Ubuntu
shotwell package

shotwell crashed with SIGSEGV in gp_load_file_into_buffer()

Bug #750294 reported by Jerry on 2011-04-04

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	shotwell (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

Binary package hint: shotwell

Natty is not liking me... :-(
Most things are giving errors, though apt-get update apt-get upgrade finished without the crash on java related stuff!!! :-)

Anyways, shotwell on an iPhone and it crashed, hence this report...
Other reports i've been ignoring, thinking someone else is doing it...
my iPhone says it's full, I've taken too many photos and it won't take anymore,
so I'd like to download some to this ubuntu natty release to start taking interesting (and boring)
photos again...

We have the cherry blossoms in Washington, DC, USA and I think I got a couple of photos
before my bike tire crapped out again...

Anyways, would be nice if Natty ran shotwell for me...
Please? Pretty Please? With Cherry Blossoms on Top? :-)

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: shotwell 0.9.0-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.38-7.39-generic-pae 2.6.38
Uname: Linux 2.6.38-7-generic-pae i686
NonfreeKernelModules: nvidia wl
Architecture: i386
Date: Mon Apr 4 09:35:01 2011
ExecutablePath: /usr/bin/shotwell
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
ProcCmdline: shotwell afc://1c081b480a7abb9e711df4e5fc9669fa13978790/
ProcEnviron:
LANGUAGE=en_US:en
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SegvAnalysis:
Segfault happened at: 0xb54eea7e: movdqa (%eax),%xmm0
PC (0xb54eea7e) ok
source "(%eax)" (0x9d300000) not located in a known VMA region (needed readable region)!
destination "%xmm0" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: shotwell
StacktraceTop:
?? () from /lib/i386-linux-gnu/libc.so.6
gp_load_file_into_buffer ()
gp_load_preview ()
?? ()
library_window_switch_to_page ()
Title: shotwell crashed with SIGSEGV in gp_load_file_into_buffer()
UpgradeStatus: Upgraded to natty on 2011-04-01 (3 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Tags:

Revision history for this message

Jerry (jerrywone) wrote on 2011-04-04:

Dependencies.txt Edit (5.5 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (608 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (51.6 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (781 bytes, text/plain; charset="utf-8")
Registers.txt Edit (497 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (2.9 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (5.2 KiB, text/plain; charset="utf-8")
XsessionErrors.txt Edit (12.6 KiB, text/plain; charset="utf-8")

Revision history for this message

Apport retracing service (apport) wrote on 2011-04-04:

StacktraceTop:
__memcpy_ssse3 () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S:259
gp_load_file_into_buffer (context=0xb024ed0, camera=0xae1cd778, folder=0x9d4cf588 "/store_00010001/DCIM/800AAAAA", filename=0xae11f138 "IMG_0573.MOV", filetype=GP_FILE_TYPE_PREVIEW, result_length1=0xbf974c9c, error=0xbf974c98) at /usr/include/bits/string3.h:52
gp_load_preview (context=0xb024ed0, camera=0xae1cd778, folder=0x9d4cf588 "/store_00010001/DCIM/800AAAAA", filename=0xae11f138 "IMG_0573.MOV", raw=0xbf974d3c, raw_length1=0xbf974d38, raw_length=0xbf974d34, error=0xbf974d40) at i686-linux-gnu/GPhoto.c:694
import_page_load_previews (self=0xae18c050, fail_on_locked=0) at i686-linux-gnu/ImportPage.c:5432
import_page_refresh_camera (self=0xae18c050, fail_on_locked=0) at i686-linux-gnu/ImportPage.c:4753

Revision history for this message

Apport retracing service (apport) wrote on 2011-04-04: Stacktrace.txt

Stacktrace.txt Edit (16.6 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2011-04-04: ThreadStacktrace.txt

ThreadStacktrace.txt Edit (21.9 KiB, text/plain)

Changed in shotwell (Ubuntu):
importance:	Undecided → Medium
tags:	removed: need-i386-retrace

Sebastien Bacher (seb128) on 2011-04-04

visibility:

private → public

Revision history for this message

Eric Gregory (eric-yorba) wrote on 2011-04-05:

According to the stack trace, this crash is occurring within a C lib call from GPhoto.

