I can still see the bug. For me it is easy to reproduce by performing the
following steps:
1) copy the file 2010_05_10__00_00_00_61Z__SDO_AIA_AIA_193.jp2 posted
by Keith Hughitt into an empty directory
2) ask nautilus to display this directory.
Here is a stack trace, obtained using gdb:
#0 0x00007fffd6af391c in jpc_qmfb_join_colgrp (a=0x7fffc7fff010, numrows=2048,
stride=4096, parity=0) at jpc_qmfb.c:786
#1 0x00007fffd6af6ad4 in jpc_ns_synthesize (a=0x7fffc7fff010,
xstart=<optimized out>, ystart=<optimized out>, width=2048, height=2048,
stride=4096) at jpc_qmfb.c:3131
#2 0x00007fffd6b00df7 in jpc_tsfb_synthesize2 (tsfb=0x7fffd00041c0,
a=0x7fffc7fff010, xstart=0, ystart=0, width=2048, height=2048, stride=4096,
numlvls=6) at jpc_tsfb.c:170
#3 0x00007fffd6b00da0 in jpc_tsfb_synthesize2 (tsfb=0x7fffd00041c0,
a=0x7fffc7fff010, xstart=0, ystart=0, width=4096, height=4096, stride=4096,
numlvls=7) at jpc_tsfb.c:161
#4 0x00007fffd6b00e50 in jpc_tsfb_synthesize (tsfb=<optimized out>,
a=<optimized out>) at jpc_tsfb.c:154
#5 0x00007fffd6ae9f84 in jpc_dec_tiledecode (dec=0x7fffd00032c0,
tile=0x7fffd00030e0) at jpc_dec.c:1065
#6 0x00007fffd6aec301 in jpc_dec_process_sod (dec=0x7fffd00032c0, ms=0x0) at
jpc_dec.c:620
#7 0x00007fffd6aeb6ad in jpc_dec_decode (dec=0x7fffd00032c0) at jpc_dec.c:390
#8 jpc_decode (in=<optimized out>, optstr=<optimized out>) at jpc_dec.c:254
#9 0x00007fffd6ae4b48 in jp2_decode (in=0x7fffd0017460, optstr=0x0) at
jp2_dec.c:215
#10 0x00007fffd6ad941c in jas_image_decode (in=0x7fffd0017460, fmt=<optimized
out>, optstr=0x0) at jas_image.c:372
#11 0x00007fffd73a0e0d in ?? () from
/usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0//2.10.0/loaders/libpixbufloader-jasper.so
#12 0x00007ffff5f470f1 in gdk_pixbuf_loader_close () from
/usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0
#13 0x00007ffff77ad02a in ?? () from /usr/lib/libgnome-desktop-3.so.2
#14 0x00007ffff77ad66c in gnome_desktop_thumbnail_factory_generate_thumbnail ()
from /usr/lib/libgnome-desktop-3.so.2
#15 0x00000000004db08b in thumbnail_thread_start (data=<optimized out>) at
nautilus-thumbnails.c:726
#16 0x00007ffff4b4befc in start_thread (arg=0x7fffd75c3700) at
pthread_create.c:304
#17 0x00007ffff3a7f59d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
The line where nautilus crashes is the assignment to *dstptr2
in the inner loop of the following code block from jpc_qmfb.c:
/* Save the samples from the lowpass channel. */
n = hstartcol;
srcptr = &a[0];
dstptr = buf;
while (n-- > 0) {
dstptr2 = dstptr;
srcptr2 = srcptr;
for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) {
*dstptr2 = *srcptr2;
++dstptr2;
++srcptr2;
}
srcptr += stride;
dstptr += JPC_QMFB_COLGRPSIZE;
}
Maybe the destination buffer is too small and this is just a buffer
overflow?
I hope this helps,
Jochen
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/555238
Title:
nautilus crashed with SIGSEGV in jpc_qmfb_join_colgrp()
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/555238/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
