[Interest] QBuffer::seek warnings in QtConcurrent

Constantin Makshin cmakshin at gmail.com
Wed Jan 28 06:44:20 CET 2015


Nice finding, Guiseppe. :)

You're right that this may be unrelated to Igor's problem, but lines
811–813 look like a nice bait for JPEG images with malformed EXIF
header[s] — values less than 8 will wrap around zero, leading to an
attempt to skip unknown amount of data (QDataStream::skipRawData() takes
an "int", but after subtraction 'offset' would be something not
representable as a 32-bit signed integer and behavior of such
conversions is not defined by the standard).

On 01/28/2015 12:18 AM, Giuseppe D'Angelo wrote:
> Il 27/01/2015 20:27, Igor Mironchik ha scritto:
>> I've looked at qjpeghandler.cpp and it is strangely that practically all
>> of my photos produced by my Android camera is corrupted. Do you know any
>> software that can give me information about exif in jpeg that I can be
>> sure that jpeg is corrupted? Thank you.
> 
> Possibly exiftool or some any other image manipulation program.
> 
> But also I wonder about the code around your backtrace:
> 
>> 0    qt_message_fatal    qlogging.cpp    1407    0x57ed3f21   
>> 1    QMessageLogger::warning    qlogging.cpp    396    0x57ed28bb   
>> 2    QBuffer::seek    qbuffer.cpp    374    0x5807b386   
>> 3    QDataStream::skipRawData    qdatastream.cpp    1169    0x5807dfbc   
>> 4    getExifOrientation    qjpeghandler.cpp    820    0x5ab66204   
> 
> =>
> 
>>     795     quint32 offset;
>>     ...
>>     811     stream >> offset;
>>     812     // we have already used 8 bytes of TIFF header
>>     813     offset -= 8;
>>     814
>>     815     // read IFD
>>     816     while (!stream.atEnd()) {
>>     817         quint16 numEntries;
>>     818
>>     819         // skip offset bytes to get the next IFD
>>     820         if (stream.skipRawData(offset) != (qint32)offset)
>>     821             return -1;
> 
> Note in particular that "stream" reads an unsigned 32 bit int into
> offset, but then skipRawData silently converts to signed... (but it may
> be totally unrelated with the problem here, which perhaps results from
> bad EXIF parsing on Qt side)
> 
> HTH,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20150128/85bab178/attachment.sig>


More information about the Interest mailing list