Revision history for this message

Eric Gregory (eric-yorba) wrote on 2011-04-05:

According to the stack trace, this is a bug occurring in an internal GPhoto function.

affects:

shotwell (Ubuntu) → libgphoto2 (Ubuntu)

Revision history for this message

Eric Gregory (eric-yorba) wrote on 2011-04-05:

Correction: the gp_ function is actually in OUR code; the generated C code has a confusingly similar namespace to GPhoto functions. The crash is occurring inside Memory.copy.

We're going to keep an eye on this... there are several other crashes I'm seeing when plugging in an iPhone on my Natty box, but they don't reproduce every time.

Launchpad Janitor (janitor) on 2011-09-14

Changed in libgphoto2 (Ubuntu):
status:	New → Confirmed

Revision history for this message

Eric Gregory (eric-yorba) wrote on 2011-09-15:

Filed a GPhoto bug with some more info on the problem:
https://sourceforge.net/tracker/?func=detail&aid=3409690&group_id=8874&atid=108874

Revision history for this message

Marcus Meissner (meissner) wrote on 2011-09-25:

could you install the commandline client and do

gphoto2 --debug --debug-logfile=xx.log -L

write down the number of the .MOV file where it crashes...

and then
gphoto2 -t <nr> --debug --debug-logfile=xx2.log
with <nr> above nr of the .MOV file that crashes?

Revision history for this message

Jerry (jerrywone) wrote on 2011-09-25: Re: [Bug 750294] Re: shotwell crashed with SIGSEGV in gp_load_file_into_buffer()

#10

Download full text (3.4 KiB)

I'll give it a try, if you can tell me how to
get the photo store (place where the
up to 16 Gig of photos from the iPhone4
plus others) to another partition
(wubi made a /host which is much larger,
and the Linux file system extn (n=3, 4, whatever)
is much smaller, due to defaults of wubi
and a general rush and frustration at the
time of install)

and to clarify
gphoto2 is the command line version
and I've installed that and the associated
dev, dbg and doc

I'd love to back up all the photos and video
on this device, as it's full again, and I hate
deleting them and not having a full collection
in an original time series, ...

On Sun, Sep 25, 2011 at 4:10 PM, Marcus Meissner <email address hidden> wrote:
> could you install the commandline client and do
>
> gphoto2 --debug --debug-logfile=xx.log -L
>
> write down the number of the .MOV file where it crashes...
>
> and then
> gphoto2 -t <nr> --debug --debug-logfile=xx2.log
> with <nr> above nr of the .MOV file that crashes?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/750294
>
> Title:
> shotwell crashed with SIGSEGV in gp_load_file_into_buffer()
>
> Status in “libgphoto2” package in Ubuntu:
> Confirmed
>
> Bug description:
> Binary package hint: shotwell
>
> Natty is not liking me... :-(
> Most things are giving errors, though apt-get update apt-get upgrade finished without the crash on java related stuff!!! :-)
>
> Anyways, shotwell on an iPhone and it crashed, hence this report...
> Other reports i've been ignoring, thinking someone else is doing it...
> my iPhone says it's full, I've taken too many photos and it won't take anymore,
> so I'd like to download some to this ubuntu natty release to start taking interesting (and boring)
> photos again...
>
> We have the cherry blossoms in Washington, DC, USA and I think I got a couple of photos
> before my bike tire crapped out again...
>
> Anyways, would be nice if Natty ran shotwell for me...
> Please? Pretty Please? With Cherry Blossoms on Top? :-)
>
> ProblemType: Crash
> DistroRelease: Ubuntu 11.04
> Package: shotwell 0.9.0-0ubuntu2
> ProcVersionSignature: Ubuntu 2.6.38-7.39-generic-pae 2.6.38
> Uname: Linux 2.6.38-7-generic-pae i686
> NonfreeKernelModules: nvidia wl
> Architecture: i386
> Date: Mon Apr 4 09:35:01 2011
> ExecutablePath: /usr/bin/shotwell
> InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
> ProcCmdline: shotwell afc://1c081b480a7abb9e711df4e5fc9669fa13978790/
> ProcEnviron:
> LANGUAGE=en_US:en
> PATH=(custom, user)
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SegvAnalysis:
> Segfault happened at: 0xb54eea7e: movdqa (%eax),%xmm0
> PC (0xb54eea7e) ok
> source "(%eax)" (0x9d300000) not located in a known VMA region (needed readable region)!
> destination "%xmm0" ok
> SegvReason: reading unknown VMA
> Signal: 11
> SourcePackage: shotwell
> StacktraceTop:
> ?? () from /lib/i386-linux-gnu/libc.so.6
> gp_load_file_into_buffer ()
> gp_load_preview ()
> ?? ()
> library_window_switch_to_page ()
> Title: shotwell crashed with SIGSEGV in gp_load_file_into_buffer()
> Upgrade...

