Skip to content

Calls to XmpFile::close can abort process if C++ XMP Toolkit throws an exception #233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
scouten-adobe opened this issue Jul 26, 2024 · 2 comments
Closed

Calls to XmpFile::close can abort process if C++ XMP Toolkit throws an exception #233

scouten-adobe opened this issue Jul 26, 2024 · 2 comments
Assignees
@scouten-adobe

Comments

@scouten-adobe
Copy link
Member

When calling XmpFile::close, any situation which would cause the underlying C++ code to raise an exception resulted in a process abort because there was no code to translate the C++ exception to a Rust error result.

This is best demonstrated in #230, where a race condition caused the close call to fail due to file I/O errors.

This was fixed in #232 (crate version 1.9.0), which now safely handles the exception.

For backward compatibility, the existing API ignores the error. A new api XmpFile::try_close was added to allow callers to receive and process the error result.

Users of all prior versions of xmp_toolkit are encouraged to update to version 1.9.0 to avoid possible process aborts.
@scouten-adobe scouten-adobe self-assigned this Jul 26, 2024
@scouten-adobe
Copy link
Member Author

Fixed in 1.9.0. Using this issue to document the issue for RUSTSEC database.

@scouten-adobe
Copy link
Member Author

Filed as https://rustsec.org/advisories/RUSTSEC-2024-0360.html.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@scouten-adobe scouten-adobe

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@scouten-adobe