exempi issueshttps://gitlab.freedesktop.org/libopenraw/exempi/-/issues2024-01-17T04:24:32Zhttps://gitlab.freedesktop.org/libopenraw/exempi/-/issues/31Segfault of exempi command-line tool when attempting to create sidecar file2024-01-17T04:24:32ZJérôme CarreteroSegfault of exempi command-line tool when attempting to create sidecar fileI stumbled upon this (exempi 2.6.4):
```sh
$ exempi -w test.xmp -s dc:creator -v me
XMPFiles::GetXMP - No open file
set error = -3
Segmentation fault (core dumped)
```
Backtrace:
```
#0 0x00007f8b84577f57 in TXMPFiles<std::__cxx11::ba...I stumbled upon this (exempi 2.6.4):
```sh
$ exempi -w test.xmp -s dc:creator -v me
XMPFiles::GetXMP - No open file
set error = -3
Segmentation fault (core dumped)
```
Backtrace:
```
#0 0x00007f8b84577f57 in TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::CanPutXMP(TXMPMeta<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > const&) ()
from /usr/lib64/libexempi.so.8
#1 0x00007f8b84570143 in xmp_files_can_put_xmp () from /usr/lib64/libexempi.so.8
#2 0x0000559b4d45da54 in main ()
```
I don't know what to expect from this invocation, but not a crash.
Note: escalating from https://github.com/python-xmp-toolkit/python-xmp-toolkit/issues/892.7.0Hubert FiguiereHubert Figuierehttps://gitlab.freedesktop.org/libopenraw/exempi/-/issues/30exempi-2.6.2 fails to build with musl2022-12-10T15:23:12ZFrancisco Ramosexempi-2.6.2 fails to build with muslThe attached patch (from Alpine Linux) is needed to be able to compile it with musl
https://bugs.gentoo.org/884027
```
/bin/sh ../../libtool --tag=CXX --mode=compile x86_64-gentoo-linux-musl-g++ -DPACKAGE_NAME=\"exempi\" -DPACKAGE_TA...The attached patch (from Alpine Linux) is needed to be able to compile it with musl
https://bugs.gentoo.org/884027
```
/bin/sh ../../libtool --tag=CXX --mode=compile x86_64-gentoo-linux-musl-g++ -DPACKAGE_NAME=\"exempi\" -DPACKAGE_TARNAME=\"exempi\" -DPACKAGE_VERSION=\"2.6.2\" -DPACKAGE_STRING=\"exempi\ 2.6.2\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"exempi\" -DVERSION=\"2.6.2\" -DHAVE_STDIO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_UNISTD_H=1 -DSTDC_HEADERS=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_CXX11=1 -DCHECKED_ENDIANNESS=1 -DHAVE_ICONV=1 -DICONV_CONST= -DTLS=__thread -DHAVE_NATIVE_TLS=1 -I. -I../../public/include -I../.. -DUNIX_ENV=1 -D_FILE_OFFSET_BITS=64 -fexceptions -funsigned-char -fPIC -Wno-multichar -Wno-ctor-dtor-privacy -Os -march=znver3 -mtune=znver3 -pipe -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wexceptions -Wformat -Werror=class-memaccess -Wformat-security -Wlogical-not-parentheses -Werror=misleading-indentation -Wmissing-noreturn -Werror=missing-field-initializers -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -c -o common/DumpFile.lo common/DumpFile.cpp
libtool: compile: x86_64-gentoo-linux-musl-g++ -DPACKAGE_NAME=\"exempi\" -DPACKAGE_TARNAME=\"exempi\" -DPACKAGE_VERSION=\"2.6.2\" "-DPACKAGE_STRING=\"exempi 2.6.2\"" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"exempi\" -DVERSION=\"2.6.2\" -DHAVE_STDIO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_UNISTD_H=1 -DSTDC_HEADERS=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_CXX11=1 -DCHECKED_ENDIANNESS=1 -DHAVE_ICONV=1 -DICONV_CONST= -DTLS=__thread -DHAVE_NATIVE_TLS=1 -I. -I../../public/include -I../.. -DUNIX_ENV=1 -D_FILE_OFFSET_BITS=64 -fexceptions -funsigned-char -fPIC -Wno-multichar -Wno-ctor-dtor-privacy -Os -march=znver3 -mtune=znver3 -pipe -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wexceptions -Wformat -Werror=class-memaccess -Wformat-security -Wlogical-not-parentheses -Werror=misleading-indentation -Wmissing-noreturn -Werror=missing-field-initializers -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -c common/DumpFile.cpp -fPIC -DPIC -o common/.libs/DumpFile.o
common/DumpFile.cpp: In function 'std::string convert8Bit(void*, bool, XMP_Uns32)':
common/DumpFile.cpp:57:22: warning: unused variable 'tmp' [-Wunused-variable]
57 | char tmp = ((char*)str)[byteLen - 1];
| ^~~
common/DumpFile.cpp: In function 'std::string convert16Bit(bool, XMP_Uns8*, bool, XMP_Uns32)':
common/DumpFile.cpp:109:22: warning: unused variable 'tmp' [-Wunused-variable]
109 | char tmp = str[byteLen - 1];
| ^~~
common/DumpFile.cpp: In function 'void DumpImageResources(const JpegMarkers&, XMP_Uns8*, const char*)':
common/DumpFile.cpp:1315:28: warning: unused variable 'psirOrigin' [-Wunused-variable]
1315 | XMP_Uns8 * psirOrigin = psirMarkers[i].jpegMarkerPtr;
| ^~~~~~~~~~
In file included from ../../samples/source/common/LargeFileAccess.hpp:27,
from ../../samples/source/common/TagTree.h:22,
from ../../samples/source/common/DumpFile.h:13,
from common/DumpFile.cpp:37:
common/DumpFile.cpp: In function 'void DumpISOBoxes(LFA_FileRef, XMP_Uns32, std::string)':
common/DumpFile.cpp:2479:56: error: cannot convert 'std::nullptr_t' to 'XMP_Uns16' {aka 'short unsigned int'} in assignment
2479 | exif_item_id = NULL;
| ^~~~
common/DumpFile.cpp:2472:51: warning: unused variable 'tiffLength1' [-Wunused-variable]
2472 | XMP_Uns64 tiffLength1 = (stoi(tree->getValue("meta/iloc/item[" + to_string(exif_item_id) + "]/extent_length")));
| ^~~~~~~~~~~
common/DumpFile.cpp:2497:56: error: cannot convert 'std::nullptr_t' to 'XMP_Uns16' {aka 'short unsigned int'} in assignment
2497 | mime_item_id = NULL;
| ^~~~
common/DumpFile.cpp:2532:43: warning: declaration of 'item_id' shadows a previous local [-Wshadow]
2532 | XMP_Uns32 item_id;
| ^~~~~~~
common/DumpFile.cpp:2352:35: note: shadowed declaration is here
2352 | XMP_Uns16 item_id;
| ^~~~~~~
common/DumpFile.cpp:2649:56: error: cannot convert 'std::nullptr_t' to 'XMP_Uns16' {aka 'short unsigned int'} in assignment
2649 | exif_item_id = NULL;
| ^~~~
common/DumpFile.cpp:2642:51: warning: unused variable 'tiffLength1' [-Wunused-variable]
2642 | XMP_Uns64 tiffLength1 = (stoi(tree->getValue("meta/iloc/item[" + to_string(exif_item_id) + "]/extent_length")));
| ^~~~~~~~~~~
common/DumpFile.cpp:2667:56: error: cannot convert 'std::nullptr_t' to 'XMP_Uns16' {aka 'short unsigned int'} in assignment
2667 | mime_item_id = NULL;
[...]
