Subject: exiftran: dies with Segmentation fault when rotating an image Package: exiftran Version: 2.07-8 Justification: renders package unusable Severity: grave
exiftran dies when it tries to rotate a JPEG file: $ ./exiftran -a -i -p ../20110711163247.jpg processing ../20110711163247.jpg Segmentation fault It doesn't seem to depend on the picture (it seems to happen with all portrait pictures I just got off my camera). Attached is a backtrace with a version of exiftran built while keeping the symbols. I did notice this during the build: /usr/bin/ld: warning: libjpeg.so.62, needed by /usr/lib/libtiff.so, may conflict with libjpeg.so.8 but don't known whether it is relevant as the stacktrace doesn't include libjpeg code directly. I haven't been able to get another combination of libjpeg*-dev and libtiff*-dev installed together to test whether it may be relevant. From a quick look at the code it seems that exiftran uses libjpeg internals and perhaps the meaning of comp_info has changed between libjpeg62 and libjpeg8? -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages exiftran depends on: ii libc6 2.13-13 Embedded GNU C Library: Shared lib ii libexif12 0.6.20-1 library to parse EXIF files ii libjpeg8 8c-2 Independent JPEG Group's JPEG runt -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
$ gdb exiftran GNU gdb (GDB) 7.2-debian Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /tmp/1/fbi-2.07/exiftran...done. (gdb) r -a -i -p ../20110711163247.jpg Starting program: /tmp/1/fbi-2.07/exiftran -a -i -p ../20110711163247.jpg processing ../20110711163247.jpg Program received signal SIGSEGV, Segmentation fault. transpose_critical_parameters (dstinfo=0xffffc7fc) at jpeg/transupp.c:656 656 itemp = compptr->h_samp_factor; (gdb) bt #0 transpose_critical_parameters (dstinfo=0xffffc7fc) at jpeg/transupp.c:656 #1 0x0804b487 in jtransform_adjust_parameters (srcinfo=0xffffc618, dstinfo=0xffffc7fc, src_coef_arrays=0x805eec4, info=0xffffc5b4) at jpeg/transupp.c:785 #2 0x0804a668 in do_transform (src=0xffffc618, dst=0xffffc7fc, transform=JXFORM_ROT_90, comment=0x0, thumbnail=0x0, tsize=0, flags=1) at jpegtools.c:442 #3 0x0804aa3a in do_thumbnail (transform=JXFORM_ROT_90, ed=<value optimized out>) at jpegtools.c:297 #4 0x0804a7b4 in do_exif (src=0xffffcb6c, dst=0xffffcd50, transform=JXFORM_ROT_90, comment=0x0, thumbnail=0x0, tsize=0, flags=547) at jpegtools.c:362 #5 do_transform (src=0xffffcb6c, dst=0xffffcd50, transform=JXFORM_ROT_90, comment=0x0, thumbnail=0x0, tsize=0, flags=547) at jpegtools.c:423 #6 0x0804ab7f in jpeg_transform_fp (in=0x8052008, out=0x8052198, transform=4294967295, comment=0x0, thumbnail=0x0, tsize=0, flags=547) at jpegtools.c:491 #7 0x0804ae3d in jpeg_transform_inplace (file=0xffffd52c "../20110711163247.jpg", transform=4294967295, comment=0x0, thumbnail=0x0, tsize=0, flags=547) at jpegtools.c:588 #8 0x08049ac4 in main (argc=5, argv=0xffffd364) at exiftran.c:263 (gdb) bt full #0 transpose_critical_parameters (dstinfo=0xffffc7fc) at jpeg/transupp.c:656 tblno = <value optimized out> i = <value optimized out> j = <value optimized out> ci = <value optimized out> itemp = <value optimized out> compptr = 0x78 qtblptr = <value optimized out> dtemp = 120 qtemp = <value optimized out> #1 0x0804b487 in jtransform_adjust_parameters (srcinfo=0xffffc618, dstinfo=0xffffc7fc, src_coef_arrays=0x805eec4, info=0xffffc5b4) at jpeg/transupp.c:785 No locals. #2 0x0804a668 in do_transform (src=0xffffc618, dst=0xffffc7fc, transform=JXFORM_ROT_90, comment=0x0, thumbnail=0x0, tsize=0, flags=1) at jpegtools.c:442 src_coef_arrays = 0x805eec4 dst_coef_arrays = <value optimized out> transformoption = {transform = JXFORM_ROT_90, trim = 0, force_grayscale = 0, num_components = 3, workspace_coef_arrays = 0x805ec14} #3 0x0804aa3a in do_thumbnail (transform=JXFORM_ROT_90, ed=<value optimized out>) at jpegtools.c:297 th = {src = {err = 0xffffc9a8, mem = 0x805e350, progress = 0x0, client_data = 0x0, is_decompressor = 1, global_state = 210, src = 0x8051a1c, image_width = 160, image_height = 120, num_components = 3, jpeg_color_space = JCS_YCbCr, out_color_space = JCS_RGB, scale_num = 8, scale_denom = 8, output_gamma = 1, buffered_image = 1, raw_data_out = 0, dct_method = JDCT_ISLOW, do_fancy_upsampling = 1, do_block_smoothing = 1, quantize_colors = 0, dither_mode = JDITHER_FS, two_pass_quantize = 1, desired_number_of_colors = 256, enable_1pass_quant = 0, enable_external_quant = 0, enable_2pass_quant = 0, output_width = 160, output_height = 120, out_color_components = 0, output_components = 0, rec_outbuf_height = 0, actual_number_of_colors = 0, colormap = 0x0, output_scanline = 0, input_scan_number = 1, input_iMCU_row = 15, output_scan_number = 0, output_iMCU_row = 0, coef_bits = 0x0, quant_tbl_ptrs = { 0x805e484, 0x805e50c, 0x0, 0x0}, dc_huff_tbl_ptrs = {0x805e594, 0x805e6ac, 0x0, 0x0}, ac_huff_tbl_ptrs = {0x805e7c4, 0x805e8dc, 0x0, 0x0}, data_precision = 8, comp_info = 0x805eb0c, is_baseline = 1, progressive_mode = 0, arith_code = 0, arith_dc_L = '\000' <repeats 15 times>, arith_dc_U = '\001' <repeats 16 times>, arith_ac_K = '\005' <repeats 16 times>, restart_interval = 0, saw_JFIF_marker = 0, JFIF_major_version = 1 '\001', JFIF_minor_version = 1 '\001', density_unit = 0 '\000', X_density = 1, Y_density = 1, saw_Adobe_marker = 0, Adobe_transform = 0 '\000', CCIR601_sampling = 0, marker_list = 0x0, max_h_samp_factor = 2, max_v_samp_factor = 1, min_DCT_h_scaled_size = 8, min_DCT_v_scaled_size = 8, total_iMCU_rows = 15, sample_range_limit = 0x0, comps_in_scan = 3, cur_comp_info = {0x805eb0c, 0x805eb64, 0x805ebbc, 0x0}, MCUs_per_row = 10, MCU_rows_in_scan = 15, blocks_in_MCU = 4, MCU_membership = {0, 0, 1, 2, 0, 0, 0, 0, 0, 0}, Ss = 0, Se = 63, Ah = 0, Al = 0, block_size = 8, natural_order = 0xf7fbab00, lim_Se = 63, unread_marker = 0, master = 0x0, main = 0x0, coef = 0x805ee7c, post = 0x0, inputctl = 0x805e464, marker = 0x805e3b4, entropy = 0x805eda4, idct = 