`--capture-image-and-download` causes a segfault

[JanKalin]

Describe the bug

When using option --capture-image-and-download the program segfaults when attempting to delete the file on camera. Afterwards the camera must be turned of and on again to start working with gphoto again.

Name the camera

Model                          Port
----------------------------------------------------------
Canon PowerShot S45 (normal mode) usb:001,005

libgphoto2 and gphoto2 version Running on Raspbian Raspberry Pi 4

pi@octopi:~/scripts $ gphoto2 --version
gphoto2 2.5.20

Copyright (c) 2000-2018 Lutz Mueller and others

gphoto2 comes with NO WARRANTY, to the extent permitted by law. You may
redistribute copies of gphoto2 under the terms of the GNU General Public
License. For more information about these matters, see the files named COPYING.

This version of gphoto2 is using the following software versions and options:
gphoto2         2.5.20         gcc, popt(m), exif, cdk, aa, jpeg, readline
libgphoto2      2.5.22         all camlibs, gcc, ltdl, EXIF
libgphoto2_port 0.12.0         iolibs: disk ptpip serial usb1 usbdiskdirect usbscsi, gcc, ltdl, USB, serial without locking

To Reproduce

pi@vpnpi:~ $ sudo gphoto2 --capture-image-and-download --debug --debug-logfile before_segfault.txt
Detected a 'Canon:PowerShot S45 (normal mode)'.
New file is in location /DCIM/203CANON/IMG_0344.JPG on the camera
Saving file as IMG_0344.JPG
Deleting file /DCIM/203CANON/IMG_0344.JPG on the camera
Segmentation fault
pi@vpnpi:~ $ sudo gphoto2 --capture-image-and-download --debug --debug-logfile after_segfault.txt
Detected a 'Canon:PowerShot S45 (normal mode)'.

*** Error ***
Error capturing image
ERROR: Could not capture image.
ERROR: Could not capture.

The two log files are attached. before_segfault.txt after_segfault.txt

Apparently the problem occurs only when the photo is not the last one:

pi@vpnpi:~ $ sudo gphoto2 -L
Detected a 'Canon:PowerShot S45 (normal mode)'.
There is no file in folder '/'.
There is no file in folder '/DCIM'.
There is no file in folder '/DCIM/203CANON'.
There is no file in folder '/DCIM/CANONMSC'.
pi@vpnpi:~ $ sudo gphoto2 --capture-image-and-download
Detected a 'Canon:PowerShot S45 (normal mode)'.
New file is in location /DCIM/203CANON/IMG_0349.JPG on the camera
Saving file as IMG_0349.JPG
Deleting file /DCIM/203CANON/IMG_0349.JPG on the camera
pi@vpnpi:~ $ sudo gphoto2 --capture-image-and-download
Detected a 'Canon:PowerShot S45 (normal mode)'.
New file is in location /DCIM/203CANON/IMG_0350.JPG on the camera
Saving file as IMG_0350.JPG
Deleting file /DCIM/203CANON/IMG_0350.JPG on the camera
pi@vpnpi:~ $ sudo gphoto2 --capture-image
Detected a 'Canon:PowerShot S45 (normal mode)'.
New file is in location /DCIM/203CANON/IMG_0351.JPG on the camera
pi@vpnpi:~ $ sudo gphoto2 --capture-image-and-download
Detected a 'Canon:PowerShot S45 (normal mode)'.
New file is in location /DCIM/203CANON/IMG_0352.JPG on the camera
Saving file as IMG_0352.JPG
Deleting file /DCIM/203CANON/IMG_0352.JPG on the camera
Segmentation fault

[msmeissn]

there is memory corruption in the log, so there is some bug. I will try to reproduce with one of my cameras here

[ManjunathaN]

We have been noticing this issue randomly with C++ libraries, that are built on gphoto2 2.5.26.1, on Canon EOS 800D cameras. @msmeissn Is this fixed in the newer version. If not, please let us know the workarounds.

[msmeissn]

The S45 is using the very old canon driver.

Canon EOS 800D uses the ptp2 driver, there i have so far no reports of crashes. can you get gdb backtraces or valgrind output?

Sorry i dropped the ball on the research on the S45 above, need to pick it up.

[ManjunathaN]

Unfortunately, I don't have this reports or the core-dump. I'll try to fetch it. Is there any way I can get this after a segfault has occurred.

[msmeissn]

the (old canon) directory compare functiuon was not using bounds checks, but relied on some condition which we could not guarantee

I added size checks now, please check if it helps.

[JanKalin]

A year and a bit later (having not had the need for gphoto2 before)

Yes, gphoto2 v2.5.28.1 with libgphoto2 v2.5.30.1 work well, without segfaults, I cannot reproduce the error any more.