Bug #1002

libexiv2 crashes on some video files

Added by Johannes Zarl over 3 years ago. Updated about 3 years ago.

Status:ClosedStart date:25 Nov 2014
Priority:NormalDue date:
Assignee:Abhinav Badola% Done:

100%

Category:video
Target version:0.25

Description

libexiv2 crashes on some AVI video files in my collection. MPlayer does not report any problem with the file. As far as I can remember, the video has been rotated/reencoded using mencoder.
I've first encountered this because KPhotoAlbum crashed while reading exif information from a video, but it can be observed using the exiv2 commandline tool as well:

zing@mani:~/tmp/kphotoalbum/build$ exiv2 crash-exiv2.avi
*** Error in `exiv2': free(): invalid next size (fast): 0x0000000000bfca30 ***
Aborted (core dumped)
zing@mani:~/tmp/kphotoalbum/build$ echo "bt" | gdb --quiet exiv2 core
Reading symbols from exiv2...(no debugging symbols found)...done.
[New LWP 7618]
Core was generated by `exiv2 crash-exiv2.avi'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007fc4222c0107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) #0  0x00007fc4222c0107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007fc4222c14e8 in __GI_abort () at abort.c:89
#2  0x00007fc4222fe044 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7fc4223f0c60 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007fc42230381e in malloc_printerr (action=1, str=0x7fc4223f0e20 "free(): invalid next size (fast)", ptr=<optimized out>) at malloc.c:4996
#4  0x00007fc422304526 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
#5  0x00007fc422f914f9 in Exiv2::RiffVideo::infoTagsHandler() () from /usr/lib/x86_64-linux-gnu/libexiv2.so.13
#6  0x00007fc422f95355 in Exiv2::RiffVideo::decodeBlock() () from /usr/lib/x86_64-linux-gnu/libexiv2.so.13
#7  0x00007fc422f94f88 in Exiv2::RiffVideo::tagDecoder(Exiv2::DataBuf&, unsigned long) () from /usr/lib/x86_64-linux-gnu/libexiv2.so.13
#8  0x00007fc422f95355 in Exiv2::RiffVideo::decodeBlock() () from /usr/lib/x86_64-linux-gnu/libexiv2.so.13
#9  0x00007fc422f956f8 in Exiv2::RiffVideo::readMetadata() () from /usr/lib/x86_64-linux-gnu/libexiv2.so.13
#10 0x00000000004177ab in ?? ()
#11 0x000000000041a0fc in ?? ()
#12 0x00000000004057fe in ?? ()
#13 0x00007fc4222acb45 in __libc_start_main (main=0x4056e0, argc=2, argv=0x7fff457c97e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff457c97d8) at libc-start.c:287
#14 0x0000000000405aea in ?? ()
(gdb) quit

Some information on the video:

$ mplayer -really-quiet -identify -frames 0 crash-exiv2.avi 
ID_VIDEO_ID=0
ID_AUDIO_ID=0
ID_CLIP_INFO_NAME0=date
ID_CLIP_INFO_VALUE0=$2
ID_CLIP_INFO_NAME1=encoder
ID_CLIP_INFO_VALUE1=Lavf53.32.100
ID_CLIP_INFO_N=2
ID_FILENAME=crash-exiv2.avi
ID_DEMUXER=lavfpref
ID_VIDEO_FORMAT=MP4V
ID_VIDEO_BITRATE=0
ID_VIDEO_WIDTH=240
ID_VIDEO_HEIGHT=320
ID_VIDEO_FPS=15.000
ID_VIDEO_ASPECT=0.7500
ID_AUDIO_FORMAT=1
ID_AUDIO_BITRATE=64000
ID_AUDIO_RATE=8000
ID_AUDIO_NCH=1
ID_START_TIME=0.00
ID_LENGTH=1.27
ID_SEEKABLE=1
ID_CHAPTERS=0
ID_VIDEO_CODEC=ffodivx
ID_AUDIO_BITRATE=64000
ID_AUDIO_RATE=8000
ID_AUDIO_NCH=1
ID_AUDIO_CODEC=pcm
ID_EXIT=EOF

I'm using Debian unstable with libexiv2-13:

$ dpkg -l exiv2 libexiv2-13 libexiv2-dev
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                                                  Version                         Architecture                    Description
+++-=====================================================-===============================-===============================-===============================================================================================================
ii  exiv2                                                 0.24-4                          amd64                           EXIF/IPTC metadata manipulation tool
ii  libexiv2-13:amd64                                     0.24-4                          amd64                           EXIF/IPTC metadata manipulation library
ii  libexiv2-dev                                          0.24-4                          amd64                           EXIF/IPTC metadata manipulation library - development files

crash-exiv2.avi (281 KB) Johannes Zarl, 25 Nov 2014 16:52

History

#1 Updated by Abhinav Badola over 3 years ago

Thanks Johannes. :)

I will look into this bug this coming weekend and work on the fix.

