Bug #1002
libexiv2 crashes on some video files
100%
Description
libexiv2 crashes on some AVI video files in my collection. MPlayer does not report any problem with the file. As far as I can remember, the video has been rotated/reencoded using mencoder.
I've first encountered this because KPhotoAlbum crashed while reading exif information from a video, but it can be observed using the exiv2 commandline tool as well:
zing@mani:~/tmp/kphotoalbum/build$ exiv2 crash-exiv2.avi *** Error in `exiv2': free(): invalid next size (fast): 0x0000000000bfca30 *** Aborted (core dumped) zing@mani:~/tmp/kphotoalbum/build$ echo "bt" | gdb --quiet exiv2 core Reading symbols from exiv2...(no debugging symbols found)...done. [New LWP 7618] Core was generated by `exiv2 crash-exiv2.avi'. Program terminated with signal SIGABRT, Aborted. #0 0x00007fc4222c0107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) #0 0x00007fc4222c0107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007fc4222c14e8 in __GI_abort () at abort.c:89 #2 0x00007fc4222fe044 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7fc4223f0c60 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007fc42230381e in malloc_printerr (action=1, str=0x7fc4223f0e20 "free(): invalid next size (fast)", ptr=<optimized out>) at malloc.c:4996 #4 0x00007fc422304526 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840 #5 0x00007fc422f914f9 in Exiv2::RiffVideo::infoTagsHandler() () from /usr/lib/x86_64-linux-gnu/libexiv2.so.13 #6 0x00007fc422f95355 in Exiv2::RiffVideo::decodeBlock() () from /usr/lib/x86_64-linux-gnu/libexiv2.so.13 #7 0x00007fc422f94f88 in Exiv2::RiffVideo::tagDecoder(Exiv2::DataBuf&, unsigned long) () from /usr/lib/x86_64-linux-gnu/libexiv2.so.13 #8 0x00007fc422f95355 in Exiv2::RiffVideo::decodeBlock() () from /usr/lib/x86_64-linux-gnu/libexiv2.so.13 #9 0x00007fc422f956f8 in Exiv2::RiffVideo::readMetadata() () from /usr/lib/x86_64-linux-gnu/libexiv2.so.13 #10 0x00000000004177ab in ?? () #11 0x000000000041a0fc in ?? () #12 0x00000000004057fe in ?? () #13 0x00007fc4222acb45 in __libc_start_main (main=0x4056e0, argc=2, argv=0x7fff457c97e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff457c97d8) at libc-start.c:287 #14 0x0000000000405aea in ?? () (gdb) quit
Some information on the video:
$ mplayer -really-quiet -identify -frames 0 crash-exiv2.avi ID_VIDEO_ID=0 ID_AUDIO_ID=0 ID_CLIP_INFO_NAME0=date ID_CLIP_INFO_VALUE0=$2 ID_CLIP_INFO_NAME1=encoder ID_CLIP_INFO_VALUE1=Lavf53.32.100 ID_CLIP_INFO_N=2 ID_FILENAME=crash-exiv2.avi ID_DEMUXER=lavfpref ID_VIDEO_FORMAT=MP4V ID_VIDEO_BITRATE=0 ID_VIDEO_WIDTH=240 ID_VIDEO_HEIGHT=320 ID_VIDEO_FPS=15.000 ID_VIDEO_ASPECT=0.7500 ID_AUDIO_FORMAT=1 ID_AUDIO_BITRATE=64000 ID_AUDIO_RATE=8000 ID_AUDIO_NCH=1 ID_START_TIME=0.00 ID_LENGTH=1.27 ID_SEEKABLE=1 ID_CHAPTERS=0 ID_VIDEO_CODEC=ffodivx ID_AUDIO_BITRATE=64000 ID_AUDIO_RATE=8000 ID_AUDIO_NCH=1 ID_AUDIO_CODEC=pcm ID_EXIT=EOF
I'm using Debian unstable with libexiv2-13:
$ dpkg -l exiv2 libexiv2-13 libexiv2-dev Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=====================================================-===============================-===============================-=============================================================================================================== ii exiv2 0.24-4 amd64 EXIF/IPTC metadata manipulation tool ii libexiv2-13:amd64 0.24-4 amd64 EXIF/IPTC metadata manipulation library ii libexiv2-dev 0.24-4 amd64 EXIF/IPTC metadata manipulation library - development files
Files
History
Updated by Abhinav Badola almost 7 years ago
Thanks Johannes. :)
I will look into this bug this coming weekend and work on the fix.
