mirror of https://github.com/GNOME/gimp.git
Bug 682454: Plug-in crashed
plug-in-metadata-decode-exif makes use of the exif parasite attached to the image few lines above. and exif_data->size is the size of the thumbnail buffer that starts at exif_data->data and not at exif_data. ==4677== Invalid read of size 1 ==4677== at 0x4A0A130: memcpy@@GLIBC_2.14 (/builddir/build/BUILD/valgrind-3.7.0/memcheck/mc_replace_strmem.c:837) ==4677== by 0x4E440F8: gimp_write (gimp-2-8/libgimp/gimp.c:1726) ==4677== by 0x5BDD27E: gimp_wire_write (gimp-2-8/libgimpbase/gimpwire.c:174) ==4677== by 0x5BD9D41: _gp_params_write (gimp-2-8/libgimpbase/gimpprotocol.c:1748) ==4677== by 0x5BDDA46: gimp_wire_write_msg (gimp-2-8/libgimpbase/gimpwire.c:296) ==4677== by 0x5BDAE17: gp_proc_run_write (gimp-2-8/libgimpbase/gimpprotocol.c:305) ==4677== by 0x4E4513E: gimp_run_procedure2 (gimp-2-8/libgimp/gimp.c:993) ==4677== by 0x4E4544B: gimp_run_procedure (gimp-2-8/libgimp/gimp.c:926) ==4677== by 0x40BD36: gimp_metadata_store_exif (gimp-2-8/plug-ins/file-jpeg/gimpexif.c:69) ==4677== by 0x406EA4: load_image (gimp-2-8/plug-ins/file-jpeg/jpeg-load.c:343) ==4677== by 0x405A2E: run (gimp-2-8/plug-ins/file-jpeg/jpeg.c:235) ==4677== by 0x4E44AD8: gimp_main (gimp-2-8/libgimp/gimp.c:1992) ==4677== by 0x30A0421734: (below main) (in /usr/lib64/libc-2.15.so) ==4677== Address 0x8f75e01 is 1 bytes after a block of size 64 alloc'd ==4677== at 0x4A06F18: calloc (/builddir/build/BUILD/valgrind-3.7.0/coregrind/m_replacemalloc/vg_replace_malloc.c:566) ==4677== by 0x8AC304B: exif_data_new_mem (/home/massimo/libexif/libexif/exif-data.c:111) ==4677== by 0x8AC312D: exif_data_new (/home/massimo/libexif/libexif/exif-data.c:95) ==4677== by 0x407224: load_image (gimp-2-8/plug-ins/file-jpeg/jpeg-load.c:311)
This commit is contained in:
parent
77ab3271e3
commit
c09414b8b7
|
@ -69,8 +69,8 @@ void gimp_metadata_store_exif (gint32 image_ID,
|
|||
return_vals = gimp_run_procedure ("plug-in-metadata-decode-exif",
|
||||
&nreturn_vals,
|
||||
GIMP_PDB_IMAGE, image_ID,
|
||||
GIMP_PDB_INT32, exif_data->size,
|
||||
GIMP_PDB_INT8ARRAY, exif_data,
|
||||
GIMP_PDB_INT32, 7,
|
||||
GIMP_PDB_INT8ARRAY, "unused",
|
||||
GIMP_PDB_END);
|
||||
if (return_vals[0].data.d_status != GIMP_PDB_SUCCESS)
|
||||
g_warning ("JPEG Exif -> XMP Merge failed");
|
||||
|
|
Loading…
Reference in New Issue