https://bugs.kde.org/show_bug.cgi?id=426597
Bug ID: 426597
Summary: stack underflow crash in Digikam::DImg::load()
Product: digikam
Version: 7.2.0
Platform: Debian unstable
OS: Linux
Status: REPORTED
Severity: grave
Priority: NOR
Component: general
Assignee: digikam-bugs-n...@kde.org
Reporter: f...@kdmurray.id.au
Target Milestone: ---
SUMMARY
A stack underflow crash occurs with both 7.1.0 and the current master branch
from git when compiled on debain sid. Traceback below, with asan. Appears to be
in QString::QString() as part of the DRawInfo() ctor, while doing
Digikam::DImg::load()
STEPS TO REPRODUCE
1. Run digikam, and trigger loading any RAW file (in my case CR2)
NB: i've re-compiled this with -fsanitize=address to hopefully help debugging,
but the error initially occured without this flag.
OBSERVED RESULT
```
digikam.general: Using 16 CPU core to run threads
digikam.general: Action Thread run 1 new jobs
digikam.general: Cancel Main Thread
digikam.general: One job is done
digikam.general: Cancel Main Thread
digikam.database: Starting scan!
digikam.general: Stacked View Mode : 1
digikam.metaengine: index : 0
digikam.metaengine: properties: 3
digikam.metaengine: Exif color-space tag is sRGB. Using default sRGB ICC
profile.
digikam.metaengine: index : 0
digikam.metaengine: properties: 3
digikam.metaengine: Exif color-space tag is sRGB. Using default sRGB ICC
profile.
digikam.general: Stacked View Mode : 1
digikam.metaengine: index : 0
digikam.metaengine: properties: 3
digikam.metaengine: Exif color-space tag is sRGB. Using default sRGB ICC
profile.
digikam.metaengine: index : 0
digikam.metaengine: properties: 3
digikam.metaengine: Exif color-space tag is sRGB. Using default sRGB ICC
profile.
digikam.general: Stacked View Mode : 1
digikam.metaengine: index : 0
digikam.metaengine: properties: 3
digikam.metaengine: Exif color-space tag is sRGB. Using default sRGB ICC
profile.
digikam.metaengine: index : 0
digikam.metaengine: properties: 3
digikam.metaengine: Exif color-space tag is sRGB. Using default sRGB ICC
profile.
digikam.general: Shortcut value: 1
digikam.general: Detected change, triggering rescan of
"/home/kevin/photos/library/2020/2020-09-99_around-home/todo/"
digikam.general: Writing tags
digikam.metaengine: MetaEngine::metadataWritingMode 3
digikam.metaengine: Will write Metadata to file
"/home/kevin/photos/library/2020/2020-09-99_around-home/todo/029A0172.CR2"
digikam.metaengine: "029A0172.CR2" is a TIFF based RAW file, writing to such a
file is disabled by current settings.
digikam.metaengine: Will write XMP sidecar for file "029A0172.CR2"
digikam.general: Detected change, triggering rescan of
"/home/kevin/photos/library/2020/2020-09-99_around-home/todo/"
digikam.metaengine: wroteComment: false
digikam.metaengine: wroteEXIF: true
digikam.metaengine: wroteIPTC: true
digikam.metaengine: wroteXMP: true
digikam.metaengine: Metadata for file "029A0172.CR2" written to XMP sidecar.
