Ubuntu
exiv2 package

Regression: exiv2 0.27.3-3ubuntu1.5 makes Gwenview crash when opening images exported by darktable

Bug #1941752 reported by Jan Rathmann
50
This bug affects 9 people
Affects Status Importance Assigned to Milestone
Gwenview
Fix Released
High
exiv2 (Ubuntu)
Fix Released
High
Leonidas S. Barbosa
gwenview (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Since the recent security update of exiv2, Gwenview crashes when trying to open image files that got exported by darktable.

Steps to reproduce:

* Make a test installation of Kubuntu 21.04 in VirtualBox
* Install all updates
* Install darktable
* Copy one of the images in /usr/share/wallpapers (or any other image) to your home directory and open it with darktable
* Within darktable, export a copy of the image (no need to do any actual modifications)
* Try to open that copy with Gwenview. Gwenview will crash.

I'm attaching a crash report hinting that this is related to exiv2.

Temporary workaround:
If I downgrade libexiv2-27 to 0.27.3-3ubuntu1.4, Gwenview doesn't crash, so it seems the crash is related to changes in 0.27.3-3ubuntu1.5.

I don't know if the underlying cause is actually some bug in exiv2, Gwenview or darktable.

Kind regards, Jan

ProblemType: Bug
DistroRelease: Ubuntu 21.04
Package: libexiv2-27 0.27.3-3ubuntu1.5
ProcVersionSignature: Ubuntu 5.11.0-31.33-generic 5.11.22
Uname: Linux 5.11.0-31-generic x86_64
ApportVersion: 2.20.11-0ubuntu65.1
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: KDE
Date: Thu Aug 26 15:16:47 2021
InstallationDate: Installed on 2021-08-26 (0 days ago)
InstallationMedia: Kubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420)
SourcePackage: exiv2
UpgradeStatus: No upgrade log present (probably fresh install)

CVE References

Revision history for this message
In , Friendofanimals (friendofanimals) wrote :
Download full text (3.3 KiB)

Application: gwenview (20.12.3)

Qt Version: 5.15.2
Frameworks Version: 5.80.0
Operating System: Linux 5.11.0-31-generic x86_64
Windowing System: X11
Drkonqi Version: 5.21.4
Distribution: Ubuntu 21.04

-- Information about the crash:
- What I was doing when the application crashed: tried to open a .jpg picture out of dolphin. retried with different pictures, always crashing. Same happening when opening a picture out of gwenview.

The crash can be reproduced every time.

-- Backtrace:
Application: Gwenview (gwenview), signal: Aborted

[KCrash Handler]
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#5 0x00007efd984e8864 in __GI_abort () at abort.c:79
#6 0x00007efd9874fa31 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#7 0x00007efd9875b4fc in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#8 0x00007efd9875b567 in std::terminate() () from /lib/x86_64-linux-gnu/libstdc++.so.6
#9 0x00007efd9875b809 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6
#10 0x00007efd98752452 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#11 0x00007efd981bbad3 in ?? () from /lib/x86_64-linux-gnu/libexiv2.so.27
#12 0x00007efd9815f92d in Exiv2::Xmpdatum::write(std::ostream&, Exiv2::ExifData const*) const () from /lib/x86_64-linux-gnu/libexiv2.so.27
#13 0x00007efd9a66a250 in Gwenview::ImageMetaInfoModel::setExiv2Image(Exiv2::Image const*) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#14 0x00007efd9a634a70 in Gwenview::Document::setExiv2Image(std::unique_ptr<Exiv2::Image, std::default_delete<Exiv2::Image> >) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#15 0x00007efd9a63e39b in ?? () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#16 0x00007efd98bb75c7 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007efd9899ea25 in QFutureWatcherBase::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007efd99854783 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#19 0x00007efd98b7f7ba in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007efd98b827e1 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x00007efd98bd9ba7 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#22 0x00007efd962c38eb in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007efd96316d28 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007efd962c1023 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007efd98bd9204 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#26 0x00007efd98b7e11b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#27 0x00007efd98b86604 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#28 0x0000564728787c1f in ?? ()
#29 0x00007efd984ea565 in __libc_start_main (main=0x5647287876f0, argc=2, argv=0x7ffe3e40e118, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe3...

Read more...

Revision history for this message
In , Alexander Fieroch (fieroch) wrote :

same here since this week. Maybe a bug through latest gwenview, x11 or libjpeg library because last week I had no problem?!
I can load original JPGs from my digital camera with gwenview but trying to load edited and exported jpegs by darktable will crash gwenview immediately. Until last week this was working!

gwenview 4:21.04.3-0ubuntu1~ubuntu21.04~ppa1
libgl1-mesa-dri (21.0.3-0ubuntu0.2 => 21.0.3-0ubuntu0.3)

darktable org.darktable.Darktable 3.6.0 stable system

Revision history for this message
In , Jan Rathmann (kaiserclaudius) wrote :

This seems to be related to a recent security update of exiv2 in Ubuntu 21.04.

libexiv2-27 version 0.27.3-3ubuntu1.5: Gwenview (21.08.0) crashes when I try to open JPEG files generated by darktable.

libexiv2-27 version 0.27.3-3ubuntu1.4: Gwenview (21.08.0) doesn't crash.