0x0, upsample = 0x0, cconvert = 0x0, cquantize = 0x0}, dst = {err = 0xffffca2c, mem = 0x805eaa8, progress = 0x0, client_data = 0x0, is_decompressor = 0, global_state = 100, dest = 0x8051a38, image_width = 120, image_height = 160, input_components = 3, in_color_space = JCS_YCbCr, input_gamma = 1, scale_num = 1, scale_denom = 1, jpeg_width = 160, jpeg_height = 120, data_precision = 8, num_components = 3, jpeg_color_space = JCS_YCbCr, comp_info = 0x807f504, quant_tbl_ptrs = {0x807f874, 0x807f8fc, 0x0, 0x0}, q_scale_factor = {100, 100, 100, 100}, dc_huff_tbl_ptrs = { 0x807f984, 0x807fbb4, 0x0, 0x0}, ac_huff_tbl_ptrs = {0x807fa9c, 0x807fccc, 0x0, 0x0}, arith_dc_L = '\000' <repeats 15 times>, arith_dc_U = '\001' <repeats 16 times>, arith_ac_K = '\005' <repeats 16 times>, num_scans = 0, scan_info = 0x0, raw_data_in = 0, arith_code = 0, optimize_coding = 0, CCIR601_sampling = 0, do_fancy_downsampling = 1, smoothing_factor = 0, dct_method = JDCT_ISLOW, restart_interval = 0, restart_in_rows = 0, write_JFIF_header = 1, JFIF_major_version = 1 '\001', JFIF_minor_version = 1 '\001', density_unit = 0 '\000', X_density = 1, Y_density = 1, write_Adobe_marker = 0, next_scanline = 0, progressive_mode = 0, max_h_samp_factor = 0, max_v_samp_factor = 0, min_DCT_h_scaled_size = 8, min_DCT_v_scaled_size = 8, total_iMCU_rows = 0, comps_in_scan = 0, cur_comp_info = {0x0, 0x0, 0x0, 0x0}, MCUs_per_row = 0, MCU_rows_in_scan = 0, blocks_in_MCU = 0, MCU_membership = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, Ss = 0, Se = 0, Ah = 0, Al = 0, block_size = 8, natural_order = 0xf7fbab00, lim_Se = 63, master = 0x0, main = 0x0, prep = 0x0, coef = 0x0, marker = 0x0, cconvert = 0x0, downsample = 0x0, fdct = 0x0, entropy = 0x0, script_space = 0x0, script_space_size = 0}, jsrcerr = {error_exit = 0xf7fa5900, emit_message = 0xf7fa5710, output_message = 0xf7fa5890, format_message = 0xf7fa5790, reset_error_mgr = 0xf7fa5770, msg_code = 87, msg_parm = {i = {0, 63, 0, 0, 0, 1, 2, 119}, s = "\000\000\000\000?", '\000' <repeats 15 times>, "\001\000\000\000\002\000\000\000w", '\000' <repeats 50 times>}, trace_level = 0, num_warnings = 0, jpeg_message_table = 0xf7fc1140, last_jpeg_message = 126, addon_message_table = 0x0, first_addon_message = 0, last_addon_message = 0}, jdsterr = {error_exit = 0xf7fa5900, emit_message = 0xf7fa5710, output_message = 0xf7fa5890, format_message = 0xf7fa5790, reset_error_mgr = 0xf7fa5770, msg_code = 0, msg_parm = {i = {0, 0, 0, 0, 0, 0, 0, 0}, s = '\000' <repeats 79 times>}, trace_level = 0, num_warnings = 0, jpeg_message_table = 0xf7fc1140, last_jpeg_message = 126, addon_message_table = 0x0, first_addon_message = 0, last_addon_message = 0}, in = 0x805c350 "\377\330\377", <incomplete sequence \333>, out = 0x0, isize = 5426, osize = 0} #4 0x0804a7b4 in do_exif (src=0xffffcb6c, dst=0xffffcd50, transform=JXFORM_ROT_90, comment=0x0, thumbnail=0x0, tsize=0, flags=547) at jpegtools.c:362 mark = 0x805413c ed = 0x805ab00 data = <value