View Issue Details

IDProjectCategoryView StatusLast Update
0014882CentOS-7exiv2public2019-01-08 19:35
ReporterDanielJohnson 
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionopen 
Product Version7.5.1804 
Target VersionFixed in Version 
Summary0014882: Certain JPGs cause exiv2 to crash Gwenview
DescriptionAfter upgrading to CentOS v7.5, JPGs produced by one of my cameras consistently cause Gwenview to crash with a segfault from libexiv2.so.26.0.0 .
Steps To Reproduce1. Open Gwenview.
2. Attempt to browse a directory which contains an impacted file, or attempt to open such a file directly.
3. After a short delay the Gwenview window will vanish.
Additional InformationThe files I have which cause the crash were produced by a Pentax K-x. So far I've not found other image sources that cause this. If I cannot directly upload the test image and abrt files here you may download them from http://xfr1.progman.us/cent0/

63597c46893031e386b5f116e9b07d4d *abrt.tar.xz
6c78ae684ec67239ce6b78db73454892 *abrt.txt
d3e1e638b1aa83ac26aa533fbe1ad7db *gwenview.out
7110f84aaac992dcd11d78e8017eb623 *sample.jpg
Tags7.5
abrt_hash
URL

Activities

DanielJohnson

DanielJohnson

2018-05-29 18:28

reporter  

abrt.txt (8,981 bytes)
id ce39e1829afb27de70e7ad47c245e3a17e86845e
reason:         gwenview killed by SIGSEGV
time:           Tue 29 May 2018 12:35:22 PM CDT
cmdline:        /usr/bin/gwenview -caption Gwenview --icon gwenview
package:        gwenview-4.10.5-5.el7
uid:            1000 (djohnson)
count:          3
Directory:      /var/spool/abrt/ccpp-2018-05-29-12:35:22-17568
abrt_version:   2.1.11
analyzer:       CCpp
architecture:   x86_64
component:      gwenview
event_log:      
executable:     /usr/bin/gwenview
global_pid:     17568
hostname:       Voyager.progman.us
kernel:         3.10.0-862.2.3.el7.x86_64
last_occurrence: 1527616175
os_release:     CentOS Linux release 7.5.1804 (Core) 
pid:            17568
pkg_arch:       x86_64
pkg_epoch:      0
pkg_fingerprint: 24C6 A8A7 F4A8 0EB5
pkg_name:       gwenview
pkg_release:    5.el7
pkg_vendor:     CentOS
pkg_version:    4.10.5
pwd:            /files/home/djohnson
runlevel:       N 5
type:           CCpp
username:       djohnson
uuid:           e5ecac3b02b88d5332fb34fa0cb257cc8134a9fe

core_backtrace: Text file, 8556 bytes
coredump:       Binary file, 55341056 bytes
dso_list:       Text file, 13470 bytes
maps:           Text file, 76310 bytes

cgroup:
:11:freezer:/
:10:memory:/
:9:hugetlb:/
:8:pids:/user.slice
:7:devices:/user.slice
:6:net_prio,net_cls:/
:5:blkio:/
:4:perf_event:/
:3:cpuacct,cpu:/
:2:cpuset:/
:1:name=systemd:/user.slice/user-1000.slice/session-1.scope

