Gwenview crashes in Exiv2::Internal::Nikon3MakerNote::printFlashMasterDataFl7 when opening .nef image

[nicolasfella]

Describe the bug

See https://bugs.kde.org/show_bug.cgi?id=470880

#0  0x00007ffff653c87b in std::__cxx11::list<Exiv2::Exifdatum, std::allocator<Exiv2::Exifdatum> >::begin (this=0x0) at /usr/include/c++/13/bits/stl_list.h:1033
#1  0x00007ffff666be18 in Exiv2::ExifData::findKey (this=0x0, key=...) at /home/nico/workspace/exiv2/src/exif.cpp:457
#2  0x00007ffff6567d73 in Exiv2::Internal::Nikon3MakerNote::printFlashMasterDataFl7 (os=..., value=..., metadata=0x0) at /home/nico/workspace/exiv2/src/nikonmn_int.cpp:3423
#3  0x00007ffff6669d3d in Exiv2::Exifdatum::write (this=0x7fff9809d8c0, os=..., pMetadata=0x0) at /home/nico/workspace/exiv2/src/exif.cpp:187
#4  0x00007ffff7d10e91 in Exiv2::operator<< (os=..., md=...) at /home/nico/kde/usr/include/exiv2/metadatum.hpp:277
#5  0x00007ffff7d12ab2 in Gwenview::ImageMetaInfoModelPrivate::fillExivGroup<Exiv2::ExifData, std::_List_const_iterator<Exiv2::Exifdatum> > (this=0xcba4d0, parent=..., group=0xcba4b0, container=...)
    at /home/nico/kde/src/gwenview/lib/imagemetainfomodel.cpp:282
#6  0x00007ffff7d10136 in Gwenview::ImageMetaInfoModel::setExiv2Image (this=0x7fffdc0022d0, image=0x7fff98001960) at /home/nico/kde/src/gwenview/lib/imagemetainfomodel.cpp:441
#7  0x00007ffff7cbfc49 in Gwenview::Document::setExiv2Image (this=0xcba9e0, image=std::unique_ptr<Exiv2::Image> = {...}) at /home/nico/kde/src/gwenview/lib/document/document.cpp:388
#8  0x00007ffff7cbce1d in Gwenview::AbstractDocumentImpl::setDocumentExiv2Image (this=0xcbaa90, image=std::unique_ptr<Exiv2::Image> = {...})
    at /home/nico/kde/src/gwenview/lib/document/abstractdocumentimpl.cpp:81
#9  0x00007ffff7cc9665 in Gwenview::LoadingDocumentImpl::slotMetaInfoLoaded (this=0xcbaa90) at /home/nico/kde/src/gwenview/lib/document/loadingdocumentimpl.cpp:497
#10 0x00007ffff7cce7ce in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (Gwenview::LoadingDocumentImpl::*)()>::call(void (Gwenview::LoadingDocumentImpl::*)(), Gwenview::LoadingDocumentImpl*, void**) (f=(void (Gwenview::LoadingDocumentImpl::*)(Gwenview::LoadingDocumentImpl * const)) 0x7ffff7cc94f2 <Gwenview::LoadingDocumentImpl::slotMetaInfoLoaded()>, o=0xcbaa90, arg=0x7fffffffcc50)
    at /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
#11 0x00007ffff7cce050 in QtPrivate::FunctionPointer<void (Gwenview::LoadingDocumentImpl::*)()>::call<QtPrivate::List<>, void>(void (Gwenview::LoadingDocumentImpl::*)(), Gwenview::LoadingDocumentImpl*, void**)
    (f=(void (Gwenview::LoadingDocumentImpl::*)(Gwenview::LoadingDocumentImpl * const)) 0x7ffff7cc94f2 <Gwenview::LoadingDocumentImpl::slotMetaInfoLoaded()>, o=0xcbaa90, arg=0x7fffffffcc50)
    at /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
#12 0x00007ffff7ccd955 in QtPrivate::QSlotObject<void (Gwenview::LoadingDocumentImpl::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0xcbe880, 
    r=0xcbaa90, a=0x7fffffffcc50, ret=0x0) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
#13 0x00007ffff44e8651 in QtPrivate::QSlotObjectBase::call (a=0x7fffffffcc50, r=<optimized out>, this=0xcbe880) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#14 doActivate<false> (sender=0xcb55c8, signal_index=4, argv=0x7fffffffcc50) at kernel/qobject.cpp:3923
#15 0x00007ffff44e34d7 in QMetaObject::activate (sender=<optimized out>, m=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3983
#16 0x00007ffff42ff5d5 in QFutureWatcherBase::event (this=<optimized out>, event=0x7fff980a5460) at thread/qfuturewatcher.cpp:334
#17 0x00007ffff53aeb75 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0xcb55c8, e=0x7fff980a5460) at kernel/qapplication.cpp:3640
#18 0x00007ffff44b3d48 in QCoreApplication::notifyInternal2 (receiver=0xcb55c8, event=0x7fff980a5460) at kernel/qcoreapplication.cpp:1064
#19 0x00007ffff44b3f62 in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#20 0x00007ffff44b71f5 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x4fd480) at kernel/qcoreapplication.cpp:1821
#21 0x00007ffff44b74ad in QCoreApplication::sendPostedEvents (receiver=<optimized out>, event_type=<optimized out>) at kernel/qcoreapplication.cpp:1680
#22 0x00007ffff4506e2f in postEventSourceDispatch (s=0x5664a0) at kernel/qeventdispatcher_glib.cpp:277
#23 0x00007ffff318b39c in g_main_dispatch (context=0x7fffdc000ee0) at ../glib/gmain.c:3460
#24 g_main_context_dispatch (context=0x7fffdc000ee0) at ../glib/gmain.c:4200
#25 0x00007ffff31e9438 in g_main_context_iterate.isra.0 (context=0x7fffdc000ee0, block=1, dispatch=1, self=<optimized out>) at ../glib/gmain.c:4276
#26 0x00007ffff3188a23 in g_main_context_iteration (context=0x7fffdc000ee0, may_block=1) at ../glib/gmain.c:4343
#27 0x00007ffff4506919 in QEventDispatcherGlib::processEvents (this=0x5669e0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#28 0x00007ffff44b270b in QEventLoop::exec (this=this@entry=0x7fffffffd0c0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#29 0x00007ffff44ba99b in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#30 0x000000000047a3b1 in main (argc=2, argv=0x7fffffffd3d8) at /home/nico/kde/src/gwenview/app/main.cpp:213

