AcademySoftwareFoundation
[BUG] crash in read_exif_tag
Describe the bug
I have a crash due to an image with a problem in the metadata. Here is the message from exifTool
> exiftool myimage.jpg | grep -i warning
Warning : Bad InteropOffset SubDirectory start
To Reproduce Steps to reproduce the behavior:
- Use an image with problematic metadata
- Call ImageBuf::read in a multi-threaded context
- You got a crash with the following backtrace:
(gdb) bt
#0 0x00007ffff062ac7c in OpenImageIO_v2_0::read_exif_tag(OpenImageIO_v2_0::ImageSpec&, TIFFDirEntry const*, OpenImageIO_v2_0::span<unsigned char const, -1l>, bool, int, std::set<unsigned long, std::less<unsigned long>, std::allocator<unsigned long> >&, OpenImageIO_v2_0::pvt::TagMap const&) () from /apps/packages/cgDev/oiio/2.0.8/platform-linux/build-debug/lib64/libOpenImageIO.so.2.0
#1 0x00007ffff062b392 in OpenImageIO_v2_0::pvt::decode_ifd(unsigned char const*, OpenImageIO_v2_0::span<unsigned char const, -1l>, OpenImageIO_v2_0::ImageSpec&, OpenImageIO_v2_0::pvt::TagMa
p const&, std::set<unsigned long, std::less<unsigned long>, std::allocator<unsigned long> >&, bool, int) () from /apps/packages/cgDev/oiio/2.0.8/platform-linux/build-debug/lib64/libOpenImageIO.so.2.0
#2 0x00007ffff062b481 in OpenImageIO_v2_0::decode_exif(OpenImageIO_v2_0::span<unsigned char const, -1l>, OpenImageIO_v2_0::ImageSpec&) () from /apps/packages/cgDev/oiio/2.0.8/platform-linux/build-debug/lib64/libOpenImageIO.so.2.0
#3 0x00007ffff062b853 in OpenImageIO_v2_0::decode_exif(OpenImageIO_v2_0::string_view, OpenImageIO_v2_0::ImageSpec&) () from /apps/packages/cgDev/oiio/2.0.8/platform-linux/build-debug/lib64/libOpenImageIO.so.2.0
#4 0x00007ffff082b4fd in OpenImageIO_v2_0::JpgInput::open(std::string const&, OpenImageIO_v2_0::ImageSpec&) () from /apps/packages/cgDev/oiio/2.0.8/platform-linux/build-debug/lib64/libOpenImageIO.so.2.0
#5 0x00007ffff082bf1d in OpenImageIO_v2_0::JpgInput::open(std::string const&, OpenImageIO_v2_0::ImageSpec&, OpenImageIO_v2_0::ImageSpec const&) () from /apps/packages/cgDev/oiio/2.0.8/platform-linux/build-debug/lib64/libOpenImageIO.so.2.0
#6 0x00007ffff06c8924 in OpenImageIO_v2_0::ImageInput::open(std::string const&, OpenImageIO_v2_0::ImageSpec const*) () from /apps/packages/cgDev/oiio/2.0.8/platform-linux/build-debug/lib64/libOpenImageIO.so.2.0
#7 0x00007ffff0664058 in OpenImageIO_v2_0::ImageBufImpl::read(int, int, int, int, bool, OpenImageIO_v2_0::TypeDesc, bool (*)(void*, float), void*) () from /apps/packages/cgDev/oiio/2.0.8/platform-linux/build-debug/lib64/libOpenImageIO.so.2.0
#8 0x00007ffff066609b in OpenImageIO_v2_0::ImageBuf::read(int, int, bool, OpenImageIO_v2_0::TypeDesc, bool (*)(void*, float), void*) () from /apps/packages/cgDev/oiio/2.0.8/platform-linux/build-debug/lib64/libOpenImageIO.so.2.0
Expected behavior Avoid crash even on problematic images. Other viewers and image editors manage to use them without crashing.
Evidence
The surprising thing is that it only crashes in a multi-threaded context (multiple calls to ImageBuf::read on different images from different threads).
I can provide an image but not publicly.
Platform information:
- OIIO branch/version: 2.0.8
- OS: CentOS 7.6
- C++ compiler: g++ 4.9
- Any non-default build flags when you build OIIO: No
I have a similar issue that OpenImageIO is crashing when opening an image with a specific EXIF tag. (with Natron Composing tool).
Where can I post you the image so you can have a look at it and maybe make a fix? (can not make it public since its from a client....).
I believe #2429 addressed this, and since nobody ever replied the last time I asked if it was still broken, I'm going to close the issue.