[gimp] Bug 682454: Plug-in crashed



commit c09414b8b7d43ecae965220f16ab625d8966d54b
Author: Massimo Valentini <mvalentini src gnome org>
Date:   Sun Aug 26 17:41:25 2012 +0200

    Bug 682454: Plug-in crashed
    
    plug-in-metadata-decode-exif makes use of the exif parasite
    attached to the image few lines above.
    
    and exif_data->size is the size of the thumbnail buffer that
    starts at exif_data->data and not at exif_data.
    
    ==4677== Invalid read of size 1
    ==4677==    at 0x4A0A130: memcpy@@GLIBC_2.14 (/builddir/build/BUILD/valgrind-3.7.0/memcheck/mc_replace_strmem.c:837)
    ==4677==    by 0x4E440F8: gimp_write (gimp-2-8/libgimp/gimp.c:1726)
    ==4677==    by 0x5BDD27E: gimp_wire_write (gimp-2-8/libgimpbase/gimpwire.c:174)
    ==4677==    by 0x5BD9D41: _gp_params_write (gimp-2-8/libgimpbase/gimpprotocol.c:1748)
    ==4677==    by 0x5BDDA46: gimp_wire_write_msg (gimp-2-8/libgimpbase/gimpwire.c:296)
    ==4677==    by 0x5BDAE17: gp_proc_run_write (gimp-2-8/libgimpbase/gimpprotocol.c:305)
    ==4677==    by 0x4E4513E: gimp_run_procedure2 (gimp-2-8/libgimp/gimp.c:993)
    ==4677==    by 0x4E4544B: gimp_run_procedure (gimp-2-8/libgimp/gimp.c:926)
    ==4677==    by 0x40BD36: gimp_metadata_store_exif (gimp-2-8/plug-ins/file-jpeg/gimpexif.c:69)
    ==4677==    by 0x406EA4: load_image (gimp-2-8/plug-ins/file-jpeg/jpeg-load.c:343)
    ==4677==    by 0x405A2E: run (gimp-2-8/plug-ins/file-jpeg/jpeg.c:235)
    ==4677==    by 0x4E44AD8: gimp_main (gimp-2-8/libgimp/gimp.c:1992)
    ==4677==    by 0x30A0421734: (below main) (in /usr/lib64/libc-2.15.so)
    ==4677==  Address 0x8f75e01 is 1 bytes after a block of size 64 alloc'd
    ==4677==    at 0x4A06F18: calloc (/builddir/build/BUILD/valgrind-3.7.0/coregrind/m_replacemalloc/vg_replace_malloc.c:566)
    ==4677==    by 0x8AC304B: exif_data_new_mem (/home/massimo/libexif/libexif/exif-data.c:111)
    ==4677==    by 0x8AC312D: exif_data_new (/home/massimo/libexif/libexif/exif-data.c:95)
    ==4677==    by 0x407224: load_image (gimp-2-8/plug-ins/file-jpeg/jpeg-load.c:311)

 plug-ins/file-jpeg/gimpexif.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/plug-ins/file-jpeg/gimpexif.c b/plug-ins/file-jpeg/gimpexif.c
index acf6077..4fe91a1 100644
--- a/plug-ins/file-jpeg/gimpexif.c
+++ b/plug-ins/file-jpeg/gimpexif.c
@@ -69,8 +69,8 @@ void gimp_metadata_store_exif    (gint32    image_ID,
   return_vals = gimp_run_procedure ("plug-in-metadata-decode-exif",
                                     &nreturn_vals,
                                     GIMP_PDB_IMAGE,      image_ID,
-                                    GIMP_PDB_INT32,      exif_data->size,
-                                    GIMP_PDB_INT8ARRAY,  exif_data,
+                                    GIMP_PDB_INT32,      7,
+                                    GIMP_PDB_INT8ARRAY,  "unused",
                                     GIMP_PDB_END);
   if (return_vals[0].data.d_status != GIMP_PDB_SUCCESS)
     g_warning ("JPEG Exif -> XMP Merge failed");



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]