >> = {
    _M_impl = {<std::allocator<std::pair<unsigned int, unsigned int> >> =
{<__gnu_cxx::new_allocator<std::pair<unsigned int, unsigned int> >> = {<No data
fields>}, <No data fields>},
      _M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}}, <No data
fields>}
(gdb) p n
$2 = 0
(gdb) bt
£0  0x00007ffff4e0f20d in poll () at /lib64/libc.so.6
£1  0x00007ffff3830314 in  () at /usr/lib64/libglib-2.0.so.0
£2  0x00007ffff383042c in g_main_context_iteration () at
/usr/lib64/libglib-2.0.so.0
£3  0x00007ffff571c31c in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
at /usr/lib64/libQt5Core.so.5
£4  0x00007ffff56c9feb in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at
/usr/lib64/libQt5Core.so.5
£5  0x00007ffff56d1ed6 in QCoreApplication::exec() () at
/usr/lib64/libQt5Core.so.5
£6  0x000000000040841b in main(int, char**) (argc=1, argv=0x7fffffffdaf8) at
/usr/src/debug/baloo-5.26.0/src/file/extractor/main.cpp:57
(gdb) quit

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to