To Reproduce

Open this image in Gwenview: https://mega.nz/file/j3RGELSa#wMs5nJ-HlrMZrjytiC9NkESXF6TRIIVzPDlZsa-uI3E

A short description of what you expected to happen.

Desktop (please complete the following information):

• OS and version: Fedora 38
• Exiv2 version and source: 0.28.0, master
• Compiler and version: GCC 13.1.1
• Compilation mode and/or compiler flags: Debug

Additional context

0.27.7 works fine

[postscript-dev]

This issue could be a duplicate of #2638.

[nicolasfella]

There is a slightly different variant in https://bugs.kde.org/show_bug.cgi?id=470821

#0  0x00007ffff653cd97 in std::__cxx11::list<Exiv2::Exifdatum, std::allocator<Exiv2::Exifdatum> >::begin (this=0x0) at /usr/include/c++/13/bits/stl_list.h:1033
#1  0x00007ffff666bfe8 in Exiv2::ExifData::findKey (this=0x0, key=...) at /home/nico/workspace/exiv2/src/exif.cpp:457
#2  0x00007ffff657d5af in Exiv2::Internal::getModel (metadata=0x0, val="") at /home/nico/workspace/exiv2/src/sonymn_int.cpp:641
#3  0x00007ffff657efba in Exiv2::Internal::SonyMakerNote::printFocusMode2 (os=..., value=..., metadata=0x0) at /home/nico/workspace/exiv2/src/sonymn_int.cpp:838
#4  0x00007ffff6669f0d in Exiv2::Exifdatum::write (this=0x7fff9c0b4c20, os=..., pMetadata=0x0) at /home/nico/workspace/exiv2/src/exif.cpp:187
#5  0x00007ffff7d10e91 in Exiv2::operator<< (os=..., md=...) at /home/nico/kde/usr/include/exiv2/metadatum.hpp:277
#6  0x00007ffff7d12ab2 in Gwenview::ImageMetaInfoModelPrivate::fillExivGroup<Exiv2::ExifData, std::_List_const_iterator<Exiv2::Exifdatum> > (this=0xcbbeb0, parent=..., group=0xcafc10, container=...)
    at /home/nico/kde/src/gwenview/lib/imagemetainfomodel.cpp:282
#7  0x00007ffff7d10136 in Gwenview::ImageMetaInfoModel::setExiv2Image (this=0x7fffdc0022d0, image=0x7fff9c001960) at /home/nico/kde/src/gwenview/lib/imagemetainfomodel.cpp:441
#8  0x00007ffff7cbfc49 in Gwenview::Document::setExiv2Image (this=0xcbc3c0, image=std::unique_ptr<Exiv2::Image> = {...}) at /home/nico/kde/src/gwenview/lib/document/document.cpp:388
#9  0x00007ffff7cbce1d in Gwenview::AbstractDocumentImpl::setDocumentExiv2Image (this=0xcc0ac0, image=std::unique_ptr<Exiv2::Image> = {...}) at /home/nico/kde/src/gwenview/lib/document/abstractdocumentimpl.cpp:81
#10 0x00007ffff7cc9665 in Gwenview::LoadingDocumentImpl::slotMetaInfoLoaded (this=0xcc0ac0) at /home/nico/kde/src/gwenview/lib/document/loadingdocumentimpl.cpp:497
#11 0x00007ffff7cce7ce in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (Gwenview::LoadingDocumentImpl::*)()>::call(void (Gwenview::LoadingDocumentImpl::*)(), Gwenview::LoadingDocumentImpl*, void**) (
    f=(void (Gwenview::LoadingDocumentImpl::*)(Gwenview::LoadingDocumentImpl * const)) 0x7ffff7cc94f2 <Gwenview::LoadingDocumentImpl::slotMetaInfoLoaded()>, o=0xcc0ac0, arg=0x7fffffffcd50)
    at /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
