pyexiv2

Crashes when trying to read Xmp.lr.hierarchicalSubject

Bug #677267 reported by Wilmer van der Gaast
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
pyexiv2
Fix Released
High
Olivier Tilloy
pyexiv2 0.3 "A Good Year"

Bug Description

When trying to read a Xmp.lr.hierarchicalSubject property from a file generated by, for example, Bibble .. I get a segfault. :-(

#0 0x00007ffff544edd8 in std::basic_string<char,
std::char_traits<char>, std::allocator<char> >::basic_string(std::string
const&) () from /usr/lib/libstdc++.so.6
#1 0x00007ffff5b9ae84 in exiv2wrapper::XmpTag::getTextValue
(this=0x7ffff7f5ac40)
    at src/exiv2wrapper.cpp:860
#2 0x00007ffff5bbe656 in
boost::python::detail::invoke<boost::python::to_python_value<std::string
const&>, std::string const (exiv2wrapper::XmpTag::*)(),
boost::python::arg_from_python<exiv2wrapper::XmpTag&> > (rc=...,
f=@0x94ee98, tc=...)
    at /usr/include/boost/python/detail/invoke.hpp:88
#3 0x00007ffff5bb9d33 in
boost::python::detail::caller_arity<1u>::impl<std::string const
(exiv2wrapper::XmpTag::*)(), boost::python::default_call_policies,
boost::mpl::vector2<std::string const, exiv2wrapper::XmpTag&>
> >::operator() (this=0x94ee98, args_=
    (<_XmpTag at remote 0x7ffff7f5ac00>,))
    at /usr/include/boost/python/detail/caller.hpp:223
#4 0x00007ffff5bb69b7 in
boost::python::objects::caller_py_function_impl<boost::python::detail::caller<std::string
const (exiv2wrapper::XmpTag::*)(), boost::python::default_call_policies,
boost::mpl::vector2<std::string const, exiv2wrapper::XmpTag&> >
> >::operator() (this=
    0x94ee90, args=(<_XmpTag at remote 0x7ffff7f5ac00>,), kw=0x0)
    at /usr/include/boost/python/object/py_function.hpp:38

My guess is that this stuff gets interpreted as a new datatype by libexiv2 (0.15-2) that your code isn't prepared to parse. I tried to poke at the data from gdb a bit but it's having troubles parsing C++ or I don't know how to make it do it. :-(

The raw XML looks a lot like the non-hierarchical keyword field which can be read perfectly:

   <lr:hierarchicalSubject>
    <rdf:Bag>
     <rdf:li>Genre|Nature</rdf:li>
    </rdf:Bag>
   </lr:hierarchicalSubject>
   <dc:subject>
    <rdf:Bag>
     <rdf:li>Genre</rdf:li>
     <rdf:li>Nature</rdf:li>
    </rdf:Bag>
   </dc:subject>

Not marking as a security vuln sinec although this causes crashes, it's not immediately exploitable by a remote user.

pyexiv2 version 0.2.2, libexiv 0.15, code to repeat:

import pyexiv2
img = pyexiv2.ImageMetadata('20101003_201306_1192_orig.jpg')
img.read()
img.xmp_keys
img['Xmp.lr.hierarchicalSubject']

I'm attaching an image that has this tag.

Tags: xmp

Related branches

lp:pyexiv2/0.2.x
Revision history for this message
Wilmer van der Gaast (wilmer-gaast-net) wrote :
Revision history for this message
Olivier Tilloy (osomon) wrote :

I can reproduce with the image attached, running pyexiv2 from trunk compiled against libexiv2 0.19.

Changed in pyexiv2:
importance: Undecided → High
status: New → Confirmed
Olivier Tilloy (osomon)
Changed in pyexiv2:
assignee: nobody → Olivier Tilloy (osomon)
status: Confirmed → In Progress
Revision history for this message
Olivier Tilloy (osomon) wrote :

Fix committed to trunk with revision 330.

"Xmp.lr.hierarchicalSubject" is unknown to libexiv2’s static properties information, so for new tags it will still incorrectly report XmpText instead of XmpBag. As a consequence, the following will fail with a NotImplementedError exception:

    import pyexiv2
    tag = pyexiv2.XmpTag("Xmp.lr.hierarchicalSubject")
    tag.value = ["foo", "bar"]

However, when reading an existing tag from an image file, the type recognition will now work.

Changed in pyexiv2:
status: In Progress → Fix Committed
tags: added: xmp
Revision history for this message
Wilmer van der Gaast (wilmer-gaast-net) wrote : Re: [Bug 677267] Re: Crashes when trying to read Xmp.lr.hierarchicalSubject

That indeed works a lot better. Thanks for the very quick response and fix!

Olivier Tilloy (osomon)
Changed in pyexiv2:
milestone: none → 0.3
Revision history for this message
VinsS (vincent-vandevyvre) wrote :

Relative to bug #683528

Trying the last revision -335-, the bug is solved.

Thanks

Olivier Tilloy (osomon)
Changed in pyexiv2:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.