[Digikam-devel] [Bug 134999] crash in exiv2 when searching for new images
Marcel Wiesweg
marcel.wiesweg at gmx.de
Wed Dec 6 19:14:09 GMT 2006
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=134999
------- Additional Comments From marcel.wiesweg gmx de 2006-12-06 20:14 -------
Thanks for your testing. All your debug logs seem to show the same problem.
What is happening before valgrind reports an error:
digikam: detectEncodingAndDecode 256 0
==28542==
==28542== Invalid write of size 2
==28542== at 0x4325A3A: Digikam::DMetadata::detectEncodingAndDecode(std::string const&) (dmetadata.cpp:1225)
There is an image comment, a std::string object. The string says its length is 256, strlen says the length is 0, which means the first character is \0. This happens always before valgrind errors, for the "normal" comments, string::length() and strlen agree on the string length.
Then, in the code from QLatin15Codec, there seems to be a off-by-one problem. (It operates on ushort, 2 bytes). This code does not check the length parameter passed from digikam.
The Latin15 codec differs from Latin1 only in 8 of 256 values, so only if the bytes following the memory area have one of these values, they will be changed, and a crash seems to occur if some of glibc's memory management bytes are overwritten.
I will do some tests or think about what is the actual problem.
More information about the Digikam-devel
mailing list