digikam.dimg:
"/home/kevin/photos/library/2020/2020-09-99_around-home/todo/029A0172.CR2" :
"RAW" file identified
=================================================================
==1495583==ERROR: AddressSanitizer: stack-buffer-underflow on address
0x7f4eeb83eca0 at pc 0x7f4f3f5c5f72 bp 0x7f4eeb83e9b0 sp 0x7f4eeb83e9a8
WRITE of size 8 at 0x7f4eeb83eca0 thread T72 (Thread (pooled))
#0 0x7f4f3f5c5f71 in QString::QString()
(/home/kevin/.homedir/opt/dk-compiled/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0xd95f71)
#1 0x7f4f3fe3d2b9 in Digikam::DRawInfo::DRawInfo()
(/home/kevin/.homedir/opt/dk-compiled/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x160d2b9)
#2 0x7f4efc56bcd0 in DigikamRAWDImgPlugin::DImgRAWLoader::load(QString
const&, Digikam::DImgLoaderObserver*)
(/usr/lib/x86_64-linux-gnu/qt5/plugins/digikam/dimg/DImg_RAW_Plugin.so+0x7cd0)
#3 0x7f4f3d7b689f (/lib/x86_64-linux-gnu/libQt5Core.so.5+0x38289f)
Address 0x7f4eeb83eca0 is located in stack of thread T72 (Thread (pooled)) at
offset 0 in frame
#0 0x7f4f3f9d3c2d in Digikam::DImg::load(QString const&, int,
Digikam::DImgLoaderObserver*, Digikam::DRawDecoding const&)
(/home/kevin/.homedir/opt/dk-compiled/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x11a3c2d)
This frame has 37 object(s):
[32, 36) 'loadFlags' (line 112)
[48, 52) '<unknown>'
[64, 68) '<unknown>'
[80, 84) '<unknown>'
[96, 100) '<unknown>'
[112, 116) '<unknown>'
[128, 136) 'fileInfo' (line 103)
[160, 168) '<unknown>'
[192, 200) '<unknown>'
[224, 232) 'lock' (line 115)
[256, 264) '<unknown>'
[288, 296) '<unknown>'
[320, 328) '<unknown>'
[352, 360) '<unknown>'
[384, 392) '<unknown>'
[416, 424) '<unknown>'
[448, 456) '<unknown>'
[480, 488) '<unknown>'
[512, 520) '<unknown>'
[544, 552) '<unknown>'
[576, 584) '<unknown>'
[608, 616) '<unknown>'
[640, 656) '<unknown>'
[672, 688) '<unknown>'
[704, 720) '<unknown>'
[736, 752) '<unknown>'
[768, 784) '<unknown>'
[800, 816) '<unknown>'
[832, 848) '<unknown>'
[864, 880) '<unknown>'
[896, 912) '<unknown>'
[928, 944) '<unknown>'
[960, 992) '<unknown>'
[1024, 1056) '<unknown>'
[1088, 1120) '<unknown>'
[1152, 1184) '<unknown>'
[1216, 1248) '<unknown>'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
Thread T72 (Thread (pooled)) created by T0 here:
#0 0x7f4f450c52a2 in __interceptor_pthread_create
(/lib/x86_64-linux-gnu/libasan.so.6+0x552a2)
#1 0x7f4f3d4fc4da in QThread::start(QThread::Priority)
(/lib/x86_64-linux-gnu/libQt5Core.so.5+0xc84da)
SUMMARY: AddressSanitizer: stack-buffer-underflow
(/home/kevin/.homedir/opt/dk-compiled/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0xd95f71)
in QString::QString()
Shadow bytes around the buggy address:
0x0fea5d6ffd40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fea5d6ffd50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fea5d6ffd60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fea5d6ffd70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fea5d6ffd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fea5d6ffd90: 00 00 00 00[f1]f1 f1 f1 04 f2 f8 f2 f8 f2 04 f2
0x0fea5d6ffda0: 04 f2 04 f2 00 f2 f2 f2 00 f2 f2 f2 f8 f2 f2 f2
0x0fea5d6ffdb0: 00 f2 f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f2 f2 f2
0x0fea5d6ffdc0: f8 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2
0x0fea5d6ffdd0: 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2
0x0fea5d6ffde0: 00 f2 f2 f2 f8 f8 f2 f2 f8 f8 f2 f2 f8 f8 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1495583==ABORTING
```
EXPECTED RESULT
No crash.
SOFTWARE/OS VERSIONS
Linux/KDE Plasma:
(available in About System)
KDE Plasma Version: 5.17.5
KDE Frameworks Version: 20.04.1 / 5.70.0
Qt Version: 5.14
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