Link to the changelog of exiv2 package on Ubuntu:
http://changelogs.ubuntu.com/changelogs/pool/main/e/exiv2/exiv2_0.27.3-3ubuntu1.5/changelog

Temporary workaround: Downgrade libexiv2-27 to version 0.27.3-3ubuntu1.4

Revision history for this message
In , Alexander Fieroch (fieroch) wrote :

Thanks!
Downgrade libexiv2-27 to version 0.27.3-3ubuntu1.4 is working!

Revision history for this message
Jan Rathmann (kaiserclaudius) wrote :
Revision history for this message
Jan Rathmann (kaiserclaudius) wrote :

CVE-2021-37620-3.patch is responsible.

Revision history for this message
Jan Rathmann (kaiserclaudius) wrote :

Relevant terminal output from crash:

terminate called after throwing an instance of 'std::out_of_range'
  what(): basic_string::at: __n (which is 19) >= this->size() (which is 19)
KCrash: crashing... crashRecursionCounter = 2
KCrash: Application Name = gwenview path = /usr/bin pid = 108229

Revision history for this message
Jan Rathmann (kaiserclaudius) wrote :

The following change in CVE-2021-37620-3.patch is responsible:

--- exiv2-0.27.3.orig/src/tags_int.cpp
+++ exiv2-0.27.3/src/tags_int.cpp
@@ -2865,7 +2865,7 @@ namespace Exiv2 {
         }

         std::string stringValue = value.toString();
- if (stringValue[19] == 'Z') {
+ if (stringValue.at(19) == 'Z') {
             stringValue = stringValue.substr(0, 19);
         }
         for (size_t i = 0; i < stringValue.length(); ++i) {

Revision history for this message
In , Jan Rathmann (kaiserclaudius) wrote :

I have tracked this down to the following change in CVE-2021-37620-3.patch (Ubuntu src package exiv2-0.27.3-3ubuntu1.5):

===================================================================
--- exiv2-0.27.3.orig/src/tags_int.cpp
+++ exiv2-0.27.3/src/tags_int.cpp
@@ -2865,7 +2865,7 @@ namespace Exiv2 {
         }

         std::string stringValue = value.toString();
- if (stringValue[19] == 'Z') {
+ if (stringValue.at(19) == 'Z') {
             stringValue = stringValue.substr(0, 19);
         }
         for (size_t i = 0; i < stringValue.length(); ++i) {

Revision history for this message
Pioterus (piotergmoter) wrote :

gwenview crashes every time when I try to open any image. Not darktable related. It started after some regular apt update done a few weeks ago. I had 18.04 LTS, so decided to upgrade to latest LTS (Focal). And to my surprise the same error still exists:

terminate called after throwing an instance of 'std::out_of_range'
  what(): basic_string::at: __n (which is 19) >= this->size() (which is 19)

Package: exiv2
Version: 0.27.2-8ubuntu2.6

Package: gwenview
Version: 4:19.12.3-0ubuntu2

I'm on kubuntu.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in exiv2 (Ubuntu):
status: New → Confirmed
Changed in gwenview (Ubuntu):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in gwenview:
importance: Unknown → High
Revision history for this message
Viatour Luc (lviatour) wrote :

similar problem with Gthumb 3.11 and exiv2 0.27.3-3ubuntu1.5 on Ubuntu 21.04 and jpg generated with darktable.

gthumb crash:
terminate called after throwing an instance of 'std::out_of_range'
what(): basic_string:At __n (which is 19) >= this->size() (which is 19)

Revision history for this message
Arrigo Marchiori (ardovm) wrote :

Confirmed on Ubuntu 18.04.6 LTS i686.

tags: added: i686
Revision history for this message
In , Braunmh (braunmh) wrote :

Created attachment 141931
New crash information added by DrKonqi

gwenview (20.12.3) using Qt 5.15.2

- What I was doing when the application crashed:
Every time when I open a directory containing a picture or only a picture gwenview will crash.

