https://bugs.kde.org/show_bug.cgi?id=405739
Bug ID: 405739
Summary: Alpha into mask on animated fill layer results in
[asan crash]
Product: krita
Version: git master
Platform: Other
OS: Linux
Status: REPORTED
Severity: crash
Priority: NOR
Component: Layer Stack
Assignee: krita-bugs-n...@kde.org
Reporter: griffinval...@gmail.com
Target Milestone: ---
SUMMARY
Apply "split alpha into mask" on animated fill layer with Address Sanitzer
enabled, get this crash:
=================================================================
==28661==ERROR: AddressSanitizer: heap-use-after-free on address 0x606003220d30
at pc 0x7fe94b8dca48 bp 0x7ffc96fbc1d0 sp 0x7ffc96fbc1c0
READ of size 8 at 0x606003220d30 thread T0
#0 0x7fe94b8dca47 in
KisPixelSelection::KisPixelSelection(KisSharedPtr<KisPaintDevice>,
KritaUtils::DeviceCopyMode, KisWeakSharedPtr<KisSelection>)
/home/wolthera/krita/