#12 0x00007ffff7cce050 in QtPrivate::FunctionPointer<void (Gwenview::LoadingDocumentImpl::*)()>::call<QtPrivate::List<>, void>(void (Gwenview::LoadingDocumentImpl::*)(), Gwenview::LoadingDocumentImpl*, void**) (
    f=(void (Gwenview::LoadingDocumentImpl::*)(Gwenview::LoadingDocumentImpl * const)) 0x7ffff7cc94f2 <Gwenview::LoadingDocumentImpl::slotMetaInfoLoaded()>, o=0xcc0ac0, arg=0x7fffffffcd50)
    at /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
#13 0x00007ffff7ccd955 in QtPrivate::QSlotObject<void (Gwenview::LoadingDocumentImpl::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0xcc0240, r=0xcc0ac0, 
    a=0x7fffffffcd50, ret=0x0) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
#14 0x00007ffff44e8651 in QtPrivate::QSlotObjectBase::call (a=0x7fffffffcd50, r=<optimized out>, this=0xcc0240) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#15 doActivate<false> (sender=0xcb7388, signal_index=4, argv=0x7fffffffcd50) at kernel/qobject.cpp:3923
#16 0x00007ffff44e34d7 in QMetaObject::activate (sender=<optimized out>, m=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3983
#17 0x00007ffff42ff5d5 in QFutureWatcherBase::event (this=<optimized out>, event=0x7fff9c14ffd0) at thread/qfuturewatcher.cpp:334
#18 0x00007ffff53aeb75 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0xcb7388, e=0x7fff9c14ffd0) at kernel/qapplication.cpp:3640
#19 0x00007ffff44b3d48 in QCoreApplication::notifyInternal2 (receiver=0xcb7388, event=0x7fff9c14ffd0) at kernel/qcoreapplication.cpp:1064
#20 0x00007ffff44b3f62 in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#21 0x00007ffff44b71f5 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x4fd480) at kernel/qcoreapplication.cpp:1821
#22 0x00007ffff44b74ad in QCoreApplication::sendPostedEvents (receiver=<optimized out>, event_type=<optimized out>) at kernel/qcoreapplication.cpp:1680
#23 0x00007ffff4506e2f in postEventSourceDispatch (s=0x5664e0) at kernel/qeventdispatcher_glib.cpp:277
#24 0x00007ffff318b39c in g_main_dispatch (context=0x7fffdc000ee0) at ../glib/gmain.c:3460
#25 g_main_context_dispatch (context=0x7fffdc000ee0) at ../glib/gmain.c:4200
#26 0x00007ffff31e9438 in g_main_context_iterate.isra.0 (context=0x7fffdc000ee0, block=1, dispatch=1, self=<optimized out>) at ../glib/gmain.c:4276
#27 0x00007ffff3188a23 in g_main_context_iteration (context=0x7fffdc000ee0, may_block=1) at ../glib/gmain.c:4343
#28 0x00007ffff4506919 in QEventDispatcherGlib::processEvents (this=0x566a20, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#29 0x00007ffff44b270b in QEventLoop::exec (this=this@entry=0x7fffffffd1c0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#30 0x00007ffff44ba99b in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#31 0x000000000047a3b1 in main (argc=2, argv=0x7fffffffd4d8) at /home/nico/kde/src/gwenview/app/main.cpp:213