```[1.patch](/uploads/b55ffd8bd39617eba95d4393fd29234c/1.patch)2.6.3https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/29consider updating autotool scripts2022-12-10T16:18:16ZMoody Liuconsider updating autotool scriptsHello,
I'm from the ArchRISC-V Team, an effort to port Arch Linux to RISC-V architecture.
While porting exempi, during the configure step we experienced an error:
<details>
```
checking build system type... ./config.guess: unable to ...Hello,
I'm from the ArchRISC-V Team, an effort to port Arch Linux to RISC-V architecture.
While porting exempi, during the configure step we experienced an error:
<details>
```
checking build system type... ./config.guess: unable to guess system type
This script, last modified 2009-11-20, has failed to recognize
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
and
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
If the version you run (./config.guess) is already up to date, please
send the following data and any information you think might be
pertinent to <config-patches@gnu.org> in order to provide the needed
information to handle your system.
config.guess timestamp = 2009-11-20
uname -m = riscv64
uname -r = 5.18.7-arch1-1
uname -s = Linux
uname -v = #1 SMP PREEMPT_DYNAMIC Sat, 25 Jun 2022 20:22:01 +0000
/usr/bin/uname -p = unknown
/bin/uname -X =
hostinfo =
/bin/universe =
/usr/bin/arch -k =
/bin/arch =
/usr/bin/oslevel =
/usr/convex/getsysinfo =
UNAME_MACHINE = riscv64
UNAME_RELEASE = 5.18.7-arch1-1
UNAME_SYSTEM = Linux
UNAME_VERSION = #1 SMP PREEMPT_DYNAMIC Sat, 25 Jun 2022 20:22:01 +0000
configure: error: cannot guess build type; you must specify one
```
</details>
It's been verified that running `autoreconf -fiv` in the project root directory resolves the problem.
We have [updated our build script](https://github.com/felixonmars/archriscv-packages/pull/1458) to run `autoreconf`, to make configure script updated, when packaging exempi,
but as part of our duty, we do suggest our upstreams do this once and for all instead.
Thanks :)2.6.3https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/28build failures on armhf/armel2022-12-10T16:09:26ZMichael Bieblbuild failures on armhf/armelVersion: 2.6.0 / 2.6.1
The latest version of exempi fails to build on armhf and armel as can be seen at
https://buildd.debian.org/status/package.php?p=exempi
```
g++ -DPACKAGE_NAME=\"exempi\" -DPACKAGE_TARNAME=\"exempi\" -DPACKAGE_VERS...Version: 2.6.0 / 2.6.1
The latest version of exempi fails to build on armhf and armel as can be seen at
https://buildd.debian.org/status/package.php?p=exempi
```
g++ -DPACKAGE_NAME=\"exempi\" -DPACKAGE_TARNAME=\"exempi\" -DPACKAGE_VERSION=\"2.6.1\" -DPACKAGE_STRING=\"exempi\ 2.6.1\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"exempi\" -DVERSION=\"2.6.1\" -DHAVE_STDIO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_UNISTD_H=1 -DSTDC_HEADERS=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_CXX11=1 -DCHECKED_ENDIANNESS=1 -DICONV_CONST= -DTLS=__thread -DHAVE_NATIVE_TLS=1 -I. -I../../public/include -I../.. -DUNIX_ENV=1 -D_FILE_OFFSET_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fexceptions -funsigned-char -fPIC -Wno-multichar -Wno-ctor-dtor-privacy -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wexceptions -Wformat-security -Wlogical-not-parentheses -Wmisleading-indentation -Wmissing-noreturn -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -c -o ReadingXMP.o ReadingXMP.cpp
/bin/bash ../../libtool --tag=CXX --mode=link g++ -fexceptions -funsigned-char -fPIC -Wno-multichar -Wno-ctor-dtor-privacy -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wexceptions -Wformat-security -Wlogical-not-parentheses -Wmisleading-indentation -Wmissing-noreturn -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -Wl,-z,relro -Wl,-z,now -o xmpfilescoverage XMPFilesCoverage.o ../../XMPCore/source/libXMPCore.la ../../XMPFiles/source/libXMPFiles.la ../../source/libxmpcommon.la -lexpat -lz ../../third-party/zuid/interfaces/libmd5.la -ldl -lrt
/bin/bash ../../libtool --tag=CXX --mode=link g++ -fexceptions -funsigned-char -fPIC -Wno-multichar -Wno-ctor-dtor-privacy -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wexceptions -Wformat-security -Wlogical-not-parentheses -Wmisleading-indentation -Wmissing-noreturn -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -Wl,-z,relro -Wl,-z,now -o dumpxmp DumpScannedXMP.o ../../XMPCore/source/libXMPCore.la ../../XMPFiles/source/libXMPFiles.la ../../source/libxmpcommon.la -lexpat -lz ../../third-party/zuid/interfaces/libmd5.la -ldl -lrt
libtool: link: g++ -fexceptions -funsigned-char -fPIC -Wno-multichar -Wno-ctor-dtor-privacy -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wexceptions -Wformat-security -Wlogical-not-parentheses -Wmisleading-indentation -Wmissing-noreturn -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -Wl,-z -Wl,relro -Wl,-z -Wl,now -o xmpfilescoverage XMPFilesCoverage.o ../../XMPCore/source/.libs/libXMPCore.a ../../XMPFiles/source/.libs/libXMPFiles.a ../../source/.libs/libxmpcommon.a -lexpat -lz ../../third-party/zuid/interfaces/.libs/libmd5.a -ldl -lrt
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.rodata+0x5c): multiple definition of `typeinfo name for TXMPMeta<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; libtool: link: g++ -fexceptions -funsigned-char -fPIC -Wno-multichar -Wno-ctor-dtor-privacy -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wexceptions -Wformat-security -Wlogical-not-parentheses -Wmisleading-indentation -Wmissing-noreturn -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -Wl,-z -Wl,relro -Wl,-z -Wl,now -o dumpxmp DumpScannedXMP.o ../../XMPCore/source/.libs/libXMPCore.a ../../XMPFiles/source/.libs/libXMPFiles.a ../../source/.libs/libxmpcommon.a -lexpat -lz ../../third-party/zuid/interfaces/.libs/libmd5.a -ldl -lrt
XMPFilesCoverage.o:(.rodata+0x0): first defined here
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.data.rel.ro+0x0): multiple definition of `typeinfo for TXMPMeta<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; XMPFilesCoverage.o:(.data.rel.ro+0x0): first defined here
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.rodata+0xb0): multiple definition of `typeinfo name for TXMPIterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; XMPFilesCoverage.o:(.rodata+0x40): first defined here
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.data.rel.ro+0x10): multiple definition of `typeinfo for TXMPIterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; XMPFilesCoverage.o:(.data.rel.ro+0x8): first defined here
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.rodata+0xf8): multiple definition of `typeinfo name for TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; XMPFilesCoverage.o:(.rodata+0x88): first defined here
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.data.rel.ro+0x18): multiple definition of `typeinfo for TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; XMPFilesCoverage.o:(.data.rel.ro+0x10): first defined here
/bin/bash ../../libtool --tag=CXX --mode=link g++ -fexceptions -funsigned-char -fPIC -Wno-multichar -Wno-ctor-dtor-privacy -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wexceptions -Wformat-security -Wlogical-not-parentheses -Wmisleading-indentation -Wmissing-noreturn -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -Wl,-z,relro -Wl,-z,now -o dumpmainxmp DumpMainXMP.o ../../XMPCore/source/libXMPCore.la ../../XMPFiles/source/libXMPFiles.la ../../source/libxmpcommon.la -lexpat -lz ../../third-party/zuid/interfaces/libmd5.la -ldl -lrt
libtool: link: g++ -fexceptions -funsigned-char -fPIC -Wno-multichar -Wno-ctor-dtor-privacy -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wexceptions -Wformat-security -Wlogical-not-parentheses -Wmisleading-indentation -Wmissing-noreturn -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -Wl,-z -Wl,relro -Wl,-z -Wl,now -o dumpmainxmp DumpMainXMP.o ../../XMPCore/source/.libs/libXMPCore.a ../../XMPFiles/source/.libs/libXMPFiles.a ../../source/.libs/libxmpcommon.a -lexpat -lz ../../third-party/zuid/interfaces/.libs/libmd5.a -ldl -lrt