Updated by Abhinav Badola almost 7 years ago
Hi Johannes,
I am sorry, but I am not able to reproduce the bug on my laptop.
I am using the exiv2 from the trunk and this is what I got.
[badola@XPS:~/exiv2/trunk/build]$./bin/exiv2 -pa ../../crash-exiv2.avi Xmp.video.FileSize XmpText 8 0.274137 Xmp.video.FileName XmpText 21 ../../crash-exiv2.avi Xmp.video.MimeType XmpText 10 video/riff Xmp.video.Container XmpText 4 RIFF Xmp.video.FileType XmpText 4 AVI Xmp.video.MicroSecPerFrame XmpText 5 66666 Xmp.video.MaxDataRate XmpText 6 7.8125 Xmp.video.FrameCount XmpText 2 19 Xmp.video.StreamCount XmpText 1 2 Xmp.video.Width XmpText 3 240 Xmp.video.Height XmpText 3 320 Xmp.video.AspectRatio XmpText 3 0.7 Xmp.video.FileDataRate XmpText 11 0.000216538 Xmp.video.Duration XmpText 4 1266 Xmp.video.Codec XmpText 4 FMP4 Xmp.video.FrameRate XmpText 2 15 Xmp.video.VideoQuality XmpText 10 4294967295 Xmp.video.VideoSampleSize XmpText 1 0 Xmp.video.Planes XmpText 1 1 Xmp.video.PixelDepth XmpText 2 24 Xmp.video.Compressor XmpText 4 FMP4 Xmp.video.ImageLength XmpText 6 230400 Xmp.video.PixelPerMeterX XmpText 1 0 Xmp.video.PixelPerMeterY XmpText 1 0 Xmp.video.NumOfColours XmpText 11 Unspecified Xmp.video.NumOfImpColours XmpText 3 All Xmp.audio.Codec XmpText 1 Xmp.audio.SampleRate XmpText 4 8000 Xmp.audio.SampleCount XmpText 5 10144 Xmp.audio.Compressor XmpText 13 Microsoft PCM Xmp.audio.ChannelType XmpText 4 Mono Xmp.audio.SampleType XmpText 4 8000 Xmp.audio.BitsPerSample XmpText 1 8 Xmp.video.Junk XmpText 0 Xmp.video.DateTimeDigitized XmpText 2 $2
Maybe the bug got fixed in trunk and is present in some older version.
Can you please confirm if you are using the latest code from the trunk..??
Updated by Johannes Zarl almost 7 years ago
Hi Abhinav,
I've checked again with the latest trunk, and it seems to be fixed. The version in tags/0.24 crashes.
I guess I'll just have to wait for version 0.25, then ;-)
Thanks for looking into it,
Johannes
Updated by Robin Mills almost 7 years ago
- Status changed from New to Resolved
- Target version set to 0.25
Abhinav and Johannes
I'm going to mark this as "Resolved". It will not be changed to "Closed" until review as part of the v0.25 release process. If anything new comes to light about this, please update this issue report and it will be investigated.
Robin
Updated by Abhinav Badola almost 7 years ago
- % Done changed from 0 to 100
Thanks Johannes, for verifying it for us. :)
Updated by Nico Kruber almost 7 years ago
FYI: I fixed this bug by applying the patch from revision 3264, i.e. http://dev.exiv2.org/projects/exiv2/repository/revisions/3264
So, this bug seems to be related to #960
Updated by Abhinav Badola almost 7 years ago
Thanks a lot, Nico. :)
Really appreciate your efforts in making Exiv2 better.
Nico Kruber wrote:
FYI: I fixed this bug by applying the patch from revision 3264, i.e. http://dev.exiv2.org/projects/exiv2/repository/revisions/3264
So, this bug seems to be related to #960
Updated by Nico Kruber almost 7 years ago
thanks for your patch, Abhinav - I finally have a working digikam again :)
(luckily it was a clean patch which I could apply to 0.24 straight away)