Bug #1268

Building for debug in windows causes heap corruption error.

Added by Ben Touchette 5 months ago. Updated 3 months ago.

Status:ClosedStart date:23 Dec 2016
Priority:NormalDue date:
Assignee:Robin Mills% Done:

100%

Category:buildEstimated time:1.00 hour
Target version:0.26

Description

When building in Windows for either cmake/msvc or msvc solution from the msvc folder when creating a debug version has the issue where it will crash with a heap corruption error. Tested using MSVC 2015 CE and Pro versions.

Including image of heap corruption dialog, as well as a test image.

Running "exiv2.exe 661px-Laser_Towards_Milky_Ways_Centre-Edit.tif" from a shell or console and the error pops up.

Building a release version doesn't seem to have the issue.

exiv2-heap-corruption.jpg - Screenshot of heap corruption error. (43.7 KB) Ben Touchette, 23 Dec 2016 19:40

661px-Laser_Towards_Milky_Ways_Centre-Edit.tif - test image (509 KB) Ben Touchette, 23 Dec 2016 19:41

image.diff Magnifier - diff for src/image.cpp workaround for heap crash. (1.02 KB) Ben Touchette, 28 Dec 2016 19:45

Associated revisions

Revision 4708
Added by Robin Mills 3 months ago

#1268 Fix submitted. Ben and Robin both discovered and fixed this independantly with the same fix!

History

#1 Updated by Ben Touchette 5 months ago

Adding missing test file.

#2 Updated by Robin Mills 5 months ago

  • Category set to build
  • Status changed from New to Assigned
  • Assignee set to Robin Mills
  • Target version set to 0.26

Happy Holidays. I'll have a look at this next week while I'm on vacation.

#3 Updated by Ben Touchette 5 months ago

Thanks and if i find anything else i'll update it. I forgot to add the cmake flags i'd for build exiv2:

-DEXIV2_ENABLE_NLS=OFF -DEXIV2_ENABLE_VIDEO=ON -DEXIV2_ENABLE_SHARED=OFF -DEXIV2_ENABLE_BUILD_SAMPLES=OFF -DEXIV2_ENABLE_WIN_UNICODE=ON

Happy holidays Robin :)

#4 Updated by Ben Touchette 5 months ago

I spent yesterday eliminating all the undefined warnings and messages as possible culprits. It dies in Image::printIFDStructure when destroying a DataBuf it performs a delete on pData_ and dies at that point. Will keep the debugger warm & running and try to see if i understand why.

#5 Updated by Ben Touchette 5 months ago

This patch seems to fix my crash.

I haven't determined the why, but the cause was that the buffer created was several bytes too short, the memcpy always expects 4 bytes though so wee were obviously read past allocated memory. The work around for now is to allocate at least 4 bytes to the buffer if smaller than 4 bytes.

#6 Updated by Robin Mills 3 months ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100
  • Estimated time set to 1.00

Fix submitted: r4708 Great team-work between Ben and Robin.

I discovered this tonight while investigating 1272/ReaganLargeTiff.tiff issues. I discovered and thought of the same fix BEFORE I looked at this bug report! Test suite successfully runs in win32/debugdll build, other than known issues concerning ReaganLargeTiff.tiff.

Also available in: Atom PDF

Redmine Appliance - Powered by TurnKey Linux