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.rodata+0x5c): multiple definition of `typeinfo name for TXMPMeta<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; DumpMainXMP.o:(.rodata+0x0): first defined here
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.data.rel.ro+0x0): multiple definition of `typeinfo for TXMPMeta<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; DumpMainXMP.o:(.data.rel.ro+0x0): first defined here
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.rodata+0xb0): multiple definition of `typeinfo name for TXMPIterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; DumpMainXMP.o:(.rodata+0x40): first defined here
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.data.rel.ro+0x10): multiple definition of `typeinfo for TXMPIterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; DumpMainXMP.o:(.data.rel.ro+0x8): first defined here
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.rodata+0xf8): multiple definition of `typeinfo name for TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; DumpMainXMP.o:(.rodata+0x88): first defined here
/usr/bin/ld: ../../XMPFiles/source/.libs/libXMPFiles.a(XMPFiles_Impl.o):(.data.rel.ro+0x18): multiple definition of `typeinfo for TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >'; DumpMainXMP.o:(.data.rel.ro+0x10): first defined here
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:584: xmpfilescoverage] Error 1
make[3]: *** Waiting for unfinished jobs....
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:548: dumpmainxmp] Error 1
make[3]: Leaving directory '/<<PKGBUILDDIR>>/samples/source'
make[2]: *** [Makefile:416: all-recursive] Error 1
make[2]: Leaving directory '/<<PKGBUILDDIR>>/samples'
make[1]: *** [Makefile:450: all-recursive] Error 1
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
dh_auto_build: error: make -j4 returned exit code 2
make: *** [debian/rules:6: binary-arch] Error 25
dpkg-buildpackage: error: debian/rules binary-arch subprocess returned exit status 2
--------------------------------------------------------------------------------
```
The full build logs are available at
https://buildd.debian.org/status/fetch.php?pkg=exempi&arch=armel&ver=2.6.1-1&stamp=1650055715&raw=0
and
https://buildd.debian.org/status/fetch.php?pkg=exempi&arch=armhf&ver=2.6.1-1&stamp=1650053826&raw=02.6.3https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/273 * use of wrong operator ?2022-04-09T15:42:42Zdcb3143 * use of wrong operator ?I just tried to compile the package with new C compiler clang-14.
It said
ParseRDF.cpp:389:8: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical]
Source code is
if ( (name[i] < '0') | (name[i] > '9') )...I just tried to compile the package with new C compiler clang-14.
It said
ParseRDF.cpp:389:8: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical]
Source code is
if ( (name[i] < '0') | (name[i] > '9') ) return false;
Maybe better code:
if ( (name[i] < '0') || (name[i] > '9') ) return false;
Some duplicates:
P2_Handler.cpp:161:8: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical]
P2_Handler.cpp:235:8: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical]2.6.2https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/26README.md not shipped in dist tarball2022-02-28T19:10:58ZMichael BieblREADME.md not shipped in dist tarballVersion: 2.6.0
After the README has been renamed to README.md, it is no longer automatically added to the dist tarball [1].
I'm not sure if this omission is deliberate or not.
If not, README.md to should probably be added to EXTRA_DIS...Version: 2.6.0
After the README has been renamed to README.md, it is no longer automatically added to the dist tarball [1].
I'm not sure if this omission is deliberate or not.
If not, README.md to should probably be added to EXTRA_DIST in Makefile.am
[1] https://libopenraw.freedesktop.org/download/exempi-2.6.0.tar.bz22.6.1Hubert FiguiereHubert Figuierehttps://gitlab.freedesktop.org/libopenraw/exempi/-/issues/25Any plans to make new release?2022-02-13T05:28:51ZTomasz KłoczkoAny plans to make new release?I think that after ,ore than year of the development it would be good to make new release :smile:I think that after ,ore than year of the development it would be good to make new release :smile:2.6.0https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/24Remove boost_test_minimal2022-02-13T18:05:42ZHubert FiguiereRemove boost_test_minimal```
CXX tests/test-xmpformat.o
In file included from /usr/include/boost/config/header_deprecated.hpp:18,
from /usr/include/boost/test/minimal.hpp:34,
from ../../exempi/tests/test-xmpformat.cpp:39:...```
CXX tests/test-xmpformat.o
In file included from /usr/include/boost/config/header_deprecated.hpp:18,
from /usr/include/boost/test/minimal.hpp:34,
from ../../exempi/tests/test-xmpformat.cpp:39:
/usr/include/boost/test/minimal.hpp:35:1: note: ‘#pragma message: This header is deprecated. Use <boost/test/included/unit_test.hpp> instead.’
35 | BOOST_HEADER_DEPRECATED( "<boost/test/included/unit_test.hpp>" )
| ^~~~~~~~~~~~~~~~~~~~~~~
CXXLD testxmpformat
```
This should be replaced by something else.2.6.2https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/23exempi 2.5.2 `make check` fails on big endian (was: alpine linux mips64)2022-07-29T15:37:56ZNatanael Copaexempi 2.5.2 `make check` fails on big endian (was: alpine linux mips64)`make check` fails on alpine linux mips64:
```
============================================================================
Testsuite summary for exempi 2.5.2
============================================================================
...`make check` fails on alpine linux mips64:
```
============================================================================
Testsuite summary for exempi 2.5.2
============================================================================
# TOTAL: 16
# PASS: 15
# SKIP: 0
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0
============================================================================
See exempi/test-suite.log
============================================================================
make[4]: *** [Makefile:1373: test-suite.log] Error 1
make[4]: Leaving directory '/home/ncopa/aports/community/exempi/src/exempi-2.5.2/exempi'
make[3]: *** [Makefile:1481: check-TESTS] Error 2
make[3]: Leaving directory '/home/ncopa/aports/community/exempi/src/exempi-2.5.2/exempi'
make[2]: *** [Makefile:1678: check-am] Error 2
make[2]: Leaving directory '/home/ncopa/aports/community/exempi/src/exempi-2.5.2/exempi'
make[1]: *** [Makefile:1265: check-recursive] Error 1
make[1]: Leaving directory '/home/ncopa/aports/community/exempi/src/exempi-2.5.2/exempi'
make: *** [Makefile:445: check-recursive] Error 1
```
`exempi/test-suite.log` contains:
```
=========================================
exempi 2.5.2: exempi/test-suite.log
=========================================
# TOTAL: 16
# PASS: 15
# SKIP: 0
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0
.. contents:: :depth: 2
FAIL: tests/testcore
====================
Running ../samples/source/dumpmainxmp ./../samples/testfiles/BlueSquare.ai
Running ../samples/source/dumpmainxmp ./../samples/testfiles/BlueSquare.eps
Running ../samples/source/dumpmainxmp ./../samples/testfiles/BlueSquare.gif
terminate called after throwing an instance of 'XMP_Error'
Aborted
Failed
```
This has not been observed in any other architectures yet.https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/22Update to XMP SDK 2021.102022-02-13T05:28:42ZHubert FiguiereUpdate to XMP SDK 2021.10Update to XMP SDK 2020.01
The current caveat is language used in the license headers which makes it impossible.