environ:
:XDG_VTNR=1
:SSH_AGENT_PID=10985
:XDG_SESSION_ID=1
:HOSTNAME=Voyager.progman.us
:'GUESTFISH_INIT=\\e[1;34m'
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:XDG_MENU_PREFIX=kde4-
:SHELL=/bin/bash
:TERM=dumb
:HISTSIZE=1000
:GTK2_RC_FILES=/etc/gtk-2.0/gtkrc:/home/djohnson/.gtkrc-2.0:/home/djohnson/.gtkrc-2.0-kde4:/files/home/djohnson/.kde/share/config/gtkrc-2.0
:GS_LIB=
:QTDIR=/usr/lib64/qt-3.3
:QTINC=/usr/lib64/qt-3.3/include
:KDE_FULL_SESSION=true
:IMSETTINGS_MODULE=none
:QT_GRAPHICSSYSTEM_CHECKED=1
:USER=djohnson
:SSH_AUTH_SOCK=/tmp/ssh-0oJ1gBTc9iVb/agent.10097
:USERNAME=djohnson
:'GUESTFISH_PS1=\\[\\e[1;32m\\]><fs>\\[\\e[0;31m\\] '
:LIBBDPLUS_PATH=/usr/lib64/libmmbd.so.0
:PATH=/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:/home/djohnson/.local/bin:/home/djohnson/bin
:DESKTOP_SESSION=1-kde-plasma-standard
:MAIL=/var/spool/mail/djohnson
:LIBAACS_PATH=/usr/lib64/libmmbd.so.0
:QT_IM_MODULE=xim
:XDG_SESSION_TYPE=x11
:PWD=/files/home/djohnson
:XMODIFIERS=@im=none
:KDE_SESSION_UID=1000
:LANG=en_US.UTF-8
:GDM_LANG=en_US.UTF-8
:'GUESTFISH_OUTPUT=\\e[0m'
:KDEDIRS=/usr
:GDMSESSION=1-kde-plasma-standard
:HISTCONTROL=ignoredups
:SSH_ASKPASS=/usr/bin/ksshaskpass
:XDG_SEAT=seat0
:HOME=/home/djohnson
:SHLVL=2
:KDE_SESSION_VERSION=4
:XCURSOR_THEME=Adwaita
:LOGNAME=djohnson
:XDG_SESSION_DESKTOP=1-kde-plasma-standard
:QTLIB=/usr/lib64/qt-3.3/lib
:XDG_DATA_DIRS=/usr/share/kde-settings/kde-profile/default/share:/usr/local/share:/usr/share
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-V2RL54z6BC,guid=aced3d497003591c6537a39a5b0323a4
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/1000
:DISPLAY=:0
:QT_PLUGIN_PATH=/usr/lib64/kde4/plugins:/usr/lib/kde4/plugins:/files/home/djohnson/.kde/lib64/kde4/plugins/:/usr/lib64/kde4/plugins/
:XDG_CURRENT_DESKTOP=KDE
:GTK_IM_MODULE=gtk-im-context-simple
:'GUESTFISH_RESTORE=\\e[0m'
:XAUTHORITY=/tmp/kde-djohnson/xauth-1000-_0
:_=/usr/libexec/kde4/start_kdeinit_wrapper
:KDE_MULTIHEAD=false
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/12547,unix/unix:/tmp/.ICE-unix/12547
:GTK_RC_FILES=/etc/gtk/gtkrc:/home/djohnson/.gtkrc:/files/home/djohnson/.kde/share/config/gtkrc
:DESKTOP_STARTUP_ID=Voyager.progman.us;1527615284;750422;12618_TIME683024380

exploitable:
:Likely crash reason: Jump to an invalid address
:Exploitable rating (0-9 scale): 6

limits:
:Limit                     Soft Limit           Hard Limit           Units     
:Max cpu time              unlimited            unlimited            seconds   
:Max file size             unlimited            unlimited            bytes     
:Max data size             unlimited            unlimited            bytes     
:Max stack size            8388608              unlimited            bytes     
:Max core file size        0                    unlimited            bytes     
:Max resident set          unlimited            unlimited            bytes     
:Max processes             4096                 29876                processes 
:Max open files            1024                 4096                 files     
:Max locked memory         65536                65536                bytes     
:Max address space         unlimited            unlimited            bytes     
:Max file locks            unlimited            unlimited            locks     
:Max pending signals       29876                29876                signals   
:Max msgqueue size         819200               819200               bytes     
:Max nice priority         0                    0                    
:Max realtime priority     0                    0                    
:Max realtime timeout      unlimited            unlimited            us        

machineid:
:systemd=f1e621294b2e44e485335be94a248015
:sosreport_uploader-dmidecode=f7732fccf32880e41f34d1cdcbc43241401e3d1c6e2158343f2112946b506267

