AcademySoftwareFoundation
[BUG] Invalid write crash when opening certain RAW images
Describe the bug
When opening some RAW images I get a hard crash in my application when opening them with raw:Demosaic = "none". Specifically the debugger says:
HEAP[prog.exe]: Heap block at 000002166E310F50 modified at 000002166E312908 past requested size of 19a8
Crash stack for reference:
To Reproduce Steps to reproduce the behavior:
- Download image from evidence
- Open image
- Crash
Expected behavior No crash please. Would expect it to throw an exception we can handle.
Evidence Here is a direct link to the images which should be able to reproduce the crash. Just in case I'll also zip it and attach them here.
http://www.rawsamples.ch/raws/pentax/RAW_PENTAX_K5IIS.PEF RAW_PENTAX_K5IIS.zip
http://www.rawsamples.ch/raws/nikon/d1x/RAW_NIKON_D1X.NEF RAW_NIKON_D1X.zip
http://www.rawsamples.ch/raws/canon/40d/RAW_CANON_40D_SRAW_V103.CR2 RAW_CANON_40D_SRAW_V103.zip
http://www.rawsamples.ch/raws/kodak/RAW_KODAK_C330_FORMAT422_YRGB.RAW RAW_KODAK_C330_FORMAT422_YRGB.zip
http://www.rawsamples.ch/raws/kodak/RAW_KODAK_C330_FORMAT420_YRGB.RAW RAW_KODAK_C330_FORMAT420_YRGB.zip
http://www.rawsamples.ch/raws/kodak/RAW_KODAK_C330_FORMAT_NONE_YRGB.RAW RAW_KODAK_C330_FORMAT_NONE_YRGB.zip
Platform information:
- OIIO branch/version: 2.3.7.2
- OS: Windows
- C++ compiler: VS 2019
- Any non-default build flags when you build OIIO: libraw, heic support
Sorry, I forgot some important info which is that this happens when setting raw:Demosaic to none. Updated post/title. I believe these images work fine when we used AHD.
Thanks, that was an important clue!
I can reproduce now. I wasn't able to without knowing about the demosaic hint. Stay tuned, looking into it.
Fix proposed in #3125
Do you have the ability to apply that patch on your end and verify that it works for all the cases that crashed for you?
I got this built and loaded, but it still crashes on 4/6 of the images listed above. This patch does seem to fix the NEF and PEF files though.
For the other 4 (Canon CR2 and all the Kodak files), they crash in convert_pixel_values:
I do have several other images that I may not be able to post to evidence for that crash, but I'll try to check if any of them crash in a unique way outside of the above stack trace.
Oh, sorry. The very first one I tried crashed, so when I fixed it, I thought I had it nailed. That's not very thorough of me, I should have checked them all. Will try to get to this today.
I've certainly had that feeling before. Thank you very much for working on this!
It looks like I fixed the non-rotated case, but the rotated cases are doing the wrong thing when not demosaicing. I'm a little afraid of clobbering the in-progress of @shootfast who says he has in-progress patches about this very issue, so I'm considering just handing the problem off to him (which he may have already fixed, for all I know).
Another update. I'm not sure if this is 100% the same bug, but it seems to be crashing in the same place. Specifically on Fuji RAW files that have a 4x4 pattern, opening with demosaic none crashes. 6x6 and 2x2 patterns seem to work fine.
Here are some files: http://www.rawsamples.ch/raws/fuji/e550/RAW_FUJI_E550.RAF http://www.rawsamples.ch/raws/fuji/e900/RAW_FUJI_E900.RAF http://www.rawsamples.ch/raws/fuji/RAW_FUJI_S9600.RAF
Ah amazing, thanks for all the example files. I'll make sure this is fixed up soon!
What is the status of this issue?
I haven't heard of any sort of update to this and the files posted still crash. As far as I'm aware @Shootfast was going to handle this, but I think they are probably busy with other things.
@lgritz Do you have any idea on the status? If the original plan of the RAW patch isn't happening do you think it's worthwhile to simply handle the individual cases?
Just bumping this for my own benefit. I'm sorry about the absolute snails pace of updates / development. I am hoping to have something very soon.