#2 Updated by Abhinav Badola over 3 years ago

Hi Johannes,

I am sorry, but I am not able to reproduce the bug on my laptop.
I am using the exiv2 from the trunk and this is what I got.


[badola@XPS:~/exiv2/trunk/build]$./bin/exiv2 -pa ../../crash-exiv2.avi 
Xmp.video.FileSize                           XmpText     8  0.274137
Xmp.video.FileName                           XmpText    21  ../../crash-exiv2.avi
Xmp.video.MimeType                           XmpText    10  video/riff
Xmp.video.Container                          XmpText     4  RIFF
Xmp.video.FileType                           XmpText     4  AVI 
Xmp.video.MicroSecPerFrame                   XmpText     5  66666
Xmp.video.MaxDataRate                        XmpText     6  7.8125
Xmp.video.FrameCount                         XmpText     2  19
Xmp.video.StreamCount                        XmpText     1  2
Xmp.video.Width                              XmpText     3  240
Xmp.video.Height                             XmpText     3  320
Xmp.video.AspectRatio                        XmpText     3  0.7
Xmp.video.FileDataRate                       XmpText    11  0.000216538
Xmp.video.Duration                           XmpText     4  1266
Xmp.video.Codec                              XmpText     4  FMP4
Xmp.video.FrameRate                          XmpText     2  15
Xmp.video.VideoQuality                       XmpText    10  4294967295
Xmp.video.VideoSampleSize                    XmpText     1  0
Xmp.video.Planes                             XmpText     1  1
Xmp.video.PixelDepth                         XmpText     2  24
Xmp.video.Compressor                         XmpText     4  FMP4
Xmp.video.ImageLength                        XmpText     6  230400
Xmp.video.PixelPerMeterX                     XmpText     1  0
Xmp.video.PixelPerMeterY                     XmpText     1  0
Xmp.video.NumOfColours                       XmpText    11  Unspecified
Xmp.video.NumOfImpColours                    XmpText     3  All
Xmp.audio.Codec                              XmpText     1  
Xmp.audio.SampleRate                         XmpText     4  8000
Xmp.audio.SampleCount                        XmpText     5  10144
Xmp.audio.Compressor                         XmpText    13  Microsoft PCM
Xmp.audio.ChannelType                        XmpText     4  Mono
Xmp.audio.SampleType                         XmpText     4  8000
Xmp.audio.BitsPerSample                      XmpText     1  8
Xmp.video.Junk                               XmpText     0  
Xmp.video.DateTimeDigitized                  XmpText     2  $2

Maybe the bug got fixed in trunk and is present in some older version.

Can you please confirm if you are using the latest code from the trunk..??

#3 Updated by Johannes Zarl over 3 years ago

Hi Abhinav,

I've checked again with the latest trunk, and it seems to be fixed. The version in tags/0.24 crashes.

I guess I'll just have to wait for version 0.25, then ;-)

Thanks for looking into it,
Johannes

#4 Updated by Robin Mills over 3 years ago

  • Status changed from New to Resolved
  • Target version set to 0.25

Abhinav and Johannes

I'm going to mark this as "Resolved". It will not be changed to "Closed" until review as part of the v0.25 release process. If anything new comes to light about this, please update this issue report and it will be investigated.

Robin

#5 Updated by Abhinav Badola over 3 years ago

  • % Done changed from 0 to 100

Thanks Johannes, for verifying it for us. :)

#6 Updated by Nico Kruber over 3 years ago

FYI: I fixed this bug by applying the patch from revision 3264, i.e. http://dev.exiv2.org/projects/exiv2/repository/revisions/3264

So, this bug seems to be related to #960

#7 Updated by Abhinav Badola over 3 years ago

Thanks a lot, Nico. :)

Really appreciate your efforts in making Exiv2 better.

Nico Kruber wrote:

FYI: I fixed this bug by applying the patch from revision 3264, i.e. http://dev.exiv2.org/projects/exiv2/repository/revisions/3264

So, this bug seems to be related to #960

#8 Updated by Nico Kruber over 3 years ago

thanks for your patch, Abhinav - I finally have a working digikam again :)
(luckily it was a clean patch which I could apply to 0.24 straight away)

#9 Updated by Andreas Huggel about 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF

Redmine Appliance - Powered by TurnKey Linux