Project

General

Profile

Bug #1268

Building for debug in windows causes heap corruption error.

Added by Ben Touchette almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Robin Mills
Category:
build
Target version:
0.26
Start date:
23 Dec 2016
Due date:
% Done:

100%

Estimated time:
1.00 h

Description

When building in Windows for either cmake/msvc or msvc solution from the msvc folder when creating a debug version has the issue where it will crash with a heap corruption error. Tested using MSVC 2015 CE and Pro versions.

Including image of heap corruption dialog, as well as a test image.

Running "exiv2.exe 661px-Laser_Towards_Milky_Ways_Centre-Edit.tif" from a shell or console and the error pops up.

Building a release version doesn't seem to have the issue.

Files

exiv2-heap-corruption.jpg (43.7 KB) exiv2-heap-corruption.jpg Screenshot of heap corruption error. Ben Touchette, 23 Dec 2016 19:40
661px-Laser_Towards_Milky_Ways_Centre-Edit.tif (509 KB) 661px-Laser_Towards_Milky_Ways_Centre-Edit.tif test image Ben Touchette, 23 Dec 2016 19:41
image.diff (1.02 KB) image.diff diff for src/image.cpp workaround for heap crash. Ben Touchette, 28 Dec 2016 19:45

Associated revisions

Revision 4708 (diff)
Added by Robin Mills almost 5 years ago

#1268 Fix submitted. Ben and Robin both discovered and fixed this independantly with the same fix!

History

#2

Updated by Robin Mills almost 5 years ago

  • Category set to build
  • Status changed from New to Assigned
  • Assignee set to Robin Mills
  • Target version set to 0.26

Happy Holidays. I'll have a look at this next week while I'm on vacation.

#3

Updated by Ben Touchette almost 5 years ago

Thanks and if i find anything else i'll update it. I forgot to add the cmake flags i'd for build exiv2:

-DEXIV2_ENABLE_NLS=OFF -DEXIV2_ENABLE_VIDEO=ON -DEXIV2_ENABLE_SHARED=OFF -DEXIV2_ENABLE_BUILD_SAMPLES=OFF -DEXIV2_ENABLE_WIN_UNICODE=ON

Happy holidays Robin :)

#4

Updated by Ben Touchette almost 5 years ago

I spent yesterday eliminating all the undefined warnings and messages as possible culprits. It dies in Image::printIFDStructure when destroying a DataBuf it performs a delete on pData_ and dies at that point. Will keep the debugger warm & running and try to see if i understand why.

#5

Updated by Ben Touchette almost 5 years ago

This patch seems to fix my crash.

I haven't determined the why, but the cause was that the buffer created was several bytes too short, the memcpy always expects 4 bytes though so wee were obviously read past allocated memory. The work around for now is to allocate at least 4 bytes to the buffer if smaller than 4 bytes.

#6

Updated by Robin Mills almost 5 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100
  • Estimated time set to 1.00 h

Fix submitted: r4708 Great team-work between Ben and Robin.

I discovered this tonight while investigating 1272/ReaganLargeTiff.tiff issues. I discovered and thought of the same fix BEFORE I looked at this bug report! Test suite successfully runs in win32/debugdll build, other than known issues concerning ReaganLargeTiff.tiff.

Also available in: Atom PDF