Bug #855

Segfault when accessing focalLength with 0.23

Added by Tobias E. about 9 years ago. Updated about 5 years ago.

Target version:
Start date:
07 Oct 2012
Due date:
% Done:


Estimated time:
1.00 h


When trying to access the focal length in an image I get a segfault in value.hpp:1689.

I attached a minimal test program. The image that triggers this can be found in [0] (part0.jpg).

I am using libexiv2 version 0.23 from Debian sid.



main.cpp (519 Bytes) main.cpp small test program that segfaults with part0.jpg from the link Tobias E., 07 Oct 2012 04:08

Associated revisions

Revision 4647 (diff)
Added by Robin Mills about 5 years ago

#855 Fix submitted.

Revision 4649 (diff)
Added by Robin Mills about 5 years ago

#855 Remove compiler signed/unsigned warning.



Updated by Robin Mills over 6 years ago

  • Category set to metadata
  • Status changed from New to Assigned
  • Assignee set to Robin Mills
  • Target version set to 0.25


Thanks for reporting this and my sincere apologies for not having previously noticed this issue. We are approaching our v0.25 release and I'm working through Redmine and discovered this near the bottom of the pond.

And thank you for providing the sample code and the test image as a url on darktable's web site. v0.25 can read/write metadata over http (and other protocols). There is a fault in the test file (your trouble) and we should not be crashing under any circumstances (our trouble). Here's the evidence:

725 rmills@rmillsmbp:~/gnu/exiv2/trunk $ exiv2 -pv -g Focal
Error: Upper boundary of data for directory Photo, entry 0x920a is out of bounds: Offset = 0x000003dc, size = 8, exceeds buffer size by 6 Bytes; truncating the entry
0x920a Photo        FocalLength                 Rational    0   <---- Rational normally requires two values  
0xa405 Photo        FocalLengthIn35mmFilm       Short       1  82
726 rmills@rmillsmbp:~/gnu/exiv2/trunk $ 
You can see that an error was detected in your file and I believe that's part what is wrong. None-the-less, your toFloat() code segfaults and I will investigate this.


Updated by Tobias E. over 6 years ago

I agree that the image is broken. I don't even know how it was created. Unfortunately we as programmers can't control what people do with our programs so dealing with broken files can't be avoided I guess. Anyway, thanks for looking into this. And hearing of a new release is great news. :)


Updated by Robin Mills over 6 years ago


We had a team meeting on Sunday (April 26) and we have agreed v0.25 on May 17. I will be surprised if encounter a show-stopper.

The seg fault in toFloat() is puzzling. I encountered a similar issue in toLong this morning r3756. I'm going to put this crash on the "must fix" list for v0.25.


Updated by Robin Mills over 6 years ago

  • Assignee changed from Robin Mills to Andreas Huggel

I'm pushing this one to Andreas who wrote this code. We're down inside templatized code and I'm not sure what's going on.


Updated by Alan Pater over 6 years ago

  • Target version changed from 0.25 to 0.26

Updated by Robin Mills about 5 years ago

  • Assignee changed from Andreas Huggel to Robin Mills
  • % Done changed from 0 to 100
  • Estimated time set to 1.00 h

I think this has already been fixed.

I've copied the file to test/data/exiv2-bug855.jpg and updated the test suite.

847 rmills@rmillsmbp:~/gnu/exiv2/trunk/build $ bin/Debug/exiv2 -vVg curl -g svn
exiv2 0.25 001900 (64 bit build)
curlprotocols=dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
848 rmills@rmillsmbp:~/gnu/exiv2/trunk/build $ bin/Debug/exiv2 -pa --grep Focal/i 2>/dev/null
Exif.Photo.FocalLength                       Rational    0  
Exif.Photo.FocalLengthIn35mmFilm             Short       1  82.0 mm
849 rmills@rmillsmbp:~/gnu/exiv2/trunk/build $ 

Updated by Robin Mills about 5 years ago

  • Status changed from Assigned to Closed

Also available in: Atom PDF