See upstream issue https://github.com/adobe/XMP-Toolkit-SDK/issues/16
v2021.08 fixes this.
v2021.10 has more updates.Update to XMP SDK 2020.01
The current caveat is language used in the license headers which makes it impossible.
See upstream issue https://github.com/adobe/XMP-Toolkit-SDK/issues/16
v2021.08 fixes this.
v2021.10 has more updates.2.6.0Hubert FiguiereHubert Figuierehttps://gitlab.freedesktop.org/libopenraw/exempi/-/issues/21Building and installing exempi on Windows2020-06-24T03:21:00ZHarshit DwivediBuilding and installing exempi on WindowsHi,
Would it be possible to add a basic documentation on how to build and install exempi in a Windows environment?Hi,
Would it be possible to add a basic documentation on how to build and install exempi in a Windows environment?https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/20GIF87a is no longer recognized in 2.5.0+2020-06-24T03:18:45ZElliott Sales de AndradeGIF87a is no longer recognized in 2.5.0+When `python-xmp-toolkit` is [automatically rebuilt](https://kojipkgs.fedoraproject.org/work/tasks/4603/41564603/build.log) against latest `exempi`, its tests fail. Unfortunately, the tests are not particularly verbose, but at least this...When `python-xmp-toolkit` is [automatically rebuilt](https://kojipkgs.fedoraproject.org/work/tasks/4603/41564603/build.log) against latest `exempi`, its tests fail. Unfortunately, the tests are not particularly verbose, but at least this result is clear:
```
FAIL: test_formats (test.test_exempi.TestExempi)
Verify that check_file_format function works as expected.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/builddir/build/BUILD/python-xmp-toolkit-2.0.1/test/test_exempi.py", line 440, in test_formats
self.assertEqual(actual_format, expected_format)
AssertionError: 538976288 != 1195984416
```
In this case, 1195984416 = 0x47494620 = `XMP_FT_GIF`, and 538976288 = 0x20202020 = `XMP_FT_UNKNOWN`. The [code](https://github.com/python-xmp-toolkit/python-xmp-toolkit/blob/master/test/test_exempi.py#L421-L441) is very simple, it just loops over a bunch of files of varying types and calls `xmp_files_check_file_format`. With 2.4.5 this worked, but with 2.5.0 or 2.5.1 it fails.2.5.2https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/19md5 code can be removed2022-02-13T16:15:11ZPavel Heimlichmd5 code can be removedHi,
on my Solaris 11 system, the OS provides the MD5 functions, so the code in third-party/zuid/interfaces is not necessary and I don't need to complicate the license information of the package. I would expect most Linux and BSD distribu...Hi,
on my Solaris 11 system, the OS provides the MD5 functions, so the code in third-party/zuid/interfaces is not necessary and I don't need to complicate the license information of the package. I would expect most Linux and BSD distributions to be in a similar situation.
Here's a crude patch I use, but I guess you'd need to make it work for systems without the md5 header (Windows?)
[md5.patch](/uploads/230010b0aa3e15898b65c47352e6bb2e/md5.patch)https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/18Write diagnostics to stderr instead of stdout for using exempi -g in a pipe2021-09-22T02:43:12ZWilliam BaderWrite diagnostics to stderr instead of stdout for using exempi -g in a pipe`exempi -g 'fwl:LocalCaption' test.jpg` writes *processing file test.jpg* to stdout which mixes with the value that `-g` returns. The *processing file ...* message should either be removed or should be written to stderr or maybe exempi c...`exempi -g 'fwl:LocalCaption' test.jpg` writes *processing file test.jpg* to stdout which mixes with the value that `-g` returns. The *processing file ...* message should either be removed or should be written to stderr or maybe exempi could have a `-q` *quiet* option to suppress all messages. I am using exempi 2.4.5 on Fedora 30 x86_64.2.5.2https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/172.5.1: test suite build fails (because of LTO)2024-01-24T08:33:32ZTomasz Kłoczko2.5.1: test suite build fails (because of LTO)<pre>make[3]: &apos;testparse&apos; is up to date.
/bin/sh ../../libtool --tag=CXX --mode=link g++ -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-swi...<pre>make[3]: 'testparse' is up to date.
/bin/sh ../../libtool --tag=CXX --mode=link g++ -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wformat -Wformat-security -Wlogical-not-parentheses -Wmisleading-indentation -Wmissing-noreturn -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -static -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -o testiterator test-iterator.o utils.o ../libexempi.la -lboost_unit_test_framework
libtool: link: g++ -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wformat -Wformat-security -Wlogical-not-parentheses -Wmisleading-indentation -Wmissing-noreturn -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -Wl,-z -Wl,relro -Wl,--as-needed -Wl,-z -Wl,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -o testiterator test-iterator.o utils.o ../.libs/libexempi.so -lexpat -lz -ldl -lrt -lboost_unit_test_framework -Wl,-rpath -Wl,/home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/.libs
make[3]: 'testinit' is up to date.
make[3]: 'testfdo18635' is up to date.
make[3]: 'testfdo83313' is up to date.
make[3]: 'testcpp' is up to date.
make[3]: 'testwebp' is up to date.