[Piezoid]

This issue could be a duplicate of #2638.

There is a slightly different variant in bugs.kde.org/show_bug.cgi?id=470821

I believe that they are all related to the same bug but on different metadata fields.. So far, the effected callees of Exiv2::Exifdatum::write are: Exiv2::Internal::...

• Nikon3MakerNote::printFlashMasterDataFl6,
• Nikon3MakerNote::printFlashMasterDataFl7,
• SonyMakerNote::printFocusMode2,
• SonyMakerNote::printSonyMisc3cShotNumberSincePowerUp.

I'm not sure whether these methods are meant to handle null metadata pointers or if nullptrs should be handled upstream.

[kevinbackhouse]

@nicolasfella Please could you give me instructions on how to build gwenview so that I can debug this? I have a Ubuntu 22.04 VM with the KDE desktop installed. I have installed approximately a million packages that seem to be needed as dependencies and I am trying to build like this:

git clone https://invent.kde.org/graphics/gwenview.git
cd gwenview/
git checkout v23.04.2
mkdir build
cd build/
cmake ..
make

I'm getting this build error:

[ 13%] Building CXX object lib/CMakeFiles/gwenviewlib.dir/documentview/documentview.cpp.o                                                                                                                                                                               
/home/kev/temp/gwenview/lib/documentview/documentview.cpp: In member function ‘void Gwenview::DocumentViewPrivate::startDragIfSensible()’:                                                                                                                              
/home/kev/temp/gwenview/lib/documentview/documentview.cpp:401:23: error: ‘exportUrlsToPortal’ is not a member of ‘KUrlMimeData’                                                                                                                                         
  401 |         KUrlMimeData::exportUrlsToPortal(mimeData);                                                                                                                                                                                                             
      |                       ^~~~~~~~~~~~~~~~~~                                                                                                                                                                                                                        
make[2]: *** [lib/CMakeFiles/gwenviewlib.dir/build.make:550: lib/CMakeFiles/gwenviewlib.dir/documentview/documentview.cpp.o] Error 1                                                                                                                                    
make[1]: *** [CMakeFiles/Makefile2:1630: lib/CMakeFiles/gwenviewlib.dir/all] Error 2                                                                                                                                                                                    
make: *** [Makefile:146: all] Error 2                            

Is this build error a known problem and do you know how to solve it?

[kevinbackhouse]

I think this should fix it in gwenview: https://invent.kde.org/graphics/gwenview/-/merge_requests/207
We'll fix this in Exiv2 too but it might take us a few weeks to find all the places where this nullptr exception can happen.