Bug in Photos Destroys Library

[pico]

Advertisement (gone after registration)

Does anyone know if corruption really wipes out the library, or perhaps just a config file.

Originals are stored here On a Mac

/Users/pico/Pictures/Photos Library.photoslibrary/Masters

Edited May 17, 2015 by pico

[jonoslack]

Hi There Pico

neither - but when the CoreFoundation tries to process the image it crashes.

You can easily recover the library by deleting the DNG files concerned - of course, you have to find them if you're using them 'managed'

It's the same with Aperture and Photos

 

If you're interested here is the start of the error:

 

Process:               Photos [4005]

Path:                  /Applications/Photos.app/Contents/MacOS/Photos

Identifier:            com.apple.Photos

Version:               1.0.1 (215.27.0)

Build Info:            PhotoApp-215027000000000~1

Code Type:             X86-64 (Native)

Parent Process:        ??? [1]

Responsible:           Photos [4005]

User ID:               501

 

Date/Time:             2015-05-17 19:37:18.362 +0100

OS Version:            Mac OS X 10.10.4 (14E17e)

Report Version:        11

 

Time Awake Since Boot: 43000 seconds

Time Since Wake:       170 seconds

 

Crashed Thread:        5  Dispatch queue: PARenderContextSource

 

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)

Exception Codes:       0x0000000000000001, 0x0000000000000000

 

Application Specific Information:

Photo Foundation logging:

 

2015-05-17 19:37:13.947: Received changes notification alert: <LiModelChangeGroup: 0x608000a6b5c0>  alert flags : Replay Complete (__59-[RKFaceChangesHandler startListeningForChangesFromMarker:]_block_invoke_2:173)

 

 

Application Specific Backtrace 1:

0   CoreFoundation                      0x00007fff908cf03c __exceptionPreprocess + 172

1   libobjc.A.dylib                     0x00007fff9621b76e objc_exception_throw + 43

2   CoreFoundation                      0x00007fff908d20ad -[NSObject(NSObject) doesNotRecognizeSelector:] + 205

3   CoreFoundation                      0x00007fff90817e24 ___forwarding___ + 1028

4   CoreFoundation                      0x00007fff90817998 _CF_forwarding_prep_0 + 120

5   RawCamera                           0x00007fff91c1f60d RawCameraTP + 230117

6   RawCamera                           0x00007fff91c1e9e4 RawCameraTP + 227004

7   RawCamera                           0x00007fff91c1f32b RawCameraTP + 229379

8   Foundation                          0x00007fff9a7eac3b -[NSObject(NSKeyValueCoding) valueForKey:] + 385

9   Geode                               0x000000010f33f117 -[DGRawDecodeOperation processImage:masterSize:exposureOperation:whiteBalanceOperation:adjustmentsIntensityOperation:cgImageProperties:renderPipelineVersion:] + 6307

10  PAImagingCore                       0x000000010f962aca -[PARenderPipelineV1 processedImage:scale:renderDescription:options:state:] + 2959

11  PAImaging                           0x000000010f5e6b9f -[PAImageRenderDescriptionFilterBase processedImageForRenderDescription:sourceImage:scale:renderOptions:renderState:] + 148

12  PAImaging                           0x000000010f5bd333 -[PARenderContextSource _processedImage:] + 466

13  PAImaging                           0x000000010f5bcdad -[PARenderContextSource _imageToRender] + 198

14  PAImaging                           0x000000010f5bccb9 __38-[PARenderContextSource imageToRender]_block_invoke + 26

15  libdispatch.dylib                   0x00007fff977bac13 _dispatch_client_callout + 8

16  libdispatch.dylib                   0x00007fff977bbe5e _dispatch_barrier_sync_f_invoke + 57

17  PAImaging                           0x000000010f5bcc49 -[PARenderContextSource imageToRender] + 161

18  PAImaging                           0x000000010f5bca8e -[PARenderJob _renderRegion:] + 70

19  PAImaging                           0x000000010f5bc87f -[PARenderJob run:] + 362

20  PAImaging                           0x000000010f5bc68d -[PAJob _run:] + 186

21  PAImaging                           0x000000010f5b399f -[PAJob start:] + 104

22  PAImaging                           0x000000010f5b3784 -[PAJobQueue _runJob:] + 96

23  PAImaging                           0x000000010f5b32b3 -[PAJobQueue _runNextJobFromQueue:] + 124

24  PAImaging                           0x000000010f5b31de -[_PAJobPriorityQueue _runOnce:] + 36

25  PAImaging                           0x000000010f5b31ab -[_PAJobPriorityQueue _run:] + 38

26  libdispatch.dylib                   0x00007fff977bf323 _dispatch_call_block_and_release + 12