I'll give it a try, if you can tell me how to
get the photo store (place  where the
up to 16 Gig of photos from the iPhone4
plus others) to another partition
(wubi made a /host which is much larger,
and the Linux file system extn (n=3, 4, whatever)
is much smaller, due to defaults of wubi
and a general rush and frustration at the
time of install)

and to clarify
gphoto2 is the command line version
and I've installed that and the associated
dev, dbg and doc

I'd love to back up all the photos and video
on this device, as it's full again, and I hate
deleting them and not having a full collection
in an original time series, ...

On Sun, Sep 25, 2011 at 4:10 PM, Marcus Meissner <meissner@suse.de> wrote:
> could you install the commandline client and do
>
> gphoto2 --debug --debug-logfile=xx.log -L
>
> write down the number of the .MOV file where it crashes...
>
> and then
> gphoto2 -t <nr>   --debug --debug-logfile=xx2.log
> with <nr> above nr of the .MOV file that crashes?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/750294
>
> Title:
>  shotwell crashed with SIGSEGV in gp_load_file_into_buffer()
>
> Status in “libgphoto2” package in Ubuntu:
>  Confirmed
>
> Bug description:
>  Binary package hint: shotwell
>
>  Natty is not liking me... :-(
>  Most things are giving errors, though apt-get update apt-get upgrade finished without the crash on java related stuff!!! :-)
>
>  Anyways, shotwell on an iPhone and it crashed, hence this report...
>  Other reports i've been ignoring, thinking someone else is doing it...
>  my iPhone says it's full, I've taken too many photos and it won't take anymore,
>  so I'd like to download some to this ubuntu natty release to start taking interesting (and boring)
>  photos again...
>
>  We have the cherry blossoms in Washington, DC, USA and I think I got a couple of photos
>  before my bike tire crapped out again...
>
>  Anyways, would be nice if Natty ran shotwell for me...
>  Please?  Pretty Please?  With Cherry Blossoms on Top? :-)
>
>  ProblemType: Crash
>  DistroRelease: Ubuntu 11.04
>  Package: shotwell 0.9.0-0ubuntu2
>  ProcVersionSignature: Ubuntu 2.6.38-7.39-generic-pae 2.6.38
>  Uname: Linux 2.6.38-7-generic-pae i686
>  NonfreeKernelModules: nvidia wl
>  Architecture: i386
>  Date: Mon Apr  4 09:35:01 2011
>  ExecutablePath: /usr/bin/shotwell
>  InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
>  ProcCmdline: shotwell afc://1c081b480a7abb9e711df4e5fc9669fa13978790/
>  ProcEnviron:
>   LANGUAGE=en_US:en
>   PATH=(custom, user)
>   LANG=en_US.UTF-8
>   SHELL=/bin/bash
>  SegvAnalysis:
>   Segfault happened at: 0xb54eea7e:    movdqa (%eax),%xmm0
>   PC (0xb54eea7e) ok
>   source "(%eax)" (0x9d300000) not located in a known VMA region (needed readable region)!
>   destination "%xmm0" ok
>  SegvReason: reading unknown VMA
>  Signal: 11
>  SourcePackage: shotwell
>  StacktraceTop:
>   ?? () from /lib/i386-linux-gnu/libc.so.6
>   gp_load_file_into_buffer ()
>   gp_load_preview ()
>   ?? ()
>   library_window_switch_to_page ()
>  Title: shotwell crashed with SIGSEGV in gp_load_file_into_buffer()
>  UpgradeStatus: Upgraded to natty on 2011-04-01 (3 days ago)
>  UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/libgphoto2/+bug/750294/+subscriptions
>

-- 
Jerry W

Revision history for this message

Peter Seiderer (ps-report) wrote on 2012-02-05:

#11

Download full text (7.3 KiB)

Same Problem found with Showwell-11.5 on openSUSE 12.1 (x86_64).