-- Backtrace (Reduced):
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#5 0x00007fb8485c5864 in __GI_abort () at abort.c:79
[...]
#12 0x00007fb84823c92d in Exiv2::Xmpdatum::write(std::ostream&, Exiv2::ExifData const*) const () from /lib/x86_64-linux-gnu/libexiv2.so.27
#13 0x00007fb84a747250 in Gwenview::ImageMetaInfoModel::setExiv2Image(Exiv2::Image const*) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#14 0x00007fb84a711a70 in Gwenview::Document::setExiv2Image(std::unique_ptr<Exiv2::Image, std::default_delete<Exiv2::Image> >) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5

Revision history for this message
In , Richard Johnson (rmchard) wrote :

Created attachment 141971
New crash information added by DrKonqi

gwenview (20.12.3) using Qt 5.15.2

- What I was doing when the application crashed:

This seems to happen reliably on jpg's produced by darktable. Darktable-rendered pics all cause the crash. These were all NEF (Nikon) raw processed into jpg. JPG's made by other tools seem to all work fine.

-- Backtrace (Reduced):
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#5 0x00007f0de4254864 in __GI_abort () at abort.c:79
[...]
#12 0x00007f0de3ecb92d in Exiv2::Xmpdatum::write(std::ostream&, Exiv2::ExifData const*) const () from /lib/x86_64-linux-gnu/libexiv2.so.27
#13 0x00007f0de63d6250 in Gwenview::ImageMetaInfoModel::setExiv2Image(Exiv2::Image const*) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#14 0x00007f0de63a0a70 in Gwenview::Document::setExiv2Image(std::unique_ptr<Exiv2::Image, std::default_delete<Exiv2::Image> >) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5

Revision history for this message
In , Tony (jodr666) wrote :

*** Bug 443069 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Guille (guille2306) wrote :

Created attachment 142281
New crash information added by DrKonqi

gwenview (21.08.1) using Qt 5.15.2

- What I was doing when the application crashed: Opening JPG exported by darktable. This happens reliably since a few weeks ago with every images (either new or exported before the crashes started)

-- Backtrace (Reduced):
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#5 0x00007fc9b6bac864 in __GI_abort () at abort.c:79
[...]
#12 0x00007fc9b692a92d in Exiv2::Xmpdatum::write(std::ostream&, Exiv2::ExifData const*) const () from /lib/x86_64-linux-gnu/libexiv2.so.27
#13 0x00007fc9b8eb3468 in Gwenview::ImageMetaInfoModel::setExiv2Image(Exiv2::Image const*) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#14 0x00007fc9b8e780e0 in Gwenview::Document::setExiv2Image(std::unique_ptr<Exiv2::Image, std::default_delete<Exiv2::Image> >) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5

Revision history for this message
In , Tony (jodr666) wrote :

*** Bug 443651 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Charlie Figura (cfigura) wrote :

Created attachment 142865
New crash information added by DrKonqi

gwenview (21.08.1) using Qt 5.15.2

Gwenview crashed when trying to open a jpg. The images in question were saved by Darktable from Canon Raw images, and ranged in size from 8.2 to 16.4 MiB.

-- Backtrace (Reduced):
#4 __pthread_kill_implementation (no_tid=0, signo=6, threadid=139626298358848) at pthread_kill.c:44
#5 __pthread_kill_internal (signo=6, threadid=139626298358848) at pthread_kill.c:80
#6 __GI___pthread_kill (threadid=139626298358848, signo=signo@entry=6) at pthread_kill.c:91
#7 0x00007efd4d5d6476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#8 0x00007efd4d5bc7b7 in __GI_abort () at abort.c:79

Revision history for this message
In , P (p92) wrote :

Created attachment 143150
New crash information added by DrKonqi

gwenview (21.08.1) using Qt 5.15.2

- What I was doing when the application crashed:
I clicked on a PNG file on dolphin
gwenview opened the image
I cropped this image
closed gwenview

clicked on another image on the same dir
gwenview opened the image
clicked on next image button on gwenview ==> this crash

- Unusual behavior I noticed:
now each time I click on an image on dolphin, gwenview crashes

-- Backtrace (Reduced):
#4 __pthread_kill_implementation (no_tid=0, signo=6, threadid=139983886013632) at pthread_kill.c:44
#5 __pthread_kill_internal (signo=6, threadid=139983886013632) at pthread_kill.c:80
#6 __GI___pthread_kill (threadid=139983886013632, signo=signo@entry=6) at pthread_kill.c:91
#7 0x00007f508f3f7476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#8 0x00007f508f3dd7b7 in __GI_abort () at abort.c:79

Revision history for this message
In , Cs-a (cs-a) wrote :
Download full text (4.1 KiB)

Mee too! Can't no longer view my photos saved by darktable...