/bin/sh ../../libtool --tag=CXX --mode=link g++ -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wformat -Wformat-security -Wlogical-not-parentheses -Wmisleading-indentation -Wmissing-noreturn -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -static -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -o testadobesdk test-adobesdk.o ../libexempi.la -lboost_unit_test_framework
libtool: link: g++ -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fvisibility=hidden -Wchar-subscripts -Wcast-align -Wextra -Wformat -Wformat-security -Wlogical-not-parentheses -Wmisleading-indentation -Wmissing-noreturn -Woverloaded-virtual -Wpointer-arith -Wshadow -Wsign-compare -Wno-suggest-attribute=noreturn -Wunreachable-code -Wunused -Wwrite-strings -Wl,-z -Wl,relro -Wl,--as-needed -Wl,-z -Wl,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -o testadobesdk test-adobesdk.o ../.libs/libexempi.so -lexpat -lz -ldl -lrt -lboost_unit_test_framework -Wl,-rpath -Wl,/home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/.libs
/usr/bin/ld: test-adobesdk.o: in function `test_adobesdk::test_convertToInt64::test_method()':
/home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:68: undefined reference to `XMPUtils::ConvertToInt64(char const*)'
/usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:71: undefined reference to `XMPUtils::ConvertToInt64(char const*)'
/usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:74: undefined reference to `XMPUtils::ConvertToInt64(char const*)'
/usr/bin/ld: test-adobesdk.o: in function `test_adobesdk::test_composeArray::test_method()':
/home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:32: undefined reference to `XMPUtils::ComposeArrayItemPath(char const*, char const*, int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)'
/usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:34: undefined reference to `XMPUtils::ComposeArrayItemPath(char const*, char const*, int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)'
/usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:36: undefined reference to `XMPUtils::ComposeArrayItemPath(char const*, char const*, int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)'
/usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:39: undefined reference to `XMPUtils::ComposeArrayItemPath(char const*, char const*, int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)'
/usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:43: undefined reference to `XMPUtils::ComposeArrayItemPath(char const*, char const*, int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)'
/usr/bin/ld: test-adobesdk.o: in function `test_adobesdk::test_composeStructFieldPath::test_method()':
/home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:52: undefined reference to `XMPUtils::ComposeStructFieldPath(char const*, char const*, char const*, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)'
/usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:54: undefined reference to `XMPUtils::ComposeStructFieldPath(char const*, char const*, char const*, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)'
/usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:56: undefined reference to `XMPUtils::ComposeStructFieldPath(char const*, char const*, char const*, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)'
/usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:58: undefined reference to `XMPUtils::ComposeStructFieldPath(char const*, char const*, char const*, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)'
/usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:61: undefined reference to `XMPUtils::ComposeStructFieldPath(char const*, char const*, char const*, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)'
/usr/bin/ld: test-adobesdk.o: in function `Fixture::~Fixture()':
/home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:20: undefined reference to `XMPMeta::Terminate()'
/usr/bin/ld: test-adobesdk.o: in function `Fixture::Fixture()':
/home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests/test-adobesdk.cpp:17: undefined reference to `XMPMeta::Initialize()'
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:789: testadobesdk] Error 1
make[3]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests'
make[2]: *** [Makefile:1241: check-am] Error 2
make[2]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi/tests'
make[1]: *** [Makefile:754: check-recursive] Error 1
make[1]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/exempi-2.5.1/exempi'
</pre>https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/16Missing distribution tarball for 2.5.12019-08-08T15:45:35ZMarius BakkeMissing distribution tarball for 2.5.1Hello!
Will a "dist" tarball be uploaded to https://libopenraw.freedesktop.org/download/ , or are distributions supposed to fetch from git now?Hello!
Will a "dist" tarball be uploaded to https://libopenraw.freedesktop.org/download/ , or are distributions supposed to fetch from git now?https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/14A global-buffer-overflow bug was found in MP3_Handler.cpp2019-07-28T10:57:01Z1wcA global-buffer-overflow bug was found in MP3_Handler.cpp[poc2](/uploads/a96fa358895dfd15e5e458a4bdf5bae3/poc2)
## 0x00 Introduction
In exempi 2.5.0, I found a global-buffer-overflow bug in MP3_Handler.cpp, the ASAN report is as below.
```
liwc@ubuntu:~/exempi-master_asan/exempi$ ./exempi -...[poc2](/uploads/a96fa358895dfd15e5e458a4bdf5bae3/poc2)
## 0x00 Introduction
In exempi 2.5.0, I found a global-buffer-overflow bug in MP3_Handler.cpp, the ASAN report is as below.
```
liwc@ubuntu:~/exempi-master_asan/exempi$ ./exempi -x poc2
processing file poc2
dump_xmp for file poc2
=================================================================
==80231==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000006cdce0 at pc 0x0000004dbb24 bp 0x7ffc0ad43a50 sp 0x7ffc0ad43a40
READ of size 4 at 0x0000006cdce0 thread T0
#0 0x4dbb23 in GetUns32BE ../../../source/EndianUtils.hpp:152
#1 0x4de11f in MP3_MetaHandler::ProcessXMP() /home/liwc/exempi-master/XMPFiles/source/FileHandlers/MP3_Handler.cpp:320
#2 0x48aafd in XMPFiles::GetXMP(TXMPMeta<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >*, char const**, unsigned int*, XMP_PacketInfo*) /home/liwc/exempi-master/XMPFiles/source/XMPFiles.cpp:1471
#3 0x47fac8 in WXMPFiles_GetXMP_1 /home/liwc/exempi-master/XMPFiles/source/WXMPFiles.cpp:331
#4 0x41e353 in TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::GetXMP(TXMPMeta<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, XMP_PacketInfo*) (/home/liwc/exempi-master_asan/exempi/exempi+0x41e353)
#5 0x40c0f1 in xmp_files_get_new_xmp /home/liwc/exempi-master/exempi/exempi.cpp:346
#6 0x408d07 in get_xmp_from_file /home/liwc/exempi-master/exempi/main.cpp:244
#7 0x408ece in dump_xmp /home/liwc/exempi-master/exempi/main.cpp:257
#8 0x409b54 in process_file /home/liwc/exempi-master/exempi/main.cpp:348
#9 0x408728 in main /home/liwc/exempi-master/exempi/main.cpp:194
#10 0x7f2eeb8bc82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#11 0x407a58 in _start (/home/liwc/exempi-master_asan/exempi/exempi+0x407a58)
0x0000006cdce1 is located 0 bytes to the right of global variable '*.LC33' defined in 'MP3_Handler.cpp' (0x6cdce0) of size 1
'*.LC33' is ascii string ''
SUMMARY: AddressSanitizer: global-buffer-overflow ../../../source/EndianUtils.hpp:152 GetUns32BE
Shadow bytes around the buggy address:
0x0000800d1b40: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 03 f9 f9
0x0000800d1b50: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
0x0000800d1b60: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 00 03 f9 f9
0x0000800d1b70: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
0x0000800d1b80: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
=>0x0000800d1b90: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9[01]f9 f9 f9
0x0000800d1ba0: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
0x0000800d1bb0: f9 f9 f9 f9 00 00 02 f9 f9 f9 f9 f9 05 f9 f9 f9
0x0000800d1bc0: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9
0x0000800d1bd0: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
0x0000800d1be0: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 05 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==80231==ABORTING
```
## 0x01 Analysis
I think this issue was a fault caused by careless. From line 43 to line 67, a const static array was declared.
```c++
struct ReconProps {
const char* mainID; // The stored v2.3 and v2.4 ID, also used as the main logical ID.
const char* v22ID; // The stored v2.2 ID.
const char* ns;
const char* prop;
};
```
The element of reconProps whose mainID was "TDRC" had an incomplete v22ID.