Problem analysis (gdb trace/comments):

$ gdb ./shotwell
(gdb) run

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff02b5540 in __memcpy_ssse3 () from /lib64/libc.so.6
(gdb) where
#0 0x00007ffff02b5540 in __memcpy_ssse3 () from /lib64/libc.so.6
#1 0x0000000000604c9a in gp_load_file_into_buffer (context=0x1911740, camera=0x194c950, folder=0x1873270 "/DCIM/100CANON", filename=0xe33a50 "IMG_0001.JPG",
    filetype=GP_FILE_TYPE_EXIF, result_length1=0x7fffffffb1c0, error=0x7fffffffb1b8) at /home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala:248
#2 0x0000000000603c87 in gp_load_metadata (context=0x1911740, camera=0x194c950, folder=0x1873270 "/DCIM/100CANON", filename=0xe33a50 "IMG_0001.JPG", error=
    0x7fffffffb2a8) at /home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala:176
#3 0x0000000000615331 in import_page_load_previews_and_metadata (self=0x12d4570, import_list=0x142f040)
    at /home/seiderer/Work/shotwell/shotwell/src/camera/ImportPage.vala:1405
#4 0x00000000006114d9 in import_page_refresh_camera (self=0x12d4570) at /home/seiderer/Work/shotwell/shotwell/src/camera/ImportPage.vala:1125
#5 0x000000000060fa85 in import_page_try_refreshing_camera (self=0x12d4570, fail_on_locked=0)
    at /home/seiderer/Work/shotwell/shotwell/src/camera/ImportPage.vala:952
#6 0x000000000060f936 in import_page_real_switched_to (base=0x12d4570) at /home/seiderer/Work/shotwell/shotwell/src/camera/ImportPage.vala:943
...

(gdb) frame 1
#1 0x0000000000604c9a in gp_load_file_into_buffer (context=0x1911740, camera=0x194c950, folder=0x1873270 "/DCIM/100CANON", filename=0xe33a50 "IMG_0001.JPG",
filetype=GP_FILE_TYPE_EXIF, result_length1=0x7fffffffb1c0, error=0x7fffffffb1b8) at /home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala:248
248 Memory.copy(buffer, data, buffer.length);
(gdb) p buffer
$1 = (guint8 *) 0x1955110 ""
(gdb) p data
$2 = (guint8 *) 0x0

---> data (the location from where to copy) is null

(gdb) p buffer.length
Attempt to extract a component of a value that is not a structure.

---> gdb could not show vala data types, take a look at the compiled version of GPhoto.vala,
---> a generated C file src/camera/GPhoto.c where the memcpy takes place:

2182 #line 248 "/home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala"
2183 _tmp31__length1 = buffer_length1;
2184 #line 248 "/home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala"
2185 memcpy (_tmp29_, _tmp30_, (gsize) _tmp31__length1);
2186 #line 250 "/home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala"

(gdb) p _tmp29_
$3 = (guint8 *) 0x1955110 ""
(gdb) p _tmp30_
$4 = (guint8 *) 0x0

---> _tmp30_/data is realy null (no gdb debug info failure)

(gdb) p _tmp31__length1
$5 = 21336

---> _tmp31__length1/buffer.length is set, so take a look at vala source code

Same Problem found with Showwell-11.5 on openSUSE 12.1 (x86_64).