Gwenview 21.08.2
Kubuntu 21.10
KDE Frameworks Version 5.87.0
Qt 5.15.2
libexiv2-27 0.27.3-3ubuntu4

$ gwenview dsc_0013_jf.jpg
org.kde.kdegraphics.gwenview.lib: Unresolved mime type "image/x-mng"
org.kde.kdegraphics.gwenview.lib: Unresolved raw mime type "image/x-nikon-nrw"
org.kde.kdegraphics.gwenview.lib: Unresolved raw mime type "image/x-samsung-srw"
terminate called after throwing an instance of 'std::out_of_range'
  what(): basic_string::at: __n (which is 19) >= this->size() (which is 19)
KCrash: crashing... crashRecursionCounter = 2
KCrash: Application Name = gwenview path = /usr/bin pid = 235591
KCrash: Arguments: /usr/bin/gwenview dsc_0013_jf.jpg
KCrash: Attempting to start /usr/lib/x86_64-linux-gnu/libexec/drkonqi

[1]+ Angehalten gwenview dsc_0013_jf.jpg

Application: Gwenview (gwenview), signal: Aborted

[KCrash Handler]
#4 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140084165356608) at pthread_kill.c:44
#5 __pthread_kill_internal (signo=6, threadid=140084165356608) at pthread_kill.c:80
#6 __GI___pthread_kill (threadid=140084165356608, signo=signo@entry=6) at pthread_kill.c:91
#7 0x00007f67e85db476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#8 0x00007f67e85c17b7 in __GI_abort () at abort.c:79
#9 0x00007f67e885ea31 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#10 0x00007f67e886a4ec in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#11 0x00007f67e886a557 in std::terminate() () from /lib/x86_64-linux-gnu/libstdc++.so.6
#12 0x00007f67e886a7f9 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6
#13 0x00007f67e8861448 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#14 0x00007f67e83967fd in ?? () from /lib/x86_64-linux-gnu/libexiv2.so.27
#15 0x00007f67e833612d in Exiv2::Xmpdatum::write(std::ostream&, Exiv2::ExifData const*) const () from /lib/x86_64-linux-gnu/libexiv2.so.27
#16 0x00007f67ea8fa6d6 in Gwenview::ImageMetaInfoModel::setExiv2Image(Exiv2::Image const*) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#17 0x00007f67ea8bfcd0 in Gwenview::Document::setExiv2Image(std::unique_ptr<Exiv2::Image, std::default_delete<Exiv2::Image> >) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#18 0x00007f67ea8cacab in ?? () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#19 0x00007f67e8cc6a53 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007f67e8aacec5 in QFutureWatcherBase::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x00007f67e99f66b3 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#22 0x00007f67e8c8f16a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00007f67e8c92257 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00007f67e8ce8ef7 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x00007f67e63708bb in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007f67e63c3f08 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#27 0x00007f67e636e003...

Read more...

Revision history for this message
Robert Miller (millerrobe) wrote :

This is not just darktable.

I have files that work fine, while some other always crash. The only constant is that all files were created on a Nikon camera.

Files that crash include some, but not all: Raw NEF; JPEGs created by processing NEF files on Windows using Nikon software; JPEGs created directly by camera. If I take a jpeg file that crashes, convert it to bmp or tiff, and try to open with gwenview, the file still crashes. That also points to the exiv bug. When run on a konsole, the crash is always:

terminate called after throwing an instance of 'std::out_of_range'
  what(): basic_string::at: __n (which is 19) >= this->size() (which is 19)
KCrash: crashing... crashRecursionCounter = 2

Running Kubuntu 20.04 LTS and libexiv2-27:amd64 0.27.2-8ubuntu2.6

Revision history for this message
Robert Miller (millerrobe) wrote :

Downgrading to libexiv2-27 0.27.2-8ubuntu2 solved the problem.

Revision history for this message
In , nasenmann72 (mhoppstaedter) wrote :
Download full text (3.3 KiB)

Same here.

