Created attachment 486870 [details] Example image that will segfault gwenview Trying to open an image from a Pentax Camera in gwenview will result in a segfault. It happens when it's trying to read metadata for the image. CLI tools like exiv2 and exiftool work correctly on the image.
Interesting find. Did you already search upstream for similar bugs? https://bugs.kde.org
I did a quick search but I did not find anything related to this on the upstream bug tracker, that's why I started gdb-ing the issue. My guess is that the brand of my camera is less popular, that's why no one noticed so far.
Reported it upstream here: https://bugs.kde.org/show_bug.cgi?id=382918
Apparently solved upstream as per https://bugs.kde.org/show_bug.cgi?id=382842. Can we backport the fix please?
It doesn't look solved at all? Problem seems to be in exiv2 and status is 'to be investigated'.
Upstream bug is: http://dev.exiv2.org/issues/1305 Fix as a patch (tested on ~AMD64): https://github.com/Exiv2/exiv2/commit/5405d61623e82896e498c5c8342dd6f42e689115.patch There is a crash with similar backtrace but only with Nikon images. Fix is almost the same. Patch from the pull request: https://github.com/Exiv2/exiv2/commit/591dea579ae946972fef14bbf799b2d3a12e82d4.patch
There is a load of outstanding exiv2 issues right now that we better wait until many or most of them are fixed with .1.
(In reply to Andreas Sturmlechner from comment #7) > There is a load of outstanding exiv2 issues right now that we better wait > until many or most of them are fixed with .1. Yes, they have 12 open CVEs at the moment thus integrating all patches is too much. Lets hope for a quick release. In the meantime both patches I linked work just fine (~AMD64) and can be applied locally if waiting for a release is not an option.
Added snapshot 0.26_p20171013 to tree to address this issue.
Dropped 0.26, so this should be fixed.
I know this bug is marked fixed, but I'm still getting a segfault when opening files with metadata. $ gwenview DSCN1752.JPG kf5.kio.core: Refilling KProtocolInfoFactory cache in the hope to find "mtp" kf5.kio.core: Refilling KProtocolInfoFactory cache in the hope to find "mtp" Segmentation fault $ emerge --info kde-apps/gwenview kde-apps/gwenview-17.04.3::gentoo was built with the following: USE="X kipi -debug -handbook -raw -semantic-desktop -test" ABI_X86="(64)" $ emerge --info media-gfx/exiv2 media-gfx/exiv2-0.26_p20171104::gentoo was built with the following: USE="nls png xmp -doc -examples -webready" ABI_X86="(64) -32 (-x32)" LINGUAS="-bs -de -es -fi -fr -gl -ms -pl -pt -ru -sk -sv -ug -uk -vi"
Right. Upstream made the fixes in master, then later branched off 0.26 from an earlier point... New PR pending: https://github.com/Exiv2/exiv2/pull/162
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c6eada07c811dc3bd34ce06907d3a5cd8cafe54 commit 4c6eada07c811dc3bd34ce06907d3a5cd8cafe54 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2017-12-05 16:10:05 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2017-12-05 16:15:10 +0000 media-gfx/exiv2: Fix crash with Pentax/Nikon exif data Bug: https://bugs.gentoo.org/626214 Package-Manager: Portage-2.3.13, Repoman-2.3.4 media-gfx/exiv2/Manifest | 2 +- media-gfx/exiv2/exiv2-0.26_p20171104-r1.ebuild | 129 +++++++++++++++++++++ .../exiv2/files/exiv2-0.26-pentaxnikon-crash.patch | 52 +++++++++ 3 files changed, 182 insertions(+), 1 deletion(-)}
It's still not merged to upstream, so I'm adding a revbump for the time being. Fixes the crash for me (at least with 645D exif data).
I have tried and the rev-bumped media-gfx/exiv2-0.26_p20171104-r1 works on the Pentax images too.
I own a Pentax camera and the latest gentoo upgrade made all my photos unavailable in gwenview. Fixed with media-gfx/exiv2-0.26_p20171104-r1 (thanks Zoltan) - please stabilize the patch.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dc8557a38b42c16b34728619c94d0c89476251a commit 1dc8557a38b42c16b34728619c94d0c89476251a Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-04-25 17:40:31 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-04-25 17:53:27 +0000 media-gfx/exiv2: Add 0.26_p20180319 snapshot Fixing CVE-2017-17669, CVE-2017-17725, CVE-2017-18005, CVE-2018-4868 Bug: https://bugs.gentoo.org/626214 Bug: https://bugs.gentoo.org/643554 Bug: https://bugs.gentoo.org/647808 Bug: https://bugs.gentoo.org/640978 Package-Manager: Portage-2.3.31, Repoman-2.3.9 media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 136 ++++++ .../exiv2-0.26_p20180319-CVE-2017-18005.patch | 484 +++++++++++++++++++++ .../files/exiv2-0.26_p20180319-CVE-2018-4868.patch | 39 ++ 4 files changed, 660 insertions(+)}
(In reply to Ciprian Ciubotariu from comment #16) > I own a Pentax camera and the latest gentoo upgrade made all my photos > unavailable in gwenview. Fixed with media-gfx/exiv2-0.26_p20171104-r1 > (thanks Zoltan) - please stabilize the patch. Please test with the latest snapshot.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40c32e8333488b1965fa1de32d97a7403786ab0b commit 40c32e8333488b1965fa1de32d97a7403786ab0b Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-05-29 12:13:07 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-05-29 12:31:09 +0000 media-gfx/exiv2: Drop 0.26_p20171104 (security cleanup) Bug: https://bugs.gentoo.org/647808 Bug: https://bugs.gentoo.org/640978 Bug: https://bugs.gentoo.org/643554 Closes: https://bugs.gentoo.org/626214 Package-Manager: Portage-2.3.40, Repoman-2.3.9 media-gfx/exiv2/Manifest | 1 - media-gfx/exiv2/exiv2-0.26_p20171104.ebuild | 128 ---------------------------- 2 files changed, 129 deletions(-)