Problem analysis (gdb trace/comments):

$ gdb ./shotwell
(gdb) run

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff02b5540 in __memcpy_ssse3 () from /lib64/libc.so.6
(gdb) where
#0  0x00007ffff02b5540 in __memcpy_ssse3 () from /lib64/libc.so.6
#1  0x0000000000604c9a in gp_load_file_into_buffer (context=0x1911740, camera=0x194c950, folder=0x1873270 "/DCIM/100CANON", filename=0xe33a50 "IMG_0001.JPG", 
    filetype=GP_FILE_TYPE_EXIF, result_length1=0x7fffffffb1c0, error=0x7fffffffb1b8) at /home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala:248
#2  0x0000000000603c87 in gp_load_metadata (context=0x1911740, camera=0x194c950, folder=0x1873270 "/DCIM/100CANON", filename=0xe33a50 "IMG_0001.JPG", error=
    0x7fffffffb2a8) at /home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala:176
#3  0x0000000000615331 in import_page_load_previews_and_metadata (self=0x12d4570, import_list=0x142f040)
    at /home/seiderer/Work/shotwell/shotwell/src/camera/ImportPage.vala:1405
#4  0x00000000006114d9 in import_page_refresh_camera (self=0x12d4570) at /home/seiderer/Work/shotwell/shotwell/src/camera/ImportPage.vala:1125
#5  0x000000000060fa85 in import_page_try_refreshing_camera (self=0x12d4570, fail_on_locked=0)
    at /home/seiderer/Work/shotwell/shotwell/src/camera/ImportPage.vala:952
#6  0x000000000060f936 in import_page_real_switched_to (base=0x12d4570) at /home/seiderer/Work/shotwell/shotwell/src/camera/ImportPage.vala:943
...

(gdb) frame 1
#1  0x0000000000604c9a in gp_load_file_into_buffer (context=0x1911740, camera=0x194c950, folder=0x1873270 "/DCIM/100CANON", filename=0xe33a50 "IMG_0001.JPG", 
    filetype=GP_FILE_TYPE_EXIF, result_length1=0x7fffffffb1c0, error=0x7fffffffb1b8) at /home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala:248
248             Memory.copy(buffer, data, buffer.length);
(gdb) p buffer
$1 = (guint8 *) 0x1955110 ""
(gdb) p data
$2 = (guint8 *) 0x0

---> data (the location from where to copy) is null

(gdb) p buffer.length
Attempt to extract a component of a value that is not a structure.

---> gdb could not show vala data types, take a look at the compiled version of GPhoto.vala,
---> a generated C file src/camera/GPhoto.c where the memcpy takes place:

2182 #line 248 "/home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala"
2183         _tmp31__length1 = buffer_length1;
2184 #line 248 "/home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala"
2185         memcpy (_tmp29_, _tmp30_, (gsize) _tmp31__length1);
2186 #line 250 "/home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala"

(gdb) p _tmp29_
$3 = (guint8 *) 0x1955110 ""
(gdb) p _tmp30_
$4 = (guint8 *) 0x0

---> _tmp30_/data is realy null (no gdb debug info failure)

(gdb) p _tmp31__length1
$5 = 21336

--->  _tmp31__length1/buffer.length is set, so take a look at vala source code

(gdb) list
234             
235             res = camera.get_file(folder, filename, filetype, camera_file, context);
236             if (res != Result.OK)
237                 throw new GPhotoError.LIBRARY("[%d] Error retrieving file object for %s/%s: %s", 
238                     (int) res, folder, filename, res.as_string());
239             
240             // if buffer can be loaded into memory, return a copy of that (can't return buffer itself
241             // as it will be destroyed when the camera_file is unref'd)
242             unowned uint8[] data;
243             res = camera_file.get_data_and_size(out data);
244             if (res != Result.OK)
245                 return null;
246             
247             uint8[] buffer = new uint8[data.length];
248             Memory.copy(buffer, data, buffer.length);
249             
250             return buffer;

---> camera_file.get_data_and_size(out data) return code is checked, but data is null?
---> one more look at the generated C file

2123 #line 243 "/home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala"
2124         _tmp21_ = camera_file;
2125 #line 243 "/home/seiderer/Work/shotwell/shotwell/src/camera/GPhoto.vala"
2126         _tmp24_ = gp_file_get_data_and_size (_tmp21_, &_tmp22_, &_tmp23_);

---> check the parameters for the gp_file_get_data_and_size(CameraFile*, const char **data, unsigned long int *size) call

(gdb) p  _tmp24_
$6 = 0

---> return  value is o.k.