Ubuntu 21.10
Gwenview 21.08.1

Application: Gwenview (gwenview), signal: Aborted

[KCrash Handler]
#4 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140017931865152) at pthread_kill.c:44
#5 __pthread_kill_internal (signo=6, threadid=140017931865152) at pthread_kill.c:80
#6 __GI___pthread_kill (threadid=140017931865152, signo=signo@entry=6) at pthread_kill.c:91
#7 0x00007f587c8a7476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#8 0x00007f587c88d7b7 in __GI_abort () at abort.c:79
#9 0x00007f587cb2aa31 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#10 0x00007f587cb364ec in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#11 0x00007f587cb36557 in std::terminate() () from /lib/x86_64-linux-gnu/libstdc++.so.6
#12 0x00007f587cb367f9 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6
#13 0x00007f587cb2d448 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#14 0x00007f587c6627fd in ?? () from /lib/x86_64-linux-gnu/libexiv2.so.27
#15 0x00007f587c60212d in Exiv2::Xmpdatum::write(std::ostream&, Exiv2::ExifData const*) const () from /lib/x86_64-linux-gnu/libexiv2.so.27
#16 0x00007f587ebb86d6 in Gwenview::ImageMetaInfoModel::setExiv2Image(Exiv2::Image const*) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#17 0x00007f587eb7dcd0 in Gwenview::Document::setExiv2Image(std::unique_ptr<Exiv2::Image, std::default_delete<Exiv2::Image> >) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#18 0x00007f587eb88cab in ?? () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#19 0x00007f587cf92a53 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007f587cd78ec5 in QFutureWatcherBase::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x00007f587dcc16b3 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#22 0x00007f587cf5b16a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00007f587cf5e257 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00007f587cfb4ef7 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x00007f587a6428bb in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007f587a695f08 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#27 0x00007f587a640003 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#28 0x00007f587cfb4548 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#29 0x00007f587cf59a9b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#30 0x00007f587cf62024 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#31 0x0000563a42669553 in ?? ()
#32 0x00007f587c88efd0 in __libc_start_call_main (main=main@entry=0x563a42668fe0, argc=argc@entry=2, argv=argv@entry=0x7fffa40d4c98) at ../sysdeps/nptl/libc_start_call_main.h:58
#33 0x00007f587c88f07d in __libc_start_main_impl (main=0x563a42668fe0, argc=2, argv=0x7fffa40d4c98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optim...

Read more...

Revision history for this message
In , K-d-hudson (k-d-hudson) wrote :

Created attachment 143424
New crash information added by DrKonqi

gwenview (20.12.3) using Qt 5.15.2

- What I was doing when the application crashed:

This is a little bizarre. I encountered this while rapidly scrolling through thumbnails in a directory. One particular image reliably crashes QwenView, but it isn't the image itself because QwenView opens the image just fine if I copy it to another directory. If I copy just a few of the images to another directory, QwenView also works just fine. The directory contents are available online to replicate this issue. I downloaded and replicated again just to be sure.

The directory contents are available online inside this archive: https://downloads.open-tx.org/2.3/release/sdcard/opentx-t16/sdcard-480x272-2.3V0025.zip. The directory is IMAGES. The image QwenView crashes on is IMAGES/P51.jpg.

To replicate, extract the archive, and start clicking through the images. I double clicked on in Dolphin to start.

The crash can be reproduced every time.

-- Backtrace (Reduced):
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#5 0x00007f191f393864 in __GI_abort () at abort.c:79
[...]
#12 0x00007f191f00a92d in Exiv2::Xmpdatum::write(std::ostream&, Exiv2::ExifData const*) const () from /lib/x86_64-linux-gnu/libexiv2.so.27
#13 0x00007f1921515250 in Gwenview::ImageMetaInfoModel::setExiv2Image(Exiv2::Image const*) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5
#14 0x00007f19214dfa70 in Gwenview::Document::setExiv2Image(std::unique_ptr<Exiv2::Image, std::default_delete<Exiv2::Image> >) () from /lib/x86_64-linux-gnu/libgwenviewlib.so.5

Revision history for this message
In , Jan Rathmann (kaiserclaudius) wrote :

For me this seems to be fixed under Kubuntu 21.10 with Gwenview 21.08.2 from kubuntu-backports-ppa.

Revision history for this message
In , P (p92) wrote :

Created attachment 143444
New crash information added by DrKonqi

gwenview (21.08.2) using Qt 5.15.2

- What I was doing when the application crashed:
just viewing pics in a folder with gwenview when on one of them gwenview systematically crashes

- Unusual behavior I noticed:
crash of gwenview when selecting next pic that crashes gwenview

-- Backtrace (Reduced):
#4 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140610082931904) at pthread_kill.c:44
#5 __pthread_kill_internal (signo=6, threadid=140610082931904) at pthread_kill.c:80
#6 __GI___pthread_kill (threadid=140610082931904, signo=signo@entry=6) at pthread_kill.c:91
#7 0x00007fe25b7e8476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#8 0x00007fe25b7ce7b7 in __GI_abort () at abort.c:79

Revision history for this message
In , P (p92) wrote :

(In reply to p92 from comment #16)
> Created attachment 143444 [details]
> New crash information added by DrKonqi
>
> gwenview (21.08.2) using Qt 5.15.2
>
> - What I was doing when the application crashed:
> just viewing pics in a folder with gwenview when on one of them gwenview
> systematically crashes
>
> - Unusual behavior I noticed:
> crash of gwenview when selecting next pic that crashes gwenview
>
> -- Backtrace (Reduced):
> #4 __pthread_kill_implementation (no_tid=0, signo=6,
> threadid=140610082931904) at pthread_kill.c:44
> #5 __pthread_kill_internal (signo=6, threadid=140610082931904) at
> pthread_kill.c:80
> #6 __GI___pthread_kill (threadid=140610082931904, signo=signo@entry=6) at
> pthread_kill.c:91
> #7 0x00007fe25b7e8476 in __GI_raise (sig=sig@entry=6) at
> ../sysdeps/posix/raise.c:26
> #8 0x00007fe25b7ce7b7 in __GI_abort () at abort.c:79

not fixed :)

Revision history for this message
In , Jan Rathmann (kaiserclaudius) wrote :

(In reply to Jan Rathmann from comment #15)
> For me this seems to be fixed under Kubuntu 21.10 with Gwenview 21.08.2 from
> kubuntu-backports-ppa.

