Project

General

Profile

Bug #9752

RawSpeed use after free in RawImage

Added by Thorsten Reinbold about 6 years ago. Updated about 6 years ago.

Status:
Fixed
Priority:
Low
Assignee:
-
Category:
General
Start date:
12/29/2013
Due date:
% Done:

100%

Estimated time:
Affected Version:
1.4
System:
other GNU/Linux
bitness:
64-bit
hardware architecture:
amd64/x86

Description

This is darktable 1.4-1 on Arch-Linux 64.

When trying to open cr2 Raw Files, darktable is segfaulting immediatly. I've tried different hints from other bugreports, including disabling opencl and other thing, but nothing helps.

Hardware is a Core i5 (Haswell) with 8 Gb Ram and a Nvidia GTX 760. I'm using the CS Driver from Nvidia (331.20-3)

Errormessage when starting dt via terminal:

"[defaults] found a 64-bit system with 8117656 kb ram and 4 cores (0 atom based)
[mipmap_cache] cache is empty, file `/home/nordlicht/.cache/darktable/mipmaps-011a63fc66e3c9b7c5ef1e8c975edae1d949743c' doesn't exist
[exiv2] Directory Canon, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1.

ptrace: Operation not permitted.
/home/nordlicht/10373: File or Folder not found.
backtrace written to /tmp/darktable_bt_8IYZ8W.txt
Segmentation fault (core dumped)"

darktable_bt_8IYZ8W.txt (123 Bytes) darktable_bt_8IYZ8W.txt Thorsten Reinbold, 12/29/2013 02:50 PM
IMG_1649.CR2 (24 MB) IMG_1649.CR2 Canon EOS-M CR2 Thorsten Reinbold, 12/29/2013 03:21 PM
gdb (3.46 KB) gdb Thorsten Reinbold, 12/29/2013 03:33 PM
bt (4.78 KB) bt Backtrace Thorsten Reinbold, 12/29/2013 04:39 PM
darktable-backtrace.txt (4.23 KB) darktable-backtrace.txt Joran Martinière, 12/29/2013 09:27 PM

History

#1 Updated by Pascal de Bruijn about 6 years ago

We need a proper backtrace to look into this issue:

https://encrypted.pcode.nl/blog/2010/08/31/contributing-backtraces/

Also, which camera produced the CR2 files you're having issues with? Are they straight from the camera? Or have they been modified in any way using some tool?

Could you provide us with a sample CR2, with which the issue is producable?

#2 Updated by Thorsten Reinbold about 6 years ago

Pascal de Bruijn wrote:

We need a proper backtrace to look into this issue:

https://encrypted.pcode.nl/blog/2010/08/31/contributing-backtraces/

Also, which camera produced the CR2 files you're having issues with? Are they straight from the camera? Or have they been modified in any way using some tool?

Could you provide us with a sample CR2, with which the issue is producable?

Camera Model is a Canon EOS-M, an example Image is attached. The backtrace could take a while, I have to recompile dt with debugging symbols.

#3 Updated by Pascal de Bruijn about 6 years ago

It seems to work just fine over here. Is this file straight from the camera? or was it modified (if so, how and with what)?

Is there any chance you are building darktable against any older library? For example against which version of Exiv2 did you build Darktable?

#4 Updated by Thorsten Reinbold about 6 years ago

I have some problems compiling dt with debugging symbols. Anyway, I have got some more information via gdb. I will attach it here, maybe it is helpful. I will try to get a real backtrace as soon as possible.

The file is straight from the cam, no modifications where done. Exiv2 Version is 0.23-2.

#5 Updated by Pascal de Bruijn about 6 years ago

This seems to be related to glibc versions:
http://sourceware.org/ml/libc-alpha/2013-08/msg00434.html

We'll have to look further into this. We'd still like a full backtrace though.

#6 Updated by Thorsten Reinbold about 6 years ago

I'm on it. Will upload a full backtrace as quick as I can.

#7 Updated by Joran Martinière about 6 years ago

I have the same problem with untouched DNGs from a Pentax K-r, with the same resulting file in /tmp and exactly the same warnings on command line. It still works perfectly well with darktable 1.2.3 and the exact same system installation. I'm using an Intel Core i7 4770S (Haswell), 16 Go RAM and a GeForce GTX 660. I'm gonna post a sample DNG file as soon as possible.

#8 Updated by Thorsten Reinbold about 6 years ago

So, here is the backtrace. Hope it helps, I thinks it seems to be a bit small...

#9 Updated by Pascal de Bruijn about 6 years ago

Joran Martinière wrote:

I have the same problem with untouched DNGs from a Pentax K-r, with the same resulting file in /tmp and exactly the same warnings on command line. It still works perfectly well with darktable 1.2.3 and the exact same system installation. I'm using an Intel Core i7 4770S (Haswell), 16 Go RAM and a GeForce GTX 660. I'm gonna post a sample DNG file as soon as possible.

Do you also see the __lll_unlock_elision if you do a proper backtrace? If not, you are not experiencing the same issue, in which case you need to file a seperate bug.

Also, since the bug doesn't seem to be file format related, I doubt we'll need another sample. If we do, we'll ask.

#10 Updated by Joran Martinière about 6 years ago

Yes, I do have the same __lll_unlock_elision thing on the first line of the backtrace.
Here is the full backtrace.

#11 Updated by Pascal de Bruijn about 6 years ago

Can you confirm you have glibc-2.18 as well?

#12 Updated by Joran Martinière about 6 years ago

Yes, I've got glibc-2.18

#13 Updated by Pascal de Bruijn about 6 years ago

  • Subject changed from Segfault when opening .cr2 files to Lock elision problems with glibc-2.18

#14 Updated by Pascal de Bruijn about 6 years ago

  • % Done changed from 0 to 50
  • Status changed from New to In Progress
  • Subject changed from Lock elision problems with glibc-2.18 to RawSpeed use after free in RawImage

After consulting Klaus Post (the RawSpeed author) it would seem this is a use after free bug in RawSpeed's RawImage.

I received a suggested fix, which got committed:
https://github.com/darktable-org/darktable/commit/74dbfa3b24bcc216ec91e12551b6b434e4a43a22

Would you both mind testing this and reporting back?

#15 Updated by Thorsten Reinbold about 6 years ago

Pascal de Bruijn wrote:

After consulting Klaus Post (the RawSpeed author) it would seem this is a use after free bug in RawSpeed's RawImage.

I received a suggested fix, which got committed:
https://github.com/darktable-org/darktable/commit/74dbfa3b24bcc216ec91e12551b6b434e4a43a22

Would you both mind testing this and reporting back?

For me it is working without problems. Many thanks!

#16 Updated by Pascal de Bruijn about 6 years ago

  • % Done changed from 50 to 100
  • Target version set to Candidate for next patch release
  • Status changed from In Progress to Fixed

Also available in: Atom PDF

Go to top