(gdb) p _tmp22_
$7 = (guint8 *) 0x0

---> data is set to null

(gdb) p _tmp23_
$8 = 21336

---> size seems to be o.k.
---> what now? check the data types...

(gdb) ptype _tmp22_
type = unsigned char *

---> o.k.

(gdb) ptype _tmp23_
type = int

---> here it is what causes the bug, on x86_64 the type 'int' is 4 bytes long
---> and the type 'unsigned long' is 8 bytes

(gdb) p sizeof(int)
$9 = 4
(gdb) p sizeof(unsigned long)
$10 = 8

---> take a look at the addresse of _tmp22_ (data) and _tmp23_ (size)

(gdb) p &_tmp22_
$11 = (guint8 **) 0x7fffffffb008
(gdb) p &_tmp23_
$12 = (gint *) 0x7fffffffb004

---> what happens? From libgphoto2-2.4.11/libgphoto2/gphoto2-file.c

350 gp_file_get_data_and_size (CameraFile *file, const char **data,
 351                            unsigned long int *size)
 352 {
 353         CHECK_NULL (file);
 354 
 355         switch (file->accesstype) {
 356         case GP_FILE_ACCESSTYPE_MEMORY:
 357                 if (data)
 358                         *data = file->data;
 359                 if (size)
 360                         *size = file->size;
 361                 break;

---> first at line 358 file->data pointer/8 bytes are written to the adress &_tmp22_/0x7fffffffb008
---> second at line 360 file->size/8 bytes are written to the address & &_tmp23/0x7fffffffb004
---> overwriting 4 bytes of _tmp22_ (because of the type mismatch) which leads to the null pointer
---> in the memcopy

Suggested patch (fix libgphoto2/get_data_and_size() vala binding, adjust calls in src/camera/GPhoto.vala):

diff --git a/src/camera/GPhoto.vala b/src/camera/GPhoto.vala
index e2af2c8..c02a3fd 100644
--- a/src/camera/GPhoto.vala
+++ b/src/camera/GPhoto.vala
@@ -201,11 +201,12 @@ namespace GPhoto {
         // if entire file fits in memory, return a stream from that ... can't merely wrap
         // MemoryInputStream around the camera_file buffer, as that will be destroyed when the
         // function returns
-        unowned uint8[] data;
-        res = camera_file.get_data_and_size(out data);
+        unowned uint8 *data;
+        ulong data_len;
+        res = camera_file.get_data_and_size(out data, out data_len);
         if (res == Result.OK) {
-            uint8[] buffer = new uint8[data.length];
-            Memory.copy(buffer, data, data.length);
+            uint8[] buffer = new uint8[data_len];
+            Memory.copy(buffer, data, buffer.length);
             
             return new MemoryInputStream.from_data(buffer, on_mins_destroyed);
         }
@@ -239,12 +240,13 @@ namespace GPhoto {
         
         // if buffer can be loaded into memory, return a copy of that (can't return buffer itself
         // as it will be destroyed when the camera_file is unref'd)
-        unowned uint8[] data;
-        res = camera_file.get_data_and_size(out data);
+        unowned uint8 *data;
+        ulong data_len;
+        res = camera_file.get_data_and_size(out data, out data_len);
         if (res != Result.OK)
             return null;
         
-        uint8[] buffer = new uint8[data.length];
+        uint8[] buffer = new uint8[data_len];

Revision history for this message

Peter Seiderer (ps-report) wrote on 2012-02-05:

#12

patch-fix-shotwell-crash-while-import.patch Edit (2.2 KiB, text/plain)

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2012-02-06:

#13

The attachment "patch-fix-shotwell-crash-while-import.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags:

added: patch

Revision history for this message

Sebastien Bacher (seb128) wrote on 2012-02-23:

#14

The patch is a shotwell one and got applied to the current version:
http://git.yorba.org/cgit.cgi/shotwell/commit/?id=76bfbc2edfe7e45664a4cf7c8be4101bc8c67b9d