optimized out> size = <value optimized out> #5 do_transform (src=0xffffcb6c, dst=0xffffcd50, transform=JXFORM_ROT_90, comment=0x0, thumbnail=0x0, tsize=0, flags=547) at jpegtools.c:423 src_coef_arrays = <value optimized out> dst_coef_arrays = <value optimized out> transformoption = {transform = 134515052, trim = 134551820, force_grayscale = -134474392, num_components = -12976, workspace_coef_arrays = 0x8052008} #6 0x0804ab7f in jpeg_transform_fp (in=0x8052008, out=0x8052198, transform=4294967295, comment=0x0, thumbnail=0x0, tsize=0, flags=547) at jpegtools.c:491 src = {err = 0xffffcefc, mem = 0x8052300, progress = 0x0, client_data = 0xf7f29580, is_decompressor = 1, global_state = 202, src = 0x8052434, image_width = 2816, image_height = 2112, num_components = 3, jpeg_color_space = JCS_YCbCr, out_color_space = JCS_RGB, scale_num = 8, scale_denom = 8, output_gamma = 1, buffered_image = 0, raw_data_out = 0, dct_method = JDCT_ISLOW, do_fancy_upsampling = 1, do_block_smoothing = 1, quantize_colors = 0, dither_mode = JDITHER_FS, two_pass_quantize = 1, desired_number_of_colors = 256, enable_1pass_quant = 0, enable_external_quant = 0, enable_2pass_quant = 0, output_width = 0, output_height = 0, out_color_components = 0, output_components = 0, rec_outbuf_height = 0, actual_number_of_colors = 0, colormap = 0x0, output_scanline = 0, input_scan_number = 1, input_iMCU_row = 0, output_scan_number = 0, output_iMCU_row = 0, coef_bits = 0x0, quant_tbl_ptrs = {0x805245c, 0x80524e4, 0x0, 0x0}, dc_huff_tbl_ptrs = {0x805256c, 0x8052684, 0x0, 0x0}, ac_huff_tbl_ptrs = {0x805279c, 0x80528b4, 0x0, 0x0}, data_precision = 8, comp_info = 0x8056b5c, is_baseline = 1, progressive_mode = 0, arith_code = 0, arith_dc_L = '\000' <repeats 15 times>, arith_dc_U = '\001' <repeats 16 times>, arith_ac_K = '\005' <repeats 16 times>, restart_interval = 0, saw_JFIF_marker = 0, JFIF_major_version = 1 '\001', JFIF_minor_version = 1 '\001', density_unit = 0 '\000', X_density = 1, Y_density = 1, saw_Adobe_marker = 0, Adobe_transform = 0 '\000', CCIR601_sampling = 0, marker_list = 0x805413c, max_h_samp_factor = 2, max_v_samp_factor = 1, min_DCT_h_scaled_size = 8, min_DCT_v_scaled_size = 8, total_iMCU_rows = 264, sample_range_limit = 0x0, comps_in_scan = 3, cur_comp_info = {0x8056b5c, 0x8056bb4, 0x8056c0c, 0x0}, MCUs_per_row = 0, MCU_rows_in_scan = 0, blocks_in_MCU = 0, MCU_membership = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, Ss = 0, Se = 63, Ah = 0, Al = 0, block_size = 8, natural_order = 0xf7fbab00, lim_Se = 63, unread_marker = 0, master = 0x0, main = 0x0, coef = 0x0, post = 0x0, inputctl = 0x8052414, marker = 0x8052364, entropy = 0x0, idct = 0x0, upsample = 0x0, cconvert = 0x0, cquantize = 0x0} dst = {err = 0xffffd01c, mem = 0x8053a68, progress = 0x0, client_data = 0xf7ffcff4, is_decompressor = 0, global_state = 100, dest = 0x8053acc, image_width = 0, image_height = 0, input_components = 0, in_color_space = JCS_UNKNOWN, input_gamma = 1, scale_num = 