On Tue, 29 Jul 2025 12:54:00 -0300 Breno <[email protected]> wrote:>
Package: gimp
Version: 3.0.4
What I did:
1 - Selected text tool
2 - Changed style to outline and fill
3 - Tried to change the solid color of the outline
/lib/x86_64-linux-gnu/libc.so.6(__libc_free+0x19c) [0x7f6f849723dc]
/usr/bin/gimp-3.0(+0x39898c) [0x5612d904c98c]
/lib/x86_64-linux-gnu/libgimpwidgets-3.0.so.0(+0x2c2ab) [0x7f6f8602c2ab]
/lib/x86_64-linux-gnu/libgimpwidgets-3.0.so.0(gimp_color_selection_set_config+0x69)
[0x7f6f860326b9]
/usr/bin/gimp-3.0(gimp_color_dialog_new+0x350) [0x5612d90c06b0]
/usr/bin/gimp-3.0(+0x398027) [0x5612d904c027]
/lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x17b81) [0x7f6f85fb4b81]
Hello,
this crash seems to have similarities to this upstream bug report:
https://gitlab.gnome.org/GNOME/gimp/-/issues/14047
At least at the top the calls to gimp_color_dialog_new and
gimp_color_selection_set_config are visible.
Except here we "abort" below a call to "free".
Upstream seems to have solved issue 14047 with this commit:
https://gitlab.gnome.org/GNOME/gimp/-/commit/1685c86af5d6253151d0056a9677ba469ea10164
These bugs seems to contain similar backtraces as this report, #1110085:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112555
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110107
This is the line of the "free" which fails in Debian's gimp:
https://sources.debian.org/src/gimp/3.0.4-3/app/widgets/gimpcolorselectorpalette.c#L109
The issue is quite easy to reproduce,
below is the top of a backtrace with a minimal Debian Trixie,
showing the palette pointer passed
into "gimp_color_selector_palette_palette_changed"
being a NULL pointer.
Kind regards,
Bernhard
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
#1 0x00007f685ea329ff in __pthread_kill_internal (threadid=<optimized out>,
signo=6) at ./nptl/pthread_kill.c:89
#2 0x00007f685e9ddcc2 in __GI_raise (sig=sig@entry=6) at
../sysdeps/posix/raise.c:26
#3 0x00007f685e9c64ac in __GI_abort () at ./stdlib/abort.c:73
#4 0x00007f685e9c7291 in __libc_message_impl (fmt=fmt@entry=0x7f685eb4932d
"%s\n") at ../sysdeps/posix/libc_fatal.c:134
#5 0x00007f685ea3c465 in malloc_printerr (str=str@entry=0x7f685eb47100 "free():
invalid pointer") at ./malloc/malloc.c:5829
#6 0x00007f685ea413dc in _int_free_check (av=0x7f685eb85ac0 <main_arena>,
p=0x5636f67da400, size=<optimized out>) at ./malloc/malloc.c:4560
#7 _int_free (av=0x7f685eb85ac0 <main_arena>, p=0x5636f67da400, have_lock=0)
at ./malloc/malloc.c:4692
#8 __GI___libc_free (mem=0x5636f67da410) at ./malloc/malloc.c:3476
#9 0x00005636c3d6898c in gimp_color_selector_palette_palette_changed
(context=<optimized out>, palette=0x0, select=0x5636f6e21c80) at
../app/widgets/gimpcolorselectorpalette.c:109
#10 gimp_color_selector_palette_set_config (selector=0x5636f6e21c80,
config=<optimized out>) at ../app/widgets/gimpcolorselectorpalette.c:185
#11 0x00007f686022c2ab in ?? () from
/lib/x86_64-linux-gnu/libgimpwidgets-3.0.so.0
#12 0x00007f68602326b9 in gimp_color_selection_set_config () from
/lib/x86_64-linux-gnu/libgimpwidgets-3.0.so.0
#13 0x00005636c3ddc6b0 in gimp_color_dialog_new (viewable=viewable@entry=0x0,
context=0x5636f6ace720, user_context_aware=<optimized out>, title=<optimized
out>, icon_name=icon_name@entry=0x0, desc=desc@entry=0x0, parent=0x5636f67da410,
dialog_factory=0x0, dialog_identifier=0x0, color=0x5636f7102a40, wants_updates=0,
show_alpha=1) at ../app/widgets/gimpcolordialog.c:526
#14 0x00005636c3d68027 in gimp_color_panel_clicked (button=0x5636f67da410) at
../app/widgets/gimpcolorpanel.c:186
...