Please disregard this comment - I totally forgot that I had installed a patched version of exiv2 (with the change described in Comment 4) to workaround the bug, sorry for causing confusion.

Revision history for this message
Hans Bull (bullinger) wrote :

Fixed upstream on Sept, 22: https://github.com/Exiv2/exiv2/commit/8a1e949bff482f74599f60b8ab518442036b1834#diff-b28a1f0018497d794db6df47daa5413371c3e933681f9c126d447f90d30084d8

How long will we have to wait to see this fixed in the Ubuntu repositories? This is a real showstopper bug.

Revision history for this message
In , Erich Eickmeyer (eeickmeyer) wrote :

Created attachment 144108
New crash information added by DrKonqi

gwenview (21.11.90) using Qt 5.15.2

- What I was doing when the application crashed:
Attempting to open a family photo I had just exported from Darktable

-- Backtrace (Reduced):
#4 __pthread_kill_implementation (no_tid=0, signo=6, threadid=139723732405312) at pthread_kill.c:44
#5 __pthread_kill_internal (signo=6, threadid=139723732405312) at pthread_kill.c:80
#6 __GI___pthread_kill (threadid=139723732405312, signo=signo@entry=6) at pthread_kill.c:91
#7 0x00007f13fcc35476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#8 0x00007f13fcc1b7b7 in __GI_abort () at abort.c:79

Revision history for this message
In , Richard Johnson (rmchard) wrote :

Created attachment 144195
New crash information added by DrKonqi

gwenview (21.08.1) using Qt 5.15.2

- What I was doing when the application crashed:
1. used darktable to create a jpg from nef
2. opened jpg with showfoto (success, including metadata)
3. attempted to open jpg with gwenview, immediate app abort

- Unusual behavior I noticed:
* all tools are in default configuration
* Gwenview frame started to open but then aborted.

This machine is now kubuntu 21.10, and both qwenview and darktable have been updated since the original bug report.

-- Backtrace (Reduced):
#4 __pthread_kill_implementation (no_tid=0, signo=6, threadid=139933381518528) at pthread_kill.c:44
#5 __pthread_kill_internal (signo=6, threadid=139933381518528) at pthread_kill.c:80
#6 __GI___pthread_kill (threadid=139933381518528, signo=signo@entry=6) at pthread_kill.c:91
#7 0x00007f44ccf20476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#8 0x00007f44ccf067b7 in __GI_abort () at abort.c:79

Revision history for this message
In , Gordon Lack (gordon-lack) wrote :

Created attachment 144559
New crash information added by DrKonqi

gwenview (21.08.1) using Qt 5.15.2

- What I was doing when the application crashed:

Browsing through images with Dolphin. Select to open one in Gwenview.
Crashes every time.

-- Backtrace (Reduced):
#4 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140466192913600) at pthread_kill.c:44
#5 __pthread_kill_internal (signo=6, threadid=140466192913600) at pthread_kill.c:80
#6 __GI___pthread_kill (threadid=140466192913600, signo=signo@entry=6) at pthread_kill.c:91
#7 0x00007fc0dafab476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#8 0x00007fc0daf917b7 in __GI_abort () at abort.c:79

Revision history for this message
In , Gordon Lack (gordon-lack) wrote :

(In reply to Gordon Lack from comment #21)

Seems to be related to how old the jpegs are.

2016 and earlier it crashes.
2017 and late its OK.
Roughly.....

If I run gwenview on the command line for a failing one this is what I see reported:

====================
[gmllaptop]: gwenview DSCN1657.JPG
org.kde.kdegraphics.gwenview.lib: Unresolved mime type "image/x-mng"
org.kde.kdegraphics.gwenview.lib: Unresolved raw mime type "image/x-nikon-nrw"
org.kde.kdegraphics.gwenview.lib: Unresolved raw mime type "image/x-samsung-srw"
terminate called after throwing an instance of 'std::out_of_range'
  what(): basic_string::at: __n (which is 19) >= this->size() (which is 19)
KCrash: crashing... crashRecursionCounter = 2
KCrash: Application Name = gwenview path = /usr/bin pid = 15230
KCrash: Arguments: /usr/bin/gwenview DSCN1657.JPG
KCrash: Attempting to start /usr/lib/x86_64-linux-gnu/libexec/drkonqi

[1]+ Stopped gwenview DSCN1657.JPG
[gmllaptop]: fg
gwenview DSCN1657.JPG
QSocketNotifier: Invalid socket 8 and type 'Read', disabling...
QSocketNotifier: Invalid socket 10 and type 'Read', disabling...
QSocketNotifier: Invalid socket 13 and type 'Read', disabling...
QSocketNotifier: Invalid socket 18 and type 'Read', disabling...