```c++
const static ReconProps reconProps[] = {
{ "TPE1", "TP1", kXMP_NS_DM, "artist" },
{ "TALB", "TAL", kXMP_NS_DM, "album" },
{ "TRCK", "TRK", kXMP_NS_DM, "trackNumber" },
// exceptions that need attention:
{ "TCON", "TCO", kXMP_NS_DM, "genre" }, // genres might be numeric
{ "TIT2", "TT2", kXMP_NS_DC, "title" }, // ["x-default"] language alternatives
{ "COMM", "COM", kXMP_NS_DM, "logComment" }, // two distinct strings, language alternative
{ "TYER", "TYE", kXMP_NS_XMP, "CreateDate" }, // Year (YYYY) Deprecated in 2.4
{ "TDAT", "TDA", kXMP_NS_XMP, "CreateDate" }, // Date (DDMM) Deprecated in 2.4
{ "TIME", "TIM", kXMP_NS_XMP, "CreateDate" }, // Time (HHMM) Deprecated in 2.4
{ "TDRC", "", kXMP_NS_XMP, "CreateDate" }, // assembled date/time v2.4 <= miss v22id
// new reconciliations introduced in Version 5
{ "TCMP", "TCP", kXMP_NS_DM, "partOfCompilation" }, // presence/absence of TCMP frame dedides
{ "USLT", "ULT", kXMP_NS_DM, "lyrics" },
{ "TCOM", "TCM", kXMP_NS_DM, "composer" },
{ "TPOS", "TPA", kXMP_NS_DM, "discNumber" }, // * a text field! might contain "/<total>"
{ "TCOP", "TCR", kXMP_NS_DC, "rights" }, // ["x-default"] language alternatives
{ "TPE4", "TP4", kXMP_NS_DM, "engineer" },
{ "WCOP", "WCP", kXMP_NS_XMP_Rights, "WebStatement" },
{ 0, 0, 0, 0 } // must be last as a sentinel
};
```
The call of GetUns32BE at MP3_Handler.cpp:320 passes a "" when r is 9, and the storedID will be a unexpected value.
```c++
315 for ( int r = 0; reconProps[r].mainID != 0; ++r ) {
316
317 //get the frame ID to look for
318 XMP_Uns32 logicalID = GetUns32BE ( reconProps[r].mainID );
319 XMP_Uns32 storedID = logicalID;
320 if ( this->majorVersion == 2 ) storedID = GetUns32BE ( reconProps[r].v22ID );
```
## 0x02 Reproduce
```
OS:Ubuntu 16.04 x86_64
export CFLAGS="-fsanitize=address -ggdb"
export CXXFLAGS="-fsanitize=address -ggdb"
export LDFLAGS="-fsanitize=address -ggdb"
sudo apt install libboost-dev
sudo apt install libboost-test-dev
./autogen.sh
./configure --disable-shared
make
./exampi/exempi -x POC -o out
```
## 0x03 Discoverer
WenChao Li of VARAS@IIE2.5.1https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/13A heap-based buffer over-read was found in ID3_Support.cpp2019-07-28T15:56:37Z1wcA heap-based buffer over-read was found in ID3_Support.cpp[poc](/uploads/16b4622e57a8228ac6530eabfe39b280/poc)
## 0x00 Introduction
In exempi 2.5.0, I found a heap-based buffer over-read bug in function ID3_Support::ID3v2Frame::getFrameValue, the ASAN report is as below.
```
liwc@ubuntu:~/ex...[poc](/uploads/16b4622e57a8228ac6530eabfe39b280/poc)
## 0x00 Introduction
In exempi 2.5.0, I found a heap-based buffer over-read bug in function ID3_Support::ID3v2Frame::getFrameValue, the ASAN report is as below.
```
liwc@ubuntu:~/exempi-master_asan/exempi$ ./exempi -x poc
processing file poc
dump_xmp for file poc
=================================================================
==79549==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000eed1 at pc 0x0000004be2ae bp 0x7fffc062ec30 sp 0x7fffc062ec20
READ of size 4 at 0x60200000eed1 thread T0
#0 0x4be2ad in GetUns32BE ../../../source/EndianUtils.hpp:152
#1 0x4c2256 in ID3_Support::ID3v2Frame::getFrameValue(unsigned char, unsigned int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /home/liwc/exempi-master/XMPFiles/source/FormatSupport/ID3_Support.cpp:702
#2 0x4de2a0 in MP3_MetaHandler::ProcessXMP() /home/liwc/exempi-master/XMPFiles/source/FileHandlers/MP3_Handler.cpp:334
#3 0x48aafd in XMPFiles::GetXMP(TXMPMeta<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >*, char const**, unsigned int*, XMP_PacketInfo*) /home/liwc/exempi-master/XMPFiles/source/XMPFiles.cpp:1471
#4 0x47fac8 in WXMPFiles_GetXMP_1 /home/liwc/exempi-master/XMPFiles/source/WXMPFiles.cpp:331
#5 0x41e353 in TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::GetXMP(TXMPMeta<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, XMP_PacketInfo*) (/home/liwc/exempi-master_asan/exempi/exempi+0x41e353)
#6 0x40c0f1 in xmp_files_get_new_xmp /home/liwc/exempi-master/exempi/exempi.cpp:346
#7 0x408d07 in get_xmp_from_file /home/liwc/exempi-master/exempi/main.cpp:244
#8 0x408ece in dump_xmp /home/liwc/exempi-master/exempi/main.cpp:257
#9 0x409b54 in process_file /home/liwc/exempi-master/exempi/main.cpp:348
#10 0x408728 in main /home/liwc/exempi-master/exempi/main.cpp:194
#11 0x7f7b7b20482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#12 0x407a58 in _start (/home/liwc/exempi-master_asan/exempi/exempi+0x407a58)
0x60200000eed3 is located 0 bytes to the right of 3-byte region [0x60200000eed0,0x60200000eed3)
allocated by thread T0 here:
#0 0x7f7b7c53b712 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99712)
#1 0x4c10c6 in ID3_Support::ID3v2Frame::read(XMP_IO*, unsigned char) /home/liwc/exempi-master/XMPFiles/source/FormatSupport/ID3_Support.cpp:579
#2 0x4dd4ae in MP3_MetaHandler::CacheFileData() /home/liwc/exempi-master/XMPFiles/source/FileHandlers/MP3_Handler.cpp:220
#3 0x48874f in DoOpenFile /home/liwc/exempi-master/XMPFiles/source/XMPFiles.cpp:1076
#4 0x488f8a in XMPFiles::OpenFile(char const*, unsigned int, unsigned int) /home/liwc/exempi-master/XMPFiles/source/XMPFiles.cpp:1179
#5 0x47e415 in WXMPFiles_OpenFile_1 /home/liwc/exempi-master/XMPFiles/source/WXMPFiles.cpp:233
#6 0x41dab4 in TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::OpenFile(char const*, unsigned int, unsigned int) (/home/liwc/exempi-master_asan/exempi/exempi+0x41dab4)
#7 0x40bd79 in xmp_files_open_new /home/liwc/exempi-master/exempi/exempi.cpp:294
#8 0x408ccb in get_xmp_from_file /home/liwc/exempi-master/exempi/main.cpp:242
#9 0x408ece in dump_xmp /home/liwc/exempi-master/exempi/main.cpp:257
#10 0x409b54 in process_file /home/liwc/exempi-master/exempi/main.cpp:348
#11 0x408728 in main /home/liwc/exempi-master/exempi/main.cpp:194
#12 0x7f7b7b20482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../source/EndianUtils.hpp:152 GetUns32BE
Shadow bytes around the buggy address:
0x0c047fff9d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9db0: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 00
0x0c047fff9dc0: fa fa fd fd fa fa fd fa fa fa fd fa fa fa 00 00
=>0x0c047fff9dd0: fa fa 01 fa fa fa 04 fa fa fa[03]fa fa fa 03 fa
0x0c047fff9de0: fa fa 00 04 fa fa 05 fa fa fa 00 04 fa fa fd fd
0x0c047fff9df0: fa fa 00 05 fa fa fd fa fa fa 05 fa fa fa 00 00
0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==79549==ABORTING
```
## 0x01 Analysis
I debugged the poc with gdb so that I found the key of this issue.