open_fds:
:0:pipe:[46969]
:pos:	0
:flags:	00
:mnt_id:	9
:1:/dev/null
:pos:	0
:flags:	0100002
:mnt_id:	20
:2:/dev/null
:pos:	0
:flags:	0100002
:mnt_id:	20
:3:anon_inode:[eventfd]
:pos:	0
:flags:	02004002
:mnt_id:	10
:eventfd-count:                2
:4:pipe:[2464804]
:pos:	0
:flags:	02004000
:mnt_id:	9
:5:pipe:[2464804]
:pos:	0
:flags:	02004001
:mnt_id:	9
:6:socket:[2464805]
:pos:	0
:flags:	02004002
:mnt_id:	7
:7:socket:[2464079]
:pos:	0
:flags:	02004002
:mnt_id:	7
:8:socket:[2463161]
:pos:	0
:flags:	02000002
:mnt_id:	7
:9:socket:[2464808]
:pos:	0
:flags:	02
:mnt_id:	7
:10:anon_inode:inotify
:pos:	0
:flags:	02000000
:mnt_id:	10
:inotify wd:1 ino:8c68e2 sdev:2c mask:fc6 ignored_mask:0 fhandle-bytes:14 fhandle-type:4d f_handle:e2688c0000000000030100000000
:00001f511800
:11:anon_inode:[eventfd]
:pos:	0
:flags:	02004002
:mnt_id:	10
:eventfd-count:                0
:12:/var/tmp/kdecache-djohnson/ksycoca4
:pos:	0
:flags:	02100000
:mnt_id:	62
:13:socket:[2464822]
:pos:	0
:flags:	02004002
:mnt_id:	7
:14:anon_inode:inotify
:pos:	0
:flags:	02000000
:mnt_id:	10
:inotify wd:1 ino:2abd88 sdev:24 mask:cc6 ignored_mask:0 fhandle-bytes:14 fhandle-type:4d f_handle:88bd2a0000000000010100000000
:00001a712100
:15:/proc/17568/mounts
:pos:	0
:flags:	02100000
:mnt_id:	19
:16:socket:[2464824]
:pos:	0
:flags:	02004002
:mnt_id:	7
:17:anon_inode:[eventfd]
:pos:	0
:flags:	02004002
:mnt_id:	10
:eventfd-count:                0
:18:anon_inode:[eventfd]
:pos:	0
:flags:	02004002
:mnt_id:	10
:eventfd-count:                0
:19:socket:[2464850]
:pos:	0
:flags:	04002
:mnt_id:	7
:20:socket:[2463189]
:pos:	0
:flags:	04002
:mnt_id:	7
:21:socket:[2464861]
:pos:	0
:flags:	04002
:mnt_id:	7

os_info:
:NAME="CentOS Linux"
:VERSION="7 (Core)"
:ID="centos"
:ID_LIKE="rhel fedora"
:VERSION_ID="7"
:PRETTY_NAME="CentOS Linux 7 (Core)"
:ANSI_COLOR="0;31"
:CPE_NAME="cpe:/o:centos:centos:7"
:HOME_URL="https://www.centos.org/"
:BUG_REPORT_URL="https://bugs.centos.org/"
:
:CENTOS_MANTISBT_PROJECT="CentOS-7"
:CENTOS_MANTISBT_PROJECT_VERSION="7"
:REDHAT_SUPPORT_PRODUCT="centos"
:REDHAT_SUPPORT_PRODUCT_VERSION="7"
:

proc_pid_status:
:Name:	gwenview
:Umask:	0002
:State:	S (sleeping)
:Tgid:	17568
:Ngid:	0
:Pid:	17568
:PPid:	11206
:TracerPid:	0
:Uid:	1000	1000	1000	1000
:Gid:	1000	1000	1000	1000
:FDSize:	64
:Groups:	10 11 18 889 900 1000 
:VmPeak:	  779216 kB
:VmSize:	  779212 kB
:VmLck:	       0 kB
:VmPin:	       0 kB
:VmHWM:	   59068 kB
:VmRSS:	   55336 kB
:RssAnon:	   19692 kB
:RssFile:	   30016 kB
:RssShmem:	    5628 kB
:VmData:	  240328 kB
:VmStk:	     132 kB
:VmExe:	     524 kB
:VmLib:	   90568 kB
:VmPTE:	     848 kB
:VmSwap:	       0 kB
:Threads:	4
:SigQ:	0/29876
:SigPnd:	0000000000000000
:ShdPnd:	0000000000000000
:SigBlk:	0000000000000000
:SigIgn:	0000000000001000
:SigCgt:	0000000180010800
:CapInh:	0000000000000000
:CapPrm:	0000000000000000
:CapEff:	0000000000000000
:CapBnd:	0000001fffffffff
:CapAmb:	0000000000000000
:Seccomp:	0
:Cpus_allowed:	f
:Cpus_allowed_list:	0-3
:Mems_allowed:	00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
:Mems_allowed_list:	0
:voluntary_ctxt_switches:	3608
:nonvoluntary_ctxt_switches:	858

var_log_messages:
:[System Logs]:
:May 29 12:35:22 Voyager.progman.us kernel: gwenview[17568]: segfault at 0 ip 00007f4f353bcd06 sp 00007ffced6766b0 error 4 in libexiv2.so.26.0.0[7f4f352c9000+29f000]
:May 29 12:35:22 Voyager.progman.us abrt-hook-ccpp[17692]: Process 17568 (gwenview) of user 1000 killed by SIGSEGV - dumping core
:[User Logs]:
abrt.txt (8,981 bytes)
gwenview.out (2,708 bytes)
MD5SUMs.md5 (181 bytes)
matthewmelvin

matthewmelvin

2019-01-04 11:06

reporter   ~0033514

I am having a similar issue with centos 7.6 ...

[matthewm@alnwick ~]$ rpm -q exiv2 centos-release
exiv2-0.26-3.el7.x86_64
centos-release-7-6.1810.2.el7.centos.x86_64
[matthewm@alnwick ~]$

I am unable to open images from my Pentax K100. Can reproduce using either gwenview...

Core was generated by `gwenview 20140301171127-k100d-imgp9370.jpg'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f52fa843d06 in Exiv2::ExifData::findKey (this=this@entry=0x0, key=...) at exif.cpp:583
583 FindExifdatumByKey(key.key()));
(gdb) backtrace
#0 0x00007f52fa843d06 in Exiv2::ExifData::findKey(Exiv2::ExifKey const&) const (this=this@entry=0x0, key=...) at exif.cpp:583
#1 0x00007f52fa890760 in Exiv2::Internal::PentaxMakerNote::printShutterCount(std::ostream&, Exiv2::Value const&, Exiv2::ExifData const*) (os=
    ..., value=..., metadata=0x0) at pentaxmn.cpp:1171
#2 0x00007f5300eec1b5 in Gwenview::ImageMetaInfoModelPrivate::fillExivGroup<Exiv2::ExifData, std::_List_const_iterator<Exiv2::Exifdatum> >(QModelIndex const&, Gwenview::MetaInfoGroup*, Exiv2::ExifData const&) (md=..., os=...) at /usr/include/exiv2/metadatum.hpp:305
#3 0x00007f5300eec1b5 in Gwenview::ImageMetaInfoModelPrivate::fillExivGroup<Exiv2::ExifData, std::_List_const_iterator<Exiv2::Exifdatum> >(QModelIndex const&, Gwenview::MetaInfoGroup*, Exiv2::ExifData const&) (this=0x1a30d30, parent=..., group=group@entry=0x1a5f690, container=...)
    at /usr/src/debug/gwenview-4.10.5/lib/imagemetainfomodel.cpp:270


... or showfoto (which is where I first encountered it before coming here to look for an open issue) ...