;
^C
[gmllaptop]: fg
bash: fg: current: no such job
[gmllaptop]: gwenview DSCN1657.JPG
org.kde.kdegraphics.gwenview.lib: Unresolved mime type "image/x-mng"
org.kde.kdegraphics.gwenview.lib: Unresolved raw mime type "image/x-nikon-nrw"
org.kde.kdegraphics.gwenview.lib: Unresolved raw mime type "image/x-samsung-srw"
terminate called after throwing an instance of 'std::out_of_range'
  what(): basic_string::at: __n (which is 19) >= this->size() (which is 19)
KCrash: crashing... crashRecursionCounter = 2
KCrash: Application Name = gwenview path = /usr/bin pid = 15230
KCrash: Arguments: /usr/bin/gwenview DSCN1657.JPG
KCrash: Attempting to start /usr/lib/x86_64-linux-gnu/libexec/drkonqi

[1]+ Stopped gwenview DSCN1657.JPG
[gmllaptop]: fg
gwenview DSCN1657.JPG
QSocketNotifier: Invalid socket 8 and type 'Read', disabling...
QSocketNotifier: Invalid socket 10 and type 'Read', disabling...
QSocketNotifier: Invalid socket 13 and type 'Read', disabling...
QSocketNotifier: Invalid socket 18 and type 'Read', disabling...

;
^C
[gmllaptop]: fg
bash: fg: current: no such job
====================

Revision history for this message
In , Lukáš Karas (lukas-karas) wrote :

Created attachment 144593
sample image that is causing the crash

Here is jpg file that is causing the the crash. It is clear that libexiv is throwing exception when it tries to parse date. This exception is not catched in gwenview.

$ exiv2 -P X print test.jpg
Xmp.tiff.Software XmpText 13 digiKam-7.1.0
Xmp.tiff.DateTime XmpText 19 2014-09-13T14:36:40
Xmp.tiff.ImageWidth XmpText 4 3110
Xmp.tiff.ImageLength XmpText 4 1553
Xmp.xmp.CreatorTool XmpText 13 digiKam-3.5.0
Xmp.xmp.CreateDate XmpText 19 2014-09-13T14:36:40
Xmp.xmp.MetadataDate XmpText 19 2014-09-13T14:36:40
Xmp.xmp.ModifyDate XmpText 19 2014-09-13T14:36:40
Xmp.xmp.Rating XmpText 1 2
Xmp.exif.DateTimeOriginal XmpText 19 Uncaught exception: basic_string::at: __n (which is 19) >= this->size() (which is 19)

$ echo $?
1

So, fix is obvious. But where it should be fixed? In libexiv or gwenview?

Ubuntu 21.10
exiv2 0.27.3
gwenview 21.08.1

Revision history for this message
In , Lukáš Karas (lukas-karas) wrote :

Here is my proposed fix in Gwenview: https://invent.kde.org/graphics/gwenview/-/merge_requests/125

Revision history for this message
In , David-0704 (david-0704) wrote :

Created attachment 144631
New crash information added by DrKonqi

gwenview (21.08.1) using Qt 5.15.2

- What I was doing when the application crashed: I was trying to open a .jpg. All .jpg's in that folder crash; I can open jpg's from different folders. If I copy the jpg's that crash to a diffent folder they open (no crash). The afected folder is a copy of my old windows 10 desktop. PNG images in the same folder as the crashy jpg's open just fine.

-- Backtrace (Reduced):
#4 __pthread_kill_implementation (no_tid=0, signo=6, threadid=139954795291840) at pthread_kill.c:44
#5 __pthread_kill_internal (signo=6, threadid=139954795291840) at pthread_kill.c:80
#6 __GI___pthread_kill (threadid=139954795291840, signo=signo@entry=6) at pthread_kill.c:91
#7 0x00007f49c94e4476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#8 0x00007f49c94ca7b7 in __GI_abort () at abort.c:79

Revision history for this message
In , Gordon Lack (gordon-lack) wrote :

(In reply to Lukáš Karas from comment #24)
> Here is my proposed fix in Gwenview:
> https://invent.kde.org/graphics/gwenview/-/merge_requests/125

Do we need a prod on the libexiv2 package as well to indicate that it needs an update to fix the cause of the crash? (The fix for gwenview to handle such crashes better is welcome, but not sufficient).

I can't see any bug report with libexiv2 as the product.

