https://bugs.kde.org/show_bug.cgi?id=426597
--- Comment #14 from K D Murray <f...@kdmurray.id.au> ---
Gilles,
Many thanks for the patches. It does seem to have fixed the immediate cause of
my crash.
However, now with ASAN on, I'm getting a buffer overflow in LibRaw. Crash
below, not sure why the line numbers aren't showing, i'm using
CMAKE_BUILD_TYPE=Debug.
Cheers,
Kevin
==948374==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fffa8693892 at pc 0x7ffff2353fbf bp 0x7fffa86937d0 sp 0x7fffa86937c8
READ of size 1 at 0x7fffa8693892 thread T55 (Thread (pooled))
#0 0x7ffff2353fbe in LibRaw::tiff_set(tiff_hdr*, unsigned short*, unsigned
short, unsigned short, int, int) [clone .constprop.0]
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15bffbe)
#1 0x7ffff2355857 in LibRaw::tiff_head(tiff_hdr*, int)
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15c1857)
#2 0x7ffff231acc3 in LibRaw::dcraw_make_mem_thumb(int*)
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x1586cc3)
#3 0x7ffff237f9dd in
Digikam::DRawDecoder::Private::loadEmbeddedPreview(QByteArray&, LibRaw*)
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15eb9dd)
#4 0x7ffff236feb4 in Digikam::DRawDecoder::loadEmbeddedPreview(QByteArray&,
QString const&)
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15dbeb4)
#5 0x7ffff236f3f0 in Digikam::DRawDecoder::loadEmbeddedPreview(QImage&,
QString const&)
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15db3f0)
#6 0x7ffff212325f in
Digikam::ThumbnailCreator::createThumbnail(Digikam::ThumbnailInfo const&, QRect
const&) const
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x138f25f)
#7 0x7ffff2117760 in
Digikam::ThumbnailCreator::load(Digikam::ThumbnailIdentifier const&, QRect
const&, bool) const
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x1383760)
#8 0x7ffff211646c in
Digikam::ThumbnailCreator::load(Digikam::ThumbnailIdentifier const&) const
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x138246c)
#9 0x7ffff213906f in Digikam::ThumbnailLoadingTask::execute()
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x13a506f)
#10 0x7ffff213bee2 in Digikam::LoadSaveThread::run()
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x13a7ee2)
#11 0x7ffff219e15a in Digikam::DynamicThread::Private::run()
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x140a15a)
#12 0x7fffefa64691 (/lib/x86_64-linux-gnu/libQt5Core.so.5+0xcc691)
#13 0x7fffefa60a00 (/lib/x86_64-linux-gnu/libQt5Core.so.5+0xc8a00)
#14 0x7fffef5caea6 in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x8ea6)
#15 0x7fffef6e7eae in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfdeae)
Address 0x7fffa8693892 is located in stack of thread T55 (Thread (pooled)) at
offset 50 in frame
#0 0x7ffff235487f in LibRaw::tiff_head(tiff_hdr*, int)
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15c087f)
This frame has 2 object(s):
[48, 50) 'latref' (line 123) <== Memory access at offset 50 overflows this
variable
[64, 66) 'lonref' (line 124)
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
Thread T55 (Thread (pooled)) created by T0 here:
#0 0x7ffff76202a2 in __interceptor_pthread_create
(/lib/x86_64-linux-gnu/libasan.so.6+0x552a2)
#1 0x7fffefa604da in QThread::start(QThread::Priority)
(/lib/x86_64-linux-gnu/libQt5Core.so.5+0xc84da)
SUMMARY: AddressSanitizer: stack-buffer-overflow
(/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15bffbe)
in LibRaw::tiff_set(tiff_hdr*, unsigned short*, unsigned short, unsigned short,
int, int) [clone .constprop.0]
Shadow bytes around the buggy address:
0x1000750ca6c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000750ca6d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000750ca6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000750ca6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000750ca700: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x1000750ca710: f1 f1[02]f2 02 f3 f3 f3 00 00 00 00 00 00 00 00
0x1000750ca720: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 02 f2 f2
0x1000750ca730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000750ca740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000750ca750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000750ca760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==948374==ABORTING
--
You are receiving this mail because:
You are watching all bug changes.
