GNOME Bugzilla – Bug 342814
Bad image file causes libexif to crash beagle
Last modified: 2007-05-08 11:04:31 UTC
Steps to reproduce: i filled bug 341501 and Jow Shaw told me to put part of the problem in a new bug I use 2.6 and deleted all my indexes. then i started beagled and recived this... i am going to repeat to try to reproduce the problem.... Stack trace: I am goint to try to reproduce it but first, later, when beagled end the indexing i recived this error in the beagle terminal in (wrapper managed-to-native) Beagle.Util.ExifEntry:exif_entry_get_value (System.Runtime.InteropServices.HandleRef,byte[],int) <0x4> in (wrapper managed-to-native) Beagle.Util.ExifEntry:exif_entry_get_value (System.Runtime.InteropServices.HandleRef,byte[],int) <0xfffffe6b> in Beagle.Util.ExifEntry:get_Value () (at /home/jose/devel/build-area/beagle-0.2.6/Util/ExifData.cs:708) in Beagle.Util.ExifData:LookupFirstValue (Beagle.Util.ExifTag) (at /home/jose/devel/build-area/beagle-0.2.6/Util/ExifData.cs:857) in Beagle.Filters.FilterJpeg:PullImageProperties () (at /home/jose/devel/build-area/beagle-0.2.6/Filters/FilterJpeg.cs:118) in Beagle.Filters.FilterImage:DoPullProperties () (at /home/jose/devel/build-area/beagle-0.2.6/Filters/FilterImage.cs:74) in Beagle.Daemon.Filter:Open (System.IO.FileSystemInfo) (at /home/jose/devel/build-area/beagle-0.2.6/beagled/Filter.cs:520) in Beagle.Daemon.Filter:Open (string) (at /home/jose/devel/build-area/beagle-0.2.6/beagled/Filter.cs:551) in Beagle.Daemon.FilterFactory:FilterIndexable (Beagle.Indexable,Beagle.Daemon.TextCache,Beagle.Daemon.Filter&) (at /home/jose/devel/build-area/beagle-0.2.6/beagled/FilterFactory.cs:281) in Beagle.Daemon.LuceneIndexingDriver:Flush_Unlocked (Beagle.Daemon.IndexerRequest) (at /home/jose/devel/build-area/beagle-0.2.6/beagled/LuceneIndexingDriver.cs:259) in Beagle.Daemon.LuceneIndexingDriver:Flush (Beagle.Daemon.IndexerRequest) (at /home/jose/devel/build-area/beagle-0.2.6/beagled/LuceneIndexingDriver.cs:90) in Beagle.IndexHelper.RemoteIndexerExecutor:Execute (Beagle.RequestMessage) (at /home/jose/devel/build-area/beagle-0.2.6/beagled/IndexHelper/RemoteIndexerExecutor.cs:69) in Beagle.Daemon.ConnectionHandler:HandleConnection () (at /home/jose/devel/build-area/beagle-0.2.6/beagled/Server.cs:275) in (wrapper delegate-invoke) System.MulticastDelegate:invoke_void () <0x299> in Beagle.Util.ExceptionHandlingThread:ThreadStarted () (at /home/jose/devel/build-area/beagle-0.2.6/Util/ExceptionHandlingThread.cs:54) in (wrapper delegate-invoke) System.MulticastDelegate:invoke_void () <0xffffff90> in (wrapper runtime-invoke) System.Object:runtime_invoke_void (object,intptr,intptr,intptr) <0x1b292a7> Native stacktrace: /usr/lib/libmono.so.0(mono_handle_native_sigsegv+0xeb) [0xa7e6592b] /usr/lib/libmono.so.0 [0xa7e2670d] [0xffffe440] /lib/tls/i686/cmov/libc.so.6(__dcgettext+0x3d) [0xa7bea49d] /usr/lib/libexif.so.12(exif_entry_get_value+0x2478) [0xa56f00d8] [0xa5723d09] [0xa5723afc] [0xa5722f5a] [0xa571ad8d] [0xa571a629] [0xa5b4a929] [0xa5b4a713] [0xa5c0a8de] [0xa5cdbf70] [0xa5cdad7b] [0xa5cfd81f] [0xa5f21104] [0xa631a940] [0xa631abaa] [0xa631a940] [0xa631a8a1] /usr/lib/libmono.so.0 [0xa7e43b20] /usr/lib/libmono.so.0(mono_runtime_invoke+0x33) [0xa7ea8703] /usr/lib/libmono.so.0(mono_runtime_delegate_invoke+0x46) [0xa7ea99f6] /usr/lib/libmono.so.0 [0xa7edc776] /usr/lib/libmono.so.0 [0xa7f2a482] /usr/lib/libmono.so.0(GC_start_routine+0x63) [0xa7f46013] /lib/tls/i686/cmov/libpthread.so.0 [0xa7d34e60] /lib/tls/i686/cmov/libc.so.6(__clone+0x5e) [0xa7c988ee] Other information:
Can you identify the file that causes the crash? It'll probably be printed out immediately prior to it. Can you duplicate the crash by running "beagle-extract-content" on it? (If you don't have beagle-extract-content, can you attach the file causing the crash to the bug?)