27  libdispatch.dylib                   0x00007fff977bac13 _dispatch_client_callout + 8

28  libdispatch.dylib                   0x00007fff977be365 _dispatch_queue_drain + 1100

29  libdispatch.dylib                   0x00007fff977bfecc _dispatch_queue_invoke + 202

30  libdispatch.dylib                   0x00007fff977bd6b7 _dispatch_root_queue_drain + 463

31  libdispatch.dylib                   0x00007fff977cbfe4 _dispatch_worker_thread3 + 91

32  libsystem_pthread.dylib             0x00007fff96861637 _pthread_wqthread + 729

33  libsystem_pthread.dylib             0x00007fff9685f40d start_wqthread + 13

 

Thread 0:: Dispatch queue: com.apple.main-thread

0   libsystem_kernel.dylib         0x00007fff9048b4de mach_msg_trap + 10

1   libsystem_kernel.dylib         0x00007fff9048a64f mach_msg + 55

2   com.apple.CoreFoundation       0x00007fff907ddeb4 __CFRunLoopServiceMachPort + 212

3   com.apple.CoreFoundation       0x00007fff907dd37b __CFRunLoopRun + 1371

4   com.apple.CoreFoundation       0x00007fff907dcbd8 CFRunLoopRunSpecific + 296

5   com.apple.HIToolbox           0x00007fff9a4de56f RunCurrentEventLoopInMode + 235

6   com.apple.HIToolbox           0x00007fff9a4de2ea ReceiveNextEventCommon + 431

7   com.apple.HIToolbox           0x00007fff9a4de12b _BlockUntilNextEventMatchingListInModeWithFilter + 71

8   com.apple.AppKit               0x00007fff8dcf29cb _DPSNextEvent + 978

9   com.apple.AppKit               0x00007fff8dcf1f78 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 346

10  com.apple.AppKit               0x00007fff8dce7c03 -[NSApplication run] + 594

11  com.apple.AppKit               0x00007fff8dc64354 NSApplicationMain + 1832

12  libdyld.dylib                 0x00007fff96f965c9 start + 1

Edited May 17, 2015 by jonoslack

[Advertisement]

The Leica Q3 is available for pre-order at B&H Photo Video and Adorama

[Lenshacker]

This is worrisome. That usually means that the computer started executing instructions that were not instructions, ie Data that could be in the file. You got lucky and a data value did not pass as a real processor instruction and the system catches it. Somehow the processor starts executing data, like a bad return instruction or jump. Someone could exploit this to put real instructions into the section of the image that gets erroneously executed and cause bad things to happen to the computer. This is how the computer can get Shanghai'd. As this is a core process, it might be running at elevated privilege level. I do not use Apples, but this is how the CPU works.

VVVVVVVVVVVVV

 

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)

Exception Codes:       0x0000000000000001, 0x0000000000000000

 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Edited May 17, 2015 by Lenshacker

[jonoslack]

Hi There Lenshacker

Thanks for that - I've been talking to someone about this, and the upshot is that:

 

You're quite right, it's trying to execute something which a hacker could theoretically 'insert'. However the core raw processing framework does NOT run at an elevated privilege and it doesn't do anything the user shouldn't have access to.

 

As far as I can tell it's being dealt with at quite a high level, so we can hope for a pretty quick solution.

[sandymc]

You're quite right, it's trying to execute something which a hacker could theoretically 'insert'. However the core raw processing framework does NOT run at an elevated privilege and it doesn't do anything the user shouldn't have access to.

 

It's really not that bad. In the trace you will find "[NSObject(NSObject) doesNotRecognizeSelector:]". In Apple's Cocoa framework, selectors are the "target" for messages. Messages can be things like "please process this image". In this case, Cocoa is correctly realizing that it doesn't know how to do what it was asked to, and is deliberately throwing an exception. It's highly unlikely that this is a security issue, although it is a big, bad bug.

 

Sandy

[jonoslack]

Thank you Sandy

I'm sadly remiss in this area - it's very good to have your input confirming what I understood.