Revision history for this message
In , Fe-a-ernst (fe-a-ernst) wrote :

This is now fixed both upstream in libexiv2 0.27.5 with https://github.com/Exiv2/exiv2/pull/1918/commits/8a1e949bff482f74599f60b8ab518442036b1834 and in Gwenview for version 21.12.1 with https://invent.kde.org/graphics/gwenview/-/commit/91fcbe9c63c17bc20dbb3dd90e0451997f1c78a6 by Lukáš Karas.

The fix in Gwenview has not been merged into master and will not be present for example in future Gwenview 22.04 because we expect packagers to have shipped the fixed libexiv2 versions by the time Gwenview 22.04 is released.

Revision history for this message
In , Fe-a-ernst (fe-a-ernst) wrote :

(In reply to Gordon Lack from comment #26)
> Do we need a prod on the libexiv2 package as well to indicate that it needs
> an update to fix the cause of the crash? (The fix for gwenview to handle
> such crashes better is welcome, but not sufficient).
>
> I can't see any bug report with libexiv2 as the product.

There is https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1942799

Bug Watch Updater (bug-watch-updater)
Changed in gwenview:
status: Unknown → Fix Released
Revision history for this message
In , Nicolas-fella (nicolas-fella) wrote :

*** Bug 445763 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Nicolas-fella (nicolas-fella) wrote :

*** Bug 447039 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Nicolas-fella (nicolas-fella) wrote :

*** Bug 444851 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Nicolas-fella (nicolas-fella) wrote :

*** Bug 447585 has been marked as a duplicate of this bug. ***

Revision history for this message
simonschmeisser (s-schmeisser) wrote :

This is a debdiff applicable for focal-security. This backports an upstream fix for the regression introduced when fixing CVE-2021-37620. I build it locally in pbuilder and it fixes the crash in gwenview as expected.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "1-0.27.2-8ubuntu2.7.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Mathew Hodson (mhodson)
Changed in exiv2 (Ubuntu):
importance: Undecided → High
Revision history for this message
Alex Murray (alexmurray) wrote :

@leosilva - as you did the original update for exiv2 could you please sponsor the attached debdiff? Thanks.

Changed in exiv2 (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

Sure thing, working on it, till Tuesday it will be done as I need to test it and so for all releases.

Thanks

Changed in exiv2 (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → Leonidas S. Barbosa (leosilvab)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package exiv2 - 0.27.3-3ubuntu4.1

---------------
exiv2 (0.27.3-3ubuntu4.1) impish-security; urgency=medium

  * SECURITY REGRESSION: out of range access that may cause a crash
    - debian/patches/CVE-2021-37620-4.patch: fix out of range access that may
      cause a crash (LP: #1941752)
    - debian/patches/CVE-2021-37620-5.patch: backport to C++98 (a str.pop_back
      that was added in C++11)
    - Thanks Simon Schmeißer

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 10 Jan 2022 10:28:12 -0300

Changed in exiv2 (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package exiv2 - 0.27.3-3ubuntu1.6

---------------
exiv2 (0.27.3-3ubuntu1.6) hirsute-security; urgency=medium

  * SECURITY REGRESSION: out of range access that may cause a crash
    - debian/patches/CVE-2021-37620-4.patch: fix out of range access that may
      cause a crash (LP: #1941752)
    - debian/patches/CVE-2021-37620-5.patch: backport to C++98 (a str.pop_back
      that was added in C++11)
    - Thanks Simon Schmeißer

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 10 Jan 2022 10:22:10 -0300

Changed in exiv2 (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package exiv2 - 0.27.2-8ubuntu2.7

---------------
exiv2 (0.27.2-8ubuntu2.7) focal-security; urgency=medium

  * SECURITY REGRESSION: fix out of range access
  * Bugfix: Fix regression introduced when fixing CVE-2021-37620 (LP:
    #1941752)
    - debian/patches/CVE-2021-37620-4.patch: fix out of range access
    - debian/patches/CVE-2021-37620-5.patch: backport to C++98

 -- Simon Schmeißer <email address hidden> Thu, 30 Dec 2021 21:40:13 +0100

Changed in exiv2 (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
In , Mail-to-wrt (mail-to-wrt) wrote :

Patched exiv2 packages for Ubuntu have just been released.

Revision history for this message
Mathew Hodson (mhodson) wrote :

Fixed in gwenview version 21.12.1.
---

gwenview (4:21.12.1-0ubuntu1) jammy; urgency=medium

  * New upstream release (21.12.1)

 -- Rik Mills <email address hidden> Thu, 06 Jan 2022 10:21:02 +0000

Changed in gwenview (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Fix Released
Revision history for this message
Arrigo Marchiori (ardovm) wrote :

Apparently, this problem is happening again:
https://bugs.launchpad.net/ubuntu/+source/gwenview/+bug/1978307

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.