Core was generated by `showfoto 20140301171127-k100d-imgp9370.jpg'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f2a80d28d06 in Exiv2::ExifData::findKey (this=this@entry=0x0, key=...) at exif.cpp:583
583 FindExifdatumByKey(key.key()));
(gdb) backtrace
#0 0x00007f2a80d28d06 in Exiv2::ExifData::findKey(Exiv2::ExifKey const&) const (this=this@entry=0x0, key=...) at exif.cpp:583
#1 0x00007f2a80d75760 in Exiv2::Internal::PentaxMakerNote::printShutterCount(std::ostream&, Exiv2::Value const&, Exiv2::ExifData const*) (os=
    ..., value=..., metadata=0x0) at pentaxmn.cpp:1171
#2 0x00007f2a8aad4f0a in KExiv2Iface::KExiv2::getExifTagsDataList(QStringList const&, bool) const (md=..., os=...)
    at /usr/include/exiv2/metadatum.hpp:305
#3 0x00007f2a8aad4f0a in KExiv2Iface::KExiv2::getExifTagsDataList(QStringList const&, bool) const (this=this@entry=
    0x7ffd2343fd80, exifKeysFilter=..., invertSelection=invertSelection@entry=false)
    at /usr/src/debug/libkexiv2-4.10.5/libkexiv2/kexiv2exif.cpp:170


Maybe related to upstream issue...

http://dev.exiv2.org/issues/1305

A local rebuild of exiv2-0.26-3.el7.src.rpm with the upstream patch applied...

https://github.com/Exiv2/exiv2/commit/5405d61

.... fixes the issue for me.
toracat

toracat

2019-01-05 09:10

manager   ~0033517

Upstream bugs (RHBZ):

https://bugzilla.redhat.com/show_bug.cgi?id=1538314 (Fedora 27)
https://bugzilla.redhat.com/show_bug.cgi?id=1585514 (Fedora 28)

I could not find one filed against RHEL.
pgreco

pgreco

2019-01-06 12:18

developer   ~0033524

We have a candidate build for fasttrack, please test it and let us know.
https://buildlogs.centos.org/c7-fasttrack.x86_64/exiv2/20190106113327/0.26-3.el7.0.1.x86_64/

Pablo.
matthewmelvin

matthewmelvin

2019-01-07 22:36

reporter   ~0033533

The new build...

[matthewm@alnwick ~]$ rpm -q -a | grep ^exiv2
exiv2-libs-0.26-3.el7.0.1.x86_64
exiv2-debuginfo-0.26-3.el7.0.1.x86_64
exiv2-0.26-3.el7.0.1.x86_64
[matthewm@alnwick ~]$

... works for me. Can open and edit the k100d images that were always crashing before.
DanielJohnson

DanielJohnson

2019-01-08 19:11

reporter   ~0033540

I can confirm it also works great on my system (updated to CentOS v7.6 after the bug was opened).
toracat

toracat

2019-01-08 19:35

manager   ~0033542

Bug filed upstream: https://bugzilla.redhat.com/show_bug.cgi?id=1664361

Issue History

Date Modified Username Field Change
2018-05-29 18:28 DanielJohnson New Issue
2018-05-29 18:28 DanielJohnson File Added: abrt.txt
2018-05-29 18:28 DanielJohnson File Added: gwenview.out
2018-05-29 18:28 DanielJohnson File Added: MD5SUMs.md5
2018-05-29 18:28 DanielJohnson Tag Attached: 7.5
2019-01-04 11:06 matthewmelvin Note Added: 0033514
2019-01-05 08:37 toracat Status new => acknowledged
2019-01-05 09:10 toracat Note Added: 0033517
2019-01-05 11:10 pgreco Status acknowledged => assigned
2019-01-06 12:18 pgreco Note Added: 0033524
2019-01-07 22:36 matthewmelvin Note Added: 0033533
2019-01-08 19:11 DanielJohnson Note Added: 0033540
2019-01-08 19:35 toracat Note Added: 0033542