```c++
bool ID3v2Frame::getFrameValue ( XMP_Uns8 /*majorVersion*/, XMP_Uns32 logicalID, std::string* utf8string )
{
XMP_Assert ( (this->content != 0) && (this->contentSize >= 0) && (this->contentSize < 20*1024*1024) );
if ( this->contentSize == 0 ) {
utf8string->erase();
return true; // ...it is "of interest", even if empty contents.
}
XMP_Int32 pos = 0;
XMP_Uns8 encByte = 0;
// WCOP does not have an encoding byte, for all others: use [0] as EncByte, advance pos
if ( logicalID != 0x57434F50 ) { // pos1
encByte = this->content[0];
pos++;
}
// mode specific forks, COMM or USLT
bool commMode = ( (logicalID == 0x434F4D4D) || (logicalID == 0x55534C54) );
switch ( encByte ) { // pos2
case 0: //ISO-8859-1, 0-terminated
{
if ( commMode && (! advancePastCOMMDescriptor ( pos )) ) return false; // not a frame of interest!
char* localPtr = &this->content[pos];
size_t localLen = this->contentSize - pos;
ReconcileUtils::Latin1ToUTF8 ( localPtr, localLen, utf8string );
break;
}
case 1: // Unicode, v2.4: UTF-16 (undetermined Endianess), with BOM, terminated 0x00 00
case 2: // UTF-16BE without BOM, terminated 0x00 00
{
...
}
case 3: // UTF-8 unicode, terminated \0
{
if ( commMode && (! advancePastCOMMDescriptor ( pos )) ) return false; // not a frame of interest!
if ( (GetUns32BE ( &this->content[pos]) & 0xFFFFFF00 ) == 0xEFBBBF00 ) { // pos3
pos += 3; // swallow any BOM, just in case
}
utf8string->assign ( &this->content[pos], (this->contentSize - pos) );
break;
}
default:
XMP_Throw ( "unknown text encoding", kXMPErr_BadFileFormat ); //COULDDO assume latin-1 or utf-8 as best-effort
break;
}
return true;
} // ID3v2Frame::getFrameValue
```
At pos1, the logicalID did not equal 0x57434f50,so the if branch was satisfied and pos would incremented. Now the encByte was 0x3, the case 3 of switch statement at pos2 was satisfied. We noticed the size of heap buffer this->content was only 3 bytes and it started from 0x60200000eed0.
```
→ 655 if ( logicalID != 0x57434F50 ) {
656 encByte = this->content[0];
657 pos++;
658 }
659
660 // mode specific forks, COMM or USLT
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "exempi", stopped, reason: SINGLE STEP
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
...
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤ p logicalID
$1 = 0x54504f53
gef➤ p this->content
$2 = 0x60200000eed0 "\003\062\061"
```
Then it called the inline function GetUns32BE in EndianUtils.hpp:150 at pos3, and GetUns32BE read 4 bytes from the given addr. At this call site the given addr was 0x60200000eed1, so a 2-bytes heap-based buffer over-read happened.
We can patch this issue by check the length of this->content firstly.
## 0x02 Reproduce
```
OS:Ubuntu 16.04 x86_64
export CFLAGS="-fsanitize=address -ggdb"
export CXXFLAGS="-fsanitize=address -ggdb"
export LDFLAGS="-fsanitize=address -ggdb"
sudo apt install libboost-dev
sudo apt install libboost-test-dev
./autogen.sh
./configure --disable-shared
make
./exampi/exempi -x POC -o out
```
## 0x03 Discoverer
WenChao Li of VARAS@IIE2.5.1https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/12A heap-based buffer over-read was found in WEBP_Support.cpp2019-07-28T10:56:26Z1wcA heap-based buffer over-read was found in WEBP_Support.cppHello,
I found a heap-based buffer over-read bug in function VP8XChunk::VP8XChunk at WEBP_Support.cpp:125 & 126. Actually, it looks like CVE-2018-7731(https://bugs.freedesktop.org/show_bug.cgi?id=105247) and it might be an issue caused b...Hello,
I found a heap-based buffer over-read bug in function VP8XChunk::VP8XChunk at WEBP_Support.cpp:125 & 126. Actually, it looks like CVE-2018-7731(https://bugs.freedesktop.org/show_bug.cgi?id=105247) and it might be an issue caused by the incomplete consideration of the former issue.
The ASAN report is as below:
```
processing file /home/liwc/crashes/case1
dump_xmp for file /home/liwc/crashes/case1
=================================================================
==58159==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000ef77 at pc 0x0000005ce0b3 bp 0x7ffc7d9b8580 sp 0x7ffc7d9b8570
READ of size 1 at 0x60200000ef77 thread T0
#0 0x5ce0b2 in WEBP::VP8XChunk::VP8XChunk(WEBP::Container*) /home/liwc/exempi-master/XMPFiles/source/FormatSupport/WEBP_Support.cpp:125
#1 0x5ce81c in WEBP::Container::Container(WEBP_MetaHandler*) /home/liwc/exempi-master/XMPFiles/source/FormatSupport/WEBP_Support.cpp:203
#2 0x5c9661 in WEBP_MetaHandler::CacheFileData() /home/liwc/exempi-master/XMPFiles/source/FileHandlers/WEBP_Handler.cpp:89
#3 0x48874f in DoOpenFile /home/liwc/exempi-master/XMPFiles/source/XMPFiles.cpp:1076
#4 0x488f8a in XMPFiles::OpenFile(char const*, unsigned int, unsigned int) /home/liwc/exempi-master/XMPFiles/source/XMPFiles.cpp:1179
#5 0x47e415 in WXMPFiles_OpenFile_1 /home/liwc/exempi-master/XMPFiles/source/WXMPFiles.cpp:233
#6 0x41dab4 in TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::OpenFile(char const*, unsigned int, unsigned int) (/home/liwc/exempi-master/exempi/exempi+0x41dab4)
#7 0x40bd79 in xmp_files_open_new /home/liwc/exempi-master/exempi/exempi.cpp:294
#8 0x408ccb in get_xmp_from_file /home/liwc/exempi-master/exempi/main.cpp:242
#9 0x408ece in dump_xmp /home/liwc/exempi-master/exempi/main.cpp:257
#10 0x409b54 in process_file /home/liwc/exempi-master/exempi/main.cpp:348
#11 0x408728 in main /home/liwc/exempi-master/exempi/main.cpp:194
#12 0x7fd3f681d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#13 0x407a58 in _start (/home/liwc/exempi-master/exempi/exempi+0x407a58)
0x60200000ef77 is located 1 bytes to the right of 6-byte region [0x60200000ef70,0x60200000ef76)
allocated by thread T0 here:
#0 0x7fd3f7b54592 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99592)
#1 0x4fedc6 in __gnu_cxx::new_allocator<unsigned char>::allocate(unsigned long, void const*) /usr/include/c++/5/ext/new_allocator.h:104