Created attachment 66152 [details] new logs with the exception I reproduced the error but can not identify the file cousing it i attached all the logs using the --debug-memory, so all the files are printed If you can point to the file cousing it, i'll use extract-content thanks
i forgot to send the standar output 20050228T023022Z-8666-1000-1-44@notebooka has recurrences 20050228T023021Z-8666-1000-1-5@notebooka has recurrences 20050228T023022Z-8666-1000-1-19@notebooka has recurrences 20050228T023021Z-8666-1000-1-7@notebooka has recurrences 20050228T023021Z-8666-1000-1-2@notebooka has recurrences 20050228T023022Z-8666-1000-1-37@notebooka has recurrences 20050228T023022Z-8666-1000-1-32@notebooka has recurrences 20041020T123925Z-3203-1000-1-5@notebooka has recurrences 20041020T123925Z-3203-1000-1-18@notebooka has recurrences 20041020T123925Z-3203-1000-1-13@notebooka has recurrences 57m30cr2r2apqro7s271of7rp8@google.com has recurrences 13f1b83ng0er3on56t1jfupda4@google.com has recurrences mou9a13lvs6attbefbnupaber4@google.com has recurrences 57m30cr2r2apqro7s271of7rp8@google.com has recurrences mou9a13lvs6attbefbnupaber4@google.com has recurrences 13f1b83ng0er3on56t1jfupda4@google.com has recurrences alejo@notenooka:~$ 57m30cr2r2apqro7s271of7rp8@google.com has recurrences mou9a13lvs6attbefbnupaber4@google.com has recurrences 13f1b83ng0er3on56t1jfupda4@google.com has recurrences Reading file:///home/alejo/docs/PAGOS_EVENTO.xls Excel 97 + Reading file:///tmp/tmp51e32807.tmp Excel 97 + Reading file:///tmp/tmp25778736.tmp Excel 97 + ================================================================= Got a SIGSEGV while executing native code. This usually indicates a fatal error in the mono runtime or one of the native libraries used by your application. ================================================================= Stacktrace: in (wrapper managed-to-native) Beagle.Util.XdgMime:xdg_mime_get_mime_type_for_file (string,intptr) <0x4> in (wrapper managed-to-native) Beagle.Util.XdgMime:xdg_mime_get_mime_type_for_file (string,intptr) <0xffffff49> in Beagle.Util.XdgMime:GetMimeType (string) (at /build/buildd/beagle-0.2.6/Util/XdgMime.cs:43) in Beagle.Daemon.FilterFactory:FilterIndexable (Beagle.Indexable,Beagle.Daemon.TextCache,Beagle.Daemon.Filter&) (at /build/buildd/beagle-0.2.6/beagled/FilterFactory.cs:218) in Beagle.Daemon.LuceneIndexingDriver:Flush_Unlocked (Beagle.Daemon.IndexerRequest) (at /build/buildd/beagle-0.2.6/beagled/LuceneIndexingDriver.cs:259) in Beagle.Daemon.LuceneIndexingDriver:Flush (Beagle.Daemon.IndexerRequest) (at /build/buildd/beagle-0.2.6/beagled/LuceneIndexingDriver.cs:90) in Beagle.IndexHelper.RemoteIndexerExecutor:Execute (Beagle.RequestMessage) (at /build/buildd/beagle-0.2.6/beagled/IndexHelper/RemoteIndexerExecutor.cs:69) in Beagle.Daemon.ConnectionHandler:HandleConnection () (at /build/buildd/beagle-0.2.6/beagled/Server.cs:275) in (wrapper delegate-invoke) System.MulticastDelegate:invoke_void () <0x299> in Beagle.Util.ExceptionHandlingThread:ThreadStarted () (at /build/buildd/beagle-0.2.6/Util/ExceptionHandlingThread.cs:54) in (wrapper delegate-invoke) System.MulticastDelegate:invoke_void () <0xffffff90> in (wrapper runtime-invoke) System.Object:runtime_invoke_void (object,intptr,intptr,intptr) <0x1b2a647> Native stacktrace: /usr/lib/libmono.so.0(mono_handle_native_sigsegv+0xeb) [0xa7da392b] /usr/lib/libmono.so.0 [0xa7d6470d] [0xffffe440] /lib/tls/i686/cmov/libc.so.6(bsearch+0x52) [0xa7b301a2] /usr/lib/beagle/libbeagleglue.so(_xdg_mime_alias_list_lookup+0x59) [0xa6d86449] /usr/lib/beagle/libbeagleglue.so(xdg_mime_unalias_mime_type+0x52) [0xa6d83ed2] /usr/lib/beagle/libbeagleglue.so(xdg_mime_mime_type_equal+0x34) [0xa6d83f14] /usr/lib/beagle/libbeagleglue.so(_xdg_mime_magic_lookup_data+0xf7) [0xa6d85827] /usr/lib/beagle/libbeagleglue.so(xdg_mime_get_mime_type_for_file+0x1a6) [0xa6d844e6] [0xa5575330] [0xa5575242] [0xa5b404c9] [0xa5b392c8] [0xa5b380d3] [0xa5b5cc97] [0xa5d7fcd4] [0xa62575a0] [0xa625780a] [0xa62575a0] [0xa6257501] /usr/lib/libmono.so.0 [0xa7d81b20] /usr/lib/libmono.so.0(mono_runtime_invoke+0x33) [0xa7de6703] /usr/lib/libmono.so.0(mono_runtime_delegate_invoke+0x46) [0xa7de79f6] /usr/lib/libmono.so.0 [0xa7e1a776] /usr/lib/libmono.so.0 [0xa7e68482] /usr/lib/libmono.so.0(GC_start_routine+0x63) [0xa7e84013] /lib/tls/i686/cmov/libpthread.so.0 [0xa7c72e60] /lib/tls/i686/cmov/libc.so.6(__clone+0x5e) [0xa7bd68ee] alejo@notenooka:~$ cd .beagle/
This is a separate crash, note the difference: in (wrapper managed-to-native) Beagle.Util.ExifEntry:exif_entry_get_value (System.Runtime.InteropServices.HandleRef,byte[],int) <0x4> vs. in (wrapper managed-to-native) Beagle.Util.XdgMime:xdg_mime_get_mime_type_for_file (string,intptr) <0x4> The latter is a known bug (#339815), the former is the one I'm more interested in.
