https://bugs.kde.org/show_bug.cgi?id=426597
--- Comment #14 from K D Murray <f...@kdmurray.id.au> --- Gilles, Many thanks for the patches. It does seem to have fixed the immediate cause of my crash. However, now with ASAN on, I'm getting a buffer overflow in LibRaw. Crash below, not sure why the line numbers aren't showing, i'm using CMAKE_BUILD_TYPE=Debug. Cheers, Kevin ==948374==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffa8693892 at pc 0x7ffff2353fbf bp 0x7fffa86937d0 sp 0x7fffa86937c8 READ of size 1 at 0x7fffa8693892 thread T55 (Thread (pooled)) #0 0x7ffff2353fbe in LibRaw::tiff_set(tiff_hdr*, unsigned short*, unsigned short, unsigned short, int, int) [clone .constprop.0] (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15bffbe) #1 0x7ffff2355857 in LibRaw::tiff_head(tiff_hdr*, int) (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15c1857) #2 0x7ffff231acc3 in LibRaw::dcraw_make_mem_thumb(int*) (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x1586cc3) #3 0x7ffff237f9dd in Digikam::DRawDecoder::Private::loadEmbeddedPreview(QByteArray&, LibRaw*) (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15eb9dd) #4 0x7ffff236feb4 in Digikam::DRawDecoder::loadEmbeddedPreview(QByteArray&, QString const&) (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15dbeb4) #5 0x7ffff236f3f0 in Digikam::DRawDecoder::loadEmbeddedPreview(QImage&, QString const&) (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15db3f0) #6 0x7ffff212325f in Digikam::ThumbnailCreator::createThumbnail(Digikam::ThumbnailInfo const&, QRect const&) const (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x138f25f) #7 0x7ffff2117760 in Digikam::ThumbnailCreator::load(Digikam::ThumbnailIdentifier const&, QRect const&, bool) const (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x1383760) #8 0x7ffff211646c in Digikam::ThumbnailCreator::load(Digikam::ThumbnailIdentifier const&) const (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x138246c) #9 0x7ffff213906f in Digikam::ThumbnailLoadingTask::execute() (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x13a506f) #10 0x7ffff213bee2 in Digikam::LoadSaveThread::run() (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x13a7ee2) #11 0x7ffff219e15a in Digikam::DynamicThread::Private::run() (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x140a15a) #12 0x7fffefa64691 (/lib/x86_64-linux-gnu/libQt5Core.so.5+0xcc691) #13 0x7fffefa60a00 (/lib/x86_64-linux-gnu/libQt5Core.so.5+0xc8a00) #14 0x7fffef5caea6 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8ea6) #15 0x7fffef6e7eae in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfdeae) Address 0x7fffa8693892 is located in stack of thread T55 (Thread (pooled)) at offset 50 in frame #0 0x7ffff235487f in LibRaw::tiff_head(tiff_hdr*, int) (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15c087f) This frame has 2 object(s): [48, 50) 'latref' (line 123) <== Memory access at offset 50 overflows this variable [64, 66) 'lonref' (line 124) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) Thread T55 (Thread (pooled)) created by T0 here: #0 0x7ffff76202a2 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.6+0x552a2) #1 0x7fffefa604da in QThread::start(QThread::Priority) (/lib/x86_64-linux-gnu/libQt5Core.so.5+0xc84da) SUMMARY: AddressSanitizer: stack-buffer-overflow (/home/kevin/.homedir/opt/digikam/lib/x86_64-linux-gnu/libdigikamcore.so.7.2.0+0x15bffbe) in LibRaw::tiff_set(tiff_hdr*, unsigned short*, unsigned short, unsigned short, int, int) [clone .constprop.0] Shadow bytes around the buggy address: 0x1000750ca6c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000750ca6d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000750ca6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000750ca6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000750ca700: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 =>0x1000750ca710: f1 f1[02]f2 02 f3 f3 f3 00 00 00 00 00 00 00 00 0x1000750ca720: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 02 f2 f2 0x1000750ca730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000750ca740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000750ca750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000750ca760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==948374==ABORTING -- You are receiving this mail because: You are watching all bug changes.