#2 0x4fe8f0 in std::allocator_traits<std::allocator<unsigned char> >::allocate(std::allocator<unsigned char>&, unsigned long) /usr/include/c++/5/bits/alloc_traits.h:491
#3 0x4fe50f in std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_M_allocate(unsigned long) /usr/include/c++/5/bits/stl_vector.h:170
#4 0x58ec6d in unsigned char* std::vector<unsigned char, std::allocator<unsigned char> >::_M_allocate_and_copy<std::move_iterator<unsigned char*> >(unsigned long, std::move_iterator<unsigned char*>, std::move_iterator<unsigned char*>) (/home/liwc/exempi-master/exempi/exempi+0x58ec6d)
#5 0x58e6c9 in std::vector<unsigned char, std::allocator<unsigned char> >::reserve(unsigned long) /usr/include/c++/5/bits/vector.tcc:75
#6 0x5cd019 in WEBP::Chunk::Chunk(WEBP::Container*, WEBP_MetaHandler*) /home/liwc/exempi-master/XMPFiles/source/FormatSupport/WEBP_Support.cpp:38
#7 0x5ce72c in WEBP::Container::Container(WEBP_MetaHandler*) /home/liwc/exempi-master/XMPFiles/source/FormatSupport/WEBP_Support.cpp:190
#8 0x5c9661 in WEBP_MetaHandler::CacheFileData() /home/liwc/exempi-master/XMPFiles/source/FileHandlers/WEBP_Handler.cpp:89
#9 0x48874f in DoOpenFile /home/liwc/exempi-master/XMPFiles/source/XMPFiles.cpp:1076
#10 0x488f8a in XMPFiles::OpenFile(char const*, unsigned int, unsigned int) /home/liwc/exempi-master/XMPFiles/source/XMPFiles.cpp:1179
#11 0x47e415 in WXMPFiles_OpenFile_1 /home/liwc/exempi-master/XMPFiles/source/WXMPFiles.cpp:233
#12 0x41dab4 in TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::OpenFile(char const*, unsigned int, unsigned int) (/home/liwc/exempi-master/exempi/exempi+0x41dab4)
#13 0x40bd79 in xmp_files_open_new /home/liwc/exempi-master/exempi/exempi.cpp:294
#14 0x408ccb in get_xmp_from_file /home/liwc/exempi-master/exempi/main.cpp:242
#15 0x408ece in dump_xmp /home/liwc/exempi-master/exempi/main.cpp:257
#16 0x409b54 in process_file /home/liwc/exempi-master/exempi/main.cpp:348
#17 0x408728 in main /home/liwc/exempi-master/exempi/main.cpp:194
#18 0x7fd3f681d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/liwc/exempi-master/XMPFiles/source/FormatSupport/WEBP_Support.cpp:125 WEBP::VP8XChunk::VP8XChunk(WEBP::Container*)
Shadow bytes around the buggy address:
0x0c047fff9d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9dd0: fa fa fa fa fa fa 00 02 fa fa 00 04 fa fa 00 06
=>0x0c047fff9de0: fa fa fd fd fa fa 06 fa fa fa 00 fa fa fa[06]fa
0x0c047fff9df0: fa fa fd fa fa fa fd fd fa fa fd fa fa fa 00 00
0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==58159==ABORTING
```
The size of VP8XChunk was assigned to 10, but in this case there was no valid VP8XChunk, and the buffer pointed by bitstream was malloced with only 6 bytes. In this way the heap-based buffer over-read happened. A crafted webp can trigger this issue, which allows a DoS attack.
```
114 VP8XChunk::VP8XChunk(Container* parent_)
115 : Chunk(parent_, kChunk_VP8X)
116 {
117 this->needsRewrite = true;
118 this->size = 10;
119 this->data.resize(this->size);
120 this->data.assign(this->size, 0);
121 XMP_Uns8* bitstream =
122 (XMP_Uns8*)parent->chunks[WEBP_CHUNK_IMAGE][0]->data.data();
123 // See bug https://bugs.freedesktop.org/show_bug.cgi?id=105247
124 // bitstream could be NULL.
125 XMP_Uns32 width = bitstream ? ((bitstream[7] << 8) | bitstream[6]) & 0x3fff : 0; <= buffer over-read
126 XMP_Uns32 height = bitstream ? ((bitstream[9] << 8) | bitstream[8]) & 0x3fff : 0; <= buffer over-read
127 this->width(width);
128 this->height(height);
129 parent_->vp8x = this;
}
```
You can reproduce it as below.
```
OS:Ubuntu 16.04 x86_64
export CFLAGS="-fsanitize=address -ggdb"
export CXXFLAGS="-fsanitize=address -ggdb"
export LDFLAGS="-fsanitize=address -ggdb"
sudo apt install libboost-dev
sudo apt install libboost-test-dev
./autogen.sh
./configure --disable-shared
make
./exampi/exempi -x POC -o out
```
WenChao Li of VARAS@IIE
[POC](/uploads/359b3d4bae8707939ffcf4b51292fca5/POC)2.5.1https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/11Missing XMP entry2024-01-18T00:57:25ZSteve BianMissing XMP entryI have a IIQ file which contains XMP metadata. When I use the `exempi` binary (version 2.4.5) to dump the XMP ( [P0030790.IIQ.exempi.xml](/uploads/779ad3f53ae8b506d348d64ca9a4080d/P0030790.IIQ.exempi.xml)) it is missing the entry `GPSDat...I have a IIQ file which contains XMP metadata. When I use the `exempi` binary (version 2.4.5) to dump the XMP ( [P0030790.IIQ.exempi.xml](/uploads/779ad3f53ae8b506d348d64ca9a4080d/P0030790.IIQ.exempi.xml)) it is missing the entry `GPSDateStamp`. However if I use the following python program to read the XML from tag 700 the entry exists.
```
#!/usr/bin/env python
from PIL import Image
with Image.open('P0030790.IIQ') as im:
xmp_xml = im.tag[700][0]
import xml.etree.ElementTree as ET
root = ET.fromstring(xmp_xml)
for element in root.iter():
print(element.tag, '=', element.text)
```
This program outputs:
```
{adobe:ns:meta/}xmpmeta = None
{http://www.w3.org/1999/02/22-rdf-syntax-ns#}RDF = None
{http://www.w3.org/1999/02/22-rdf-syntax-ns#}Description = None
{http://ns.adobe.com/exif/1.0/}GPSDateStamp = 2018-11-02
{http://ns.adobe.com/exif/1.0/}GPSTimeStamp = 15:21:39.0+00:00
{http://ns.adobe.com/exif/1.0/}GPSLatitude = 32,54.278778N
{http://ns.adobe.com/exif/1.0/}GPSLongitude = 96,33.506934W
{http://ns.adobe.com/exif/1.0/}GPSAltitudeRef = 0
{http://ns.adobe.com/exif/1.0/}GPSAltitude = 235662/1000
{http://ns.adobe.com/exif/1.0/}GPSSpeedRef = K
{http://ns.adobe.com/exif/1.0/}GPSSpeed = 3031/100
{http://ns.adobe.com/exif/1.0/}GPSTrackRef = T
{http://ns.adobe.com/exif/1.0/}GPSTrack = 9013/100
{http://www.w3.org/1999/02/22-rdf-syntax-ns#}Description = None
{http://www.phaseone.com/aerialgps/}GPSIMUPitch = -5999/10000
{http://www.phaseone.com/aerialgps/}GPSIMURoll = -6000/10000
{http://www.phaseone.com/aerialgps/}GPSIMUYaw = 186000/10000
{http://www.phaseone.com/aerialgps/}GPSIMUYawRef = T
```