cpfind always fail on photos with long path
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Panotools |
Fix Released
|
Undecided
|
Unassigned | ||
libpano13 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
# Summary
When run with long paths, cpfind always fails.
Impact : no automatic control points are available in hugin.
# Symptom
When hugin is instructed to work on photos that have a long absolute
filesystem path, hugin never finds any control point using cpfind.
Instead the default popup says :
> Warning n unconnected image groups found: (list of [imagenumber])
> Please create control points between unconnected images using the Control Points tab.
>
> After adding the points, press the "Align" button again
I figured out it was a path length problem because when making a minimal test case with shorter path, the bug disappears.
# How to reproduce
Make a directory with a long path, e.g.
MP=~/AiHome/
* Copy at least two JPEGs from a digital camera there. Names can be e.g. 2012-09-
* Open hugin
* Import two photos from that directory
* Press "Align..."
## Expected
* Some control points found, depending on photos.
## Observed
* No control point found.
* cpfind log (obtained before window disappears, or by running it separately) says
--- Find matches ---
*** buffer overflow detected ***: cpfind terminated
======= Backtrace: =========
/lib/x86_
/lib/x86_
/lib/x86_
/lib/x86_
/lib/x86_
/lib/x86_
/lib/x86_
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
cpfind(
cpfind(
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/lib/x86_
/lib/x86_
## Additional information
* When shortening path, problem disappears.
* (Separate issue) perhaps hugin should have spotted failure of cpfind instead of just saying no control point was found.
* I can provide some photos if needed.
1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu
$ lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04
2) The version of the package you are using, via 'apt-cache policy pkgname' or by checking in Software Center
$ LC_ALL=C apt-cache policy hugin
hugin:
Installed: 2011.4.0+dfsg-1
Candidate: 2011.4.0+dfsg-1
Version table:
*** 2011.4.0+dfsg-1 0
500 http://
100 /var/lib/
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: hugin 2011.4.0+dfsg-1
ProcVersionSign
Uname: Linux 3.2.0-31-generic x86_64
ApportVersion: 2.0.1-0ubuntu13
Architecture: amd64
Date: Wed Sep 26 16:34:42 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120419)
SourcePackage: hugin
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in panotools: | |
status: | Fix Committed → Fix Released |
# Summary
* found the actual bug location, in libpano13.
* bug class : unchecked write to fixed size buffer (buffers have hardcoded size)
* hard-coded limits are inconsistent between files (source buffer 65536, destination buffer 256)
* easy to fix ? There is at least the quick-and-easy by increasing lower limit.
## Additional information
It's in libpano13, file panorama.h, line 413 :
#define PANO_PATH_LEN 255
In a nutshell, ParseScript can parse lines up to 65535 characters long, but Image structure only accepts full paths up to 256 characters long.
## Investigation details
crash log says : 64-linux- gnu/libc. so.6(__ sprintf_ chk+0x7d) [0x2b29d619b22d ] libpano13. so.2(ParseScrip t+0x7f6) [0x2b29d51fe536 ]
/lib/x86_
/usr/lib/
ParseScript is therefore a function in libpano13. 2.9.18+ dfsg/
apt-get source libpano13
cd libpano13-
ParseScript is defined in parser.c.
It calls sprintf on line 448
buf is defined on line 148:
char *li, line[LINE_LENGTH], *ch ,*lineStart, buf[LINE_LENGTH];
buf is big enough to hold a long filename :
//Increased so more params can be parsed/optimized (MRDL - March 2002)
#define LINE_LENGTH 65536
Now check im->name.
In ParseScript, im is defined on line 142:
Image *im;
Image type is defined in panorama.h on line 430-355:
struct Image PANO_PROJECTION _MAX_PARMS] ; // Parameters for format. e[PANO_ PROJECTION_ PRECOMPUTED_ VALUES] ; // to speed up pano creation PATH_LEN+ 1];
{
// Pixel data
pt_int32 width;
pt_int32 height;
pt_int32 bytesPerLine;
pt_int32 bitsPerPixel; // Must be 24 or 32
size_t dataSize;
unsigned char **data;
pt_int32 dataformat; // rgb, Lab etc
pt_int32 format; // Projection: rectilinear etc
int formatParamCount; // Number of format parameters.
double formatParam[
int precomputedCount; // number of values precomputed for a given pano
double precomputedValu
double hfov;
double yaw;
double pitch;
double roll;
cPrefs cP; // How to correct the image
char name[PANO_
PTRect selection;
CropInfo cropInformation; // TO BE DEPRECATED
pano_ ImageMetadata metadata;
};
typedef struct Image Image;
field "name" is on line 455:
char name[PANO_ PATH_LEN+ 1];
PANO_PATH_LEN is defined on panorama.h, line 413:
#define PANO_PATH_LEN 255
Crash is explained.