0, scale_denom = 0, jpeg_width = 0, jpeg_height = 0, data_precision = 0, num_components = 0, jpeg_color_space = JCS_UNKNOWN, comp_info = 0x0, quant_tbl_ptrs = { 0x0, 0x0, 0x0, 0x0}, q_scale_factor = {100, 100, 100, 100}, dc_huff_tbl_ptrs = {0x0, 0x0, 0x0, 0x0}, ac_huff_tbl_ptrs = {0x0, 0x0, 0x0, 0x0}, arith_dc_L = '\000' <repeats 15 times>, arith_dc_U = '\000' <repeats 15 times>, arith_ac_K = '\000' <repeats 15 times>, num_scans = 0, scan_info = 0x0, raw_data_in = 0, arith_code = 0, optimize_coding = 0, CCIR601_sampling = 0, do_fancy_downsampling = 0, smoothing_factor = 0, dct_method = JDCT_ISLOW, restart_interval = 0, restart_in_rows = 0, write_JFIF_header = 0, JFIF_major_version = 0 '\000', JFIF_minor_version = 0 '\000', density_unit = 0 '\000', X_density = 0, Y_density = 0, write_Adobe_marker = 0, next_scanline = 0, progressive_mode = 0, max_h_samp_factor = 0, max_v_samp_factor = 0, min_DCT_h_scaled_size = 0, min_DCT_v_scaled_size = 0, total_iMCU_rows = 0, comps_in_scan = 0, cur_comp_info = {0x0, 0x0, 0x0, 0x0}, MCUs_per_row = 0, MCU_rows_in_scan = 0, blocks_in_MCU = 0, MCU_membership = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, Ss = 0, Se = 0, Ah = 0, Al = 0, block_size = 8, natural_order = 0xf7fbab00, lim_Se = 63, master = 0x0, main = 0x0, prep = 0x0, coef = 0x0, marker = 0x0, cconvert = 0x0, downsample = 0x0, fdct = 0x0, entropy = 0x0, script_space = 0x0, script_space_size = 0} jdsterr = {error_exit = 0xf7fa5900, emit_message = 0xf7fa5710, output_message = 0xf7fa5890, format_message = 0xf7fa5790, reset_error_mgr = 0xf7fa5770, msg_code = 0, msg_parm = {i = { -12228, -136481340, -134925624, 0, -1, -134230028, 134515945, 1}, s = "<\320\377\377\304u\335\367\310\062\365\367\000\000\000\000\377\377\377\377\364\317\377\367\351\214\004\b\001\000\000\000\220\320\377\377v\351\376\367\300\332\377\367\060\066\365\367\001\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000l\211\004\b\350\031\005\b\000\000\000\000\304u\335", <incomplete sequence \367>}, trace_level = 0, num_warnings = 0, jpeg_message_table = 0xf7fc1140, last_jpeg_message = 126, addon_message_table = 0x0, first_addon_message = 0, last_addon_message = 0} jsrcerr = {jpeg = {error_exit = 0x804a2b0 <longjmp_error_exit>, emit_message = 0xf7fa5710, output_message = 0xf7fa5890, format_message = 0xf7fa5790, reset_error_mgr = 0xf7fa5770, msg_code = 107, msg_parm = {i = {0, 63, 0, 0, 0, 1, 2, 119}, s = "\000\000\000\000?", '\000' <repeats 15 times>, "\001\000\000\000\002\000\000\000w\000\000\000\000\000\000\000\004n\335\367\070\231\377\367`\317\377\377\000\000\000\000\026\000\000\000\304u\335\367\004\066\365\367\226\224\a\375\204\317\377\377\006\000\000\000\000\000\000"}, trace_level = 0, num_warnings = 0, jpeg_message_table = 0xf7fc1140, last_jpeg_message = 126, addon_message_table = 0x0, first_addon_message = 0, last_addon_message = 0}, setjmp_buffer = {{__jmpbuf = {-10964, 134553968, 134553608, 134554008, -151677193, 3587352}, __mask_was_saved = 0, __saved_mask = {__val = { 4294955076, 134514860, 4294955064, 4160739940, 0, 4160042544, 1, 0, 1, 4160739592, 384, 194, 4159242707, 1, 4158787682, 134553968, 194, 0, 4294955136, 4294955064, 4294955076, 194, 4160739592, 0, 134553993, 134553994, 134515945, 0, 134553990, 4159267281, 2290, 0}}}}} #7 0x0804ae3d in jpeg_transform_inplace (file=0xffffd52c "../20110711163247.jpg", transform=4294967295, comment=0x0, thumbnail=0x0, tsize=0, flags=547) at jpegtools.c:588 tmpfile = 0x8052170 "../20110711163247.jpg.CQocXq" bakfile = <value optimized out> st = {st_dev = 2049, __pad1 = 0, st_ino = 35396, st_mode = 33152, st_nlink = 1, st_uid = 1000, st_gid = 100, st_rdev = 0, __pad2 = 0, st_size = 1170888, st_blksize = 4096, st_blocks = 2290, st_atim = {tv_sec = 1312145355, tv_nsec = 0}, st_mtim = {tv_sec = 1312145348, tv_nsec = 0}, st_ctim = {tv_sec = 1312145348, tv_nsec = 0}, __unused4 = 0, __unused5 = 0} fd = <value optimized out> in = 0x8052008 out = 0x8052198 #8 0x08049ac4 in main (argc=5, argv=0xffffd364) at exiftran.c:263 transform = 4294967295 comment = 0x0 outfile = <value optimized out> thumbnail = 0x0 tsize = 0 inplace = 0 flags = 547 dump = 0 i = 4 c = <value optimized out> rc = 0 (gdb) p compptr $1 = (jpeg_component_info *) 0x78 (gdb) p dstinfo $2 = (j_compress_ptr) 0xffffc7fc (gdb) p *dstinfo $3 = {err = 0xffffca2c, mem = 0x805eaa8, progress = 0x0, client_data = 0x0, is_decompressor = 0, global_state = 100, dest = 0x8051a38, image_width = 120, image_height = 160, input_components = 3, in_color_space = JCS_YCbCr, input_gamma = 1, data_precision = 1, num_components = 1, jpeg_color_space = 160, comp_info = 0x78, quant_tbl_ptrs = {0x8, 0x3, 0x3, 0x807f504}, dc_huff_tbl_ptrs = {0x807f874, 0x807f8fc, 0x0, 0x0}, ac_huff_tbl_ptrs = {0x64, 0x64, 0x64, 0x64}, arith_dc_L = "\204\371\a\b\264\373\a\b\000\000\000\000\000\000\000", arith_dc_U = "\234\372\a\b\314\374\a\b\000\000\000\000\000\000\000", arith_ac_K = '\000' <repeats 15 times>, num_scans = 16843009, scan_info = 0x1010101, raw_data_in = 16843009, arith_code = 16843009, optimize_coding = 84215045, CCIR601_sampling = 84215045, smoothing_factor = 84215045, dct_method = 84215045, restart_interval = 0, restart_in_rows = 0, write_JFIF_header = 0, JFIF_major_version = 0 '\000', JFIF_minor_version = 0 '\000', density_unit = 0 '\000', X_density = 0, Y_density = 0, write_Adobe_marker = 0, next_scanline = 1, progressive_mode = 0, max_h_samp_factor = 0, max_v_samp_factor = 0, total_iMCU_rows = 0, comps_in_scan = 1, cur_comp_info = {0x101, 0x10001, 0x0, 0x0}, MCUs_per_row = 0, MCU_rows_in_scan = 0, blocks_in_MCU = 0, MCU_membership = {8, 8, 0, 0, 0, 0, 0, 0, 0, 0}, Ss = 0, Se = 0, Ah = 0, Al = 0, master = 0x0, main = 0x0, prep = 0x0, coef = 0x0, marker = 0x0, cconvert = 0x0, downsample = 0x0, fdct = 0x0, entropy = 0x0, script_space = 0x0, script_space_size = 0} (gdb) p dstinfo->comp_info $4 = (jpeg_component_info *) 0x78 (gdb)
signature.asc
Description: This is a digitally signed message part
