exiftool 13.35: memory/cpu leak when parsing XML / "XMP directory" #351
Description
exiftool 13.35 leaks more than 40gb of memory while hogging 100% CPU on one core.
The offending file was recovered with photorec from a hard disk. So it starts with a valid but partial XML file, then a lot of zerobytes after the XML, then other random content.
This is the log of running exiftool -v5 on the file.
exiftool -v5 /foobar/foo.xml
ExifToolVersion = 13.35
FileName = foo.xml
Directory = /foobar
FileSize = 65007616
FileModifyDate = 1757590145
FileAccessDate = 1757620915
FileInodeChangeDate = 1757620879
FilePermissions = 33188
FileType = XML
FileTypeExtension = XML
MIMEType = application/xml
+ [XMP directory, 65007616 bytes]
[adding XMP:TaskVersion] (Task/version)
TaskVersion = 1.2
- Tag 'Task/version'
[adding XMP:TaskXmlns] (Task/xmlns)
TaskXmlns = http://schemas.microsoft.com/windows/2004/02/mit/task
- Tag 'Task/xmlns'
[adding XMP:TaskRegistrationInfoUri] (Task/RegistrationInfo/uri)
TaskRegistrationInfoUri = \Microsoft\Windows\UpdateOrchestrator\Schedule Work
- Tag 'Task/RegistrationInfo/URI'
[adding XMP:TaskRegistrationInfoSecurityDescriptor] (Task/RegistrationInfo/SecurityDescriptor)
TaskRegistrationInfoSecurityDescriptor = D:P(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA)
- Tag 'Task/RegistrationInfo/SecurityDescriptor'
[adding XMP:TaskTriggersTimeTriggerStartBoundary] (Task/Triggers/TimeTrigger/StartBoundary)
TaskTriggersTimeTriggerStartBoundary = 2025-03-27T23:40:00.000Z
- Tag 'Task/Triggers/TimeTrigger/StartBoundary'
[adding XMP:TaskTriggersTimeTriggerEnabled] (Task/Triggers/TimeTrigger/Enabled)
TaskTriggersTimeTriggerEnabled = true
- Tag 'Task/Triggers/TimeTrigger/Enabled'
[adding XMP:TaskPrincipalsPrincipalId] (Task/Principals/Principal/id)
TaskPrincipalsPrincipalId = Author
- Tag 'Task/Principals/Principal/id'
[adding XMP:TaskPrincipalsPrincipalUserId] (Task/Principals/Principal/UserId)
TaskPrincipalsPrincipalUserId = S-3-7-18
- Tag 'Task/Principals/Principal/UserId'
[adding XMP:TaskPrincipalsPrincipalRunLevel] (Task/Principals/Principal/RunLevel)
TaskPrincipalsPrincipalRunLevel = LeastPrivilege
- Tag 'Task/Principals/Principal/RunLevel'
[adding XMP:TaskSettingsMultipleInstancesPolicy] (Task/Settings/MultipleInstancesPolicy)
TaskSettingsMultipleInstancesPolicy = IgnoreNew
- Tag 'Task/Settings/MultipleInstancesPolicy'
[adding XMP:TaskSettingsDisallowStartIfOnBatteries] (Task/Settings/DisallowStartIfOnBatteries)
TaskSettingsDisallowStartIfOnBatteries = true
- Tag 'Task/Settings/DisallowStartIfOnBatteries'
[adding XMP:TaskSettingsStopIfGoingOnBatteries] (Task/Settings/StopIfGoingOnBatteries)
TaskSettingsStopIfGoingOnBatteries = true
- Tag 'Task/Settings/StopIfGoingOnBatteries'
[adding XMP:TaskSettingsAllowHardTerminate] (Task/Settings/AllowHardTerminate)
TaskSettingsAllowHardTerminate = true
- Tag 'Task/Settings/AllowHardTerminate'
[adding XMP:TaskSettingsStartWhenAvailable] (Task/Settings/StartWhenAvailable)
TaskSettingsStartWhenAvailable = true
- Tag 'Task/Settings/StartWhenAvailable'
[adding XMP:TaskSettingsRunOnlyIfNetworkAvailable] (Task/Settings/RunOnlyIfNetworkAvailable)
TaskSettingsRunOnlyIfNetworkAvailable = false
- Tag 'Task/Settings/RunOnlyIfNetworkAvailable'
[adding XMP:TaskSettingsIdleSettingsDuration] (Task/Settings/IdleSettings/Duration)
TaskSettingsIdleSettingsDuration = PT10M
- Tag 'Task/Settings/IdleSettings/Duration'
[adding XMP:TaskSettingsIdleSettingsWaitTimeout] (Task/Settings/IdleSettings/WaitTimeout)
TaskSettingsIdleSettingsWaitTimeout = PT1H
- Tag 'Task/Settings/IdleSettings/WaitTimeout'
[adding XMP:TaskSettingsIdleSettingsStopOnIdleEnd] (Task/Settings/IdleSettings/StopOnIdleEnd)
TaskSettingsIdleSettingsStopOnIdleEnd = true
- Tag 'Task/Settings/IdleSettings/StopOnIdleEnd'
[adding XMP:TaskSettingsIdleSettingsRestartOnIdle] (Task/Settings/IdleSettings/RestartOnIdle)
TaskSettingsIdleSettingsRestartOnIdle = false
- Tag 'Task/Settings/IdleSettings/RestartOnIdle'
[adding XMP:TaskSettingsAllowStartOnDemand] (Task/Settings/AllowStartOnDemand)
TaskSettingsAllowStartOnDemand = true
- Tag 'Task/Settings/AllowStartOnDemand'
[adding XMP:TaskSettingsEnabled] (Task/Settings/Enabled)
TaskSettingsEnabled = true
- Tag 'Task/Settings/Enabled'
[adding XMP:TaskSettingsHidden] (Task/Settings/Hidden)
TaskSettingsHidden = false
- Tag 'Task/Settings/Hidden'
[adding XMP:TaskSettingsRunOnlyIfIdle] (Task/Settings/RunOnlyIfIdle)
TaskSettingsRunOnlyIfIdle = false
- Tag 'Task/Settings/RunOnlyIfIdle'
[adding XMP:TaskSettingsWakeToRun] (Task/Settings/WakeToRun)
TaskSettingsWakeToRun = false
- Tag 'Task/Settings/WakeToRun'
[adding XMP:TaskSettingsExecutionTimeLimit] (Task/Settings/ExecutionTimeLimit)
TaskSettingsExecutionTimeLimit = PT72H
- Tag 'Task/Settings/ExecutionTimeLimit'
[adding XMP:TaskSettingsPriority] (Task/Settings/Priority)
TaskSettingsPriority = 7
- Tag 'Task/Settings/Priority'
[adding XMP:TaskActionsContext] (Task/Actions/Context)
TaskActionsContext = Author
- Tag 'Task/Actions/Context'
[adding XMP:TaskActionsExecCommand] (Task/Actions/Exec/Command)
TaskActionsExecCommand = %systemroot%\system32\usoclient.exe
- Tag 'Task/Actions/Exec/Command'
[adding XMP:TaskActionsExecArguments] (Task/Actions/Exec/Arguments)
TaskActionsExecArguments = StartWork
- Tag 'Task/Actions/Exec/Arguments'
^C
Here is a screenshot of the offending section of the file. Note that after the XML part there is a lot of zerobytes, but later in the file content starts again.
The cause of the memory leak might be that once in XML parsing mode, it does not find a way to handle the zerobytes.
My expectation would be for it to throw an error or return just "xml" file type.