This is the standar output from beagled --memory-debug. I don't know wich one is the last scanned file... In the next message i will attach the logs from beagle... If you point me to the file i'll sent it to you 20050228T023022Z-8666-1000-1-32@notebooka has recurrences 20041020T123925Z-3203-1000-1-5@notebooka has recurrences 20041020T123925Z-3203-1000-1-18@notebooka has recurrences 20041020T123925Z-3203-1000-1-13@notebooka has recurrences Reading file:///home/alejo/downloads/DIAG%20INCIENSO2.xls Excel 97 + Reading file:///home/alejo/downloads/construccionCasa.xls Excel 97 + Reading file:///home/alejo/downloads/usuarios%20intranet.xls Excel 97 + Reading file:///home/alejo/downloads/base%20de%20datos%20para%20la%20web%202006.xls Excel 97 + Reading file:///home/alejo/downloads/base%20de%20datos%20para%20la%20web%202006(2).xls Excel 97 + Reading file:///tmp/tmp75b29870.tmp Excel 97 + Reading file:///tmp/tmp2ecad14a.tmp Excel 97 + 57m30cr2r2apqro7s271of7rp8@google.com has recurrences mou9a13lvs6attbefbnupaber4@google.com has recurrences 13f1b83ng0er3on56t1jfupda4@google.com has recurrences 57m30cr2r2apqro7s271of7rp8@google.com has recurrences mou9a13lvs6attbefbnupaber4@google.com has recurrences 13f1b83ng0er3on56t1jfupda4@google.com has recurrences 57m30cr2r2apqro7s271of7rp8@google.com has recurrences mou9a13lvs6attbefbnupaber4@google.com has recurrences 13f1b83ng0er3on56t1jfupda4@google.com has recurrences ================================================================= Got a SIGSEGV while executing native code. This usually indicates a fatal error in the mono runtime or one of the native libraries used by your application. ================================================================= Stacktrace: in (wrapper managed-to-native) Beagle.Util.ExifEntry:exif_entry_get_value (System.Runtime.InteropServices.HandleRef,byte[],int) <0x4> in (wrapper managed-to-native) Beagle.Util.ExifEntry:exif_entry_get_value (System.Runtime.InteropServices.HandleRef,byte[],int) <0xfffffe6b> in Beagle.Util.ExifEntry:get_Value () (at /build/buildd/beagle-0.2.6/Util/ExifData.cs:708) in Beagle.Util.ExifData:LookupFirstValue (Beagle.Util.ExifTag) (at /build/buildd/beagle-0.2.6/Util/ExifData.cs:857) in Beagle.Filters.FilterJpeg:PullImageProperties () (at /build/buildd/beagle-0.2.6/Filters/FilterJpeg.cs:118) in Beagle.Filters.FilterImage:DoPullProperties () (at /build/buildd/beagle-0.2.6/Filters/FilterImage.cs:74) in Beagle.Daemon.Filter:Open (System.IO.FileSystemInfo) (at /build/buildd/beagle-0.2.6/beagled/Filter.cs:520) in Beagle.Daemon.Filter:Open (string) (at /build/buildd/beagle-0.2.6/beagled/Filter.cs:551) in Beagle.Daemon.FilterFactory:FilterIndexable (Beagle.Indexable,Beagle.Daemon.TextCache,Beagle.Daemon.Filter&) (at /build/buildd/beagle-0.2.6/beagled/FilterFactory.cs:281) in Beagle.Daemon.LuceneIndexingDriver:Flush_Unlocked (Beagle.Daemon.IndexerRequest) (at /build/buildd/beagle-0.2.6/beagled/LuceneIndexingDriver.cs:259) in Beagle.Daemon.LuceneIndexingDriver:Flush (Beagle.Daemon.IndexerRequest) (at /build/buildd/beagle-0.2.6/beagled/LuceneIndexingDriver.cs:90) in Beagle.IndexHelper.RemoteIndexerExecutor:Execute (Beagle.RequestMessage) (at /build/buildd/beagle-0.2.6/beagled/IndexHelper/RemoteIndexerExecutor.cs:69) in Beagle.Daemon.ConnectionHandler:HandleConnection () (at /build/buildd/beagle-0.2.6/beagled/Server.cs:275) in (wrapper delegate-invoke) System.MulticastDelegate:invoke_void () <0x299> in Beagle.Util.ExceptionHandlingThread:ThreadStarted () (at /build/buildd/beagle-0.2.6/Util/ExceptionHandlingThread.cs:54) in (wrapper delegate-invoke) System.MulticastDelegate:invoke_void () <0xffffff90> in (wrapper runtime-invoke) System.Object:runtime_invoke_void (object,intptr,intptr,intptr) <0x1b29df7> Native stacktrace: /usr/lib/libmono.so.0(mono_handle_native_sigsegv+0xeb) [0xa7d9e92b] /usr/lib/libmono.so.0 [0xa7d5f70d] [0xffffe440] /lib/tls/i686/cmov/libc.so.6(__dcgettext+0x3d) [0xa7b2349d] /usr/lib/libexif.so.12(exif_entry_get_value+0x2478) [0xa4eed0d8] [0xa533f981] [0xa533f774] [0xa533ebd2] [0xa5b15ddd] [0xa5b15679] [0xa56836e1] [0xa56834cb] [0xa5b339d6] [0xa5b2c2c8] [0xa5b2b0d3] [0xa5b4fc97] [0xa5b7152c] [0xa6252df0] [0xa625305a] [0xa6252df0] [0xa6252d51] /usr/lib/libmono.so.0 [0xa7d7cb20] /usr/lib/libmono.so.0(mono_runtime_invoke+0x33) [0xa7de1703] /usr/lib/libmono.so.0(mono_runtime_delegate_invoke+0x46) [0xa7de29f6] /usr/lib/libmono.so.0 [0xa7e15776] /usr/lib/libmono.so.0 [0xa7e63482] /usr/lib/libmono.so.0(GC_start_routine+0x63) [0xa7e7f013] /lib/tls/i686/cmov/libpthread.so.0 [0xa7c6de60] /lib/tls/i686/cmov/libc.so.6(__clone+0x5e) [0xa7bd18ee] 57m30cr2r2apqro7s271of7rp8@google.com has recurrences mou9a13lvs6attbefbnupaber4@google.com has recurrences 13f1b83ng0er3on56t1jfupda4@google.com has recurrences
Created attachment 66240 [details] new logs with the exception Here are the new logs...
If trouble file is /tmp/tmp2ecad14a.tmp The beagle extract is alejo@notenooka:~/.beagle$ beagle-extract-content /tmp/tmp2ecad14a.tmp Filename: file:///tmp/tmp2ecad14a.tmp Debug: Loaded 42 filters from /usr/lib/beagle/Filters/Filters.dll Warn: No such file: /tmp/tmp2ecad14a.tmp No filter for application/octet-stream What are the "13f1b83ng0er3on56t1jfupda4@google.com has recurrences" warnigs?
Can you attach the problematic file to the bug? It would be good to get this file to the libexif developers, as this is apparently a libexif bug.
Created attachment 67069 [details] the evil jpg This is the picture I filed a bug month ago in libexif.. but never got answer... i think if one of you fill a new bug, then they'll do smth.. I hope this helps
reopening as information has been provided
A patch to fix the problem in libexif is given here: http://bugs.kde.org/show_bug.cgi?id=113167#c11 I dont know if the libexif guys know about this patch. Their bugzilla has lots of opened crashers :(. Maybe you want to inform them about the patch. I doubt anything can be done in beagle. That particular function call is buggy and has caused trouble in all libexif clients.
Small followup. The fix referred to from #11 exists in libexif since 2005, so definitely this crash requires another fix. The libexif bug that was filed (and still open) is https://sourceforge.net/tracker/index.php?func=detail&aid=1457501&group_id=12272&atid=112272
Oops.. I accidentally opened the bug. Anyway, I submitted the following patch to the libexif "bugzilla" which fixes this problem: ====================================================================== --- exif-entry.c.orig 2007-03-05 16:52:36.270255500 -0500 +++ exif-entry.c 2007-03-05 16:38:25.317074250 -0500 @@ -903,7 +903,7 @@ } /* Find the value */ - for (j = 0; list2[i].elem[j].values && + for (j = 0; j < 25 && list2[i].elem[j].values && (list2[i].elem[j].index < v_short); j++); if (list2[i].elem[j].index != v_short) { snprintf (val, maxlen, _("Internal error (unknown " ====================================================================== Given the lack of activity in libexif group, maybe we should start maintaining our patched copy of libexif source ala libwv-1.0.3 (fredrik's copy).
You can drop the libexif dep completely if you use the FilterTiff code and add some parsing logic for the entries that libexif converts to strings.
(In reply to comment #14) > You can drop the libexif dep completely if you use the FilterTiff code and add > some parsing logic for the entries that libexif converts to strings. I am not sure I completely understand this. But it sounds cool and helpful. Can you give an example or do some hand-holding :) ? I will pick up from there.
FYI, a patch went into libexif to fix this crash. https://sourceforge.net/tracker/?func=detail&atid=112272&aid=1457501&group_id=12272