Crashes when trying to read Xmp.lr.hierarchicalSubject
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pyexiv2 |
Fix Released
|
High
|
Olivier Tilloy |
Bug Description
When trying to read a Xmp.lr.
#0 0x00007ffff544edd8 in std::basic_
std::char_
const&) () from /usr/lib/
#1 0x00007ffff5b9ae84 in exiv2wrapper:
(this=0x7ffff7f
at src/exiv2wrappe
#2 0x00007ffff5bbe656 in
boost::
const&>, std::string const (exiv2wrapper:
boost::
f=@0x94ee98, tc=...)
at /usr/include/
#3 0x00007ffff5bb9d33 in
boost::
(exiv2wrapper:
boost::
> >::operator() (this=0x94ee98, args_=
(<_XmpTag at remote 0x7ffff7f5ac00>,))
at /usr/include/
#4 0x00007ffff5bb69b7 in
boost::
const (exiv2wrapper:
boost::
> >::operator() (this=
0x94ee90, args=(<_XmpTag at remote 0x7ffff7f5ac00>,), kw=0x0)
at /usr/include/
My guess is that this stuff gets interpreted as a new datatype by libexiv2 (0.15-2) that your code isn't prepared to parse. I tried to poke at the data from gdb a bit but it's having troubles parsing C++ or I don't know how to make it do it. :-(
The raw XML looks a lot like the non-hierarchical keyword field which can be read perfectly:
<lr:
<rdf:Bag>
<rdf:
</rdf:Bag>
</lr:
<dc:subject>
<rdf:Bag>
<rdf:
<rdf:
</rdf:Bag>
</dc:subject>
Not marking as a security vuln sinec although this causes crashes, it's not immediately exploitable by a remote user.
pyexiv2 version 0.2.2, libexiv 0.15, code to repeat:
import pyexiv2
img = pyexiv2.
img.read()
img.xmp_keys
img['Xmp.
I'm attaching an image that has this tag.
Related branches
Changed in pyexiv2: | |
assignee: | nobody → Olivier Tilloy (osomon) |
status: | Confirmed → In Progress |
Changed in pyexiv2: | |
milestone: | none → 0.3 |
Changed in pyexiv2: | |
status: | Fix Committed → Fix Released |
I can reproduce with the image attached, running pyexiv2 from trunk compiled against libexiv2 0.19.