gthumb[15566]: segfault at 5126c60f eip b7f7bfe6 esp bf9bab08 error 4

Your file is not a valid JPEG image. It is a bug that gthumb crashes when it tries to open it. However, from testing with Jaunty I can see that this has been fixed in gthumb 3:2.10.10-0ubuntu2.

I am not sure this will be important enough to be fixed in Ubuntu 8.04, but it will help if you can provide more information. Please try to obtain a backtrace following the instructions at http://wiki.ubuntu.com/DebuggingProgramCrash and upload the backtrace (as an attachment) to the bug report. This will greatly help us in tracking down your problem.

Thanks for the super-fast reponse.

debug output attached ...

No problem on the fix urgency.

Just for information, It was produced using convert (ImageMagick) from a scan .png image using xsane but I dont think I want to go down that route :-)

Thanks. You'll need to run the command "backtrace full" inside gdb (actually all the commands from point (4) on https://wiki.ubuntu.com/Backtrace).

Maybe you can attach the .png as well, if it's reproducable it would be a separate bug, in imagemagick or xsane.

just for correctness url without the trailing bracket

https://wiki.ubuntu.com/Backtrace

If at first ....

its sometime ago since I did the conversion, Ill see if it stilla round

Actually it was a .pnm file produced by xsane.

Thanks

I tested more on Hardy with your gthumb version. Funny enough I could not reproduce with your jpeg, but when I converted your pnm to a jpeg, gthumb crashed with this new jpeg. I could see from your gdb log what could go wrong, but I needed to make an unoptimized build to verify it.

BTW, it is known that this old imagemagick version does bad things to the exif tags, see for instance bug 178575.

This is the jpeg I got with convert, which makes gthumb crash.

I think application crashes warrants an SRU, so I made a debdiff that fixes the crash.

Tormod, your patch adds this bound-checking code:

if (i<tiff || i>readsize) return PATCH_EXIF_NO_TIFF;

Comments:

1) I don't think it is possible for (i < tiff) to ever occur in the code. Is it?

2) I think "i>readsize" should actually be "i>=readsize". Right?

- Mike

Mike, thanks for your feedback!

> 1) I don't think it is possible for (i < tiff) to ever occur in the code. Is it?

I was thinking "offset" could even be negative, but I didn't really check the signedness and types of the functions and variables involved. I don't remember any longer if I got a negative in my own gdb testing.

> 2) I think "i>readsize" should actually be "i>=readsize". Right?

Yes, that would be consistent with the while(i<readsize) in the code above. And I guess to be really precise, a real tag sequence would need a certain size so it would already be useless if i>(readsize-certainsize). But given the randomness of "offset" these would be corner cases.

Patch applied upstream:

http://svn.gnome.org/viewvc/gthumb?view=revision&revision=2497

Thanks, Tormod!

- Mike

I don't consider this an urgent thing to fix in Hardy, but the patch is simple and obvious, so go for it.

uploaded

Accepted into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

s/lucid-proposed/hardy-proposed/

SRU Verification Hardy:

The version of gthumb 3:2.10.8-0ubuntu1.1 in hardy-proposed doesn't fix the segfault. The exact same error occurs, a backtrace is attached.

I'm marking this report as verification-failed

I removed the hardy-proposed version again.

Hardy has seen the end of its life and is no longer receiving any updates. Marking the Hardy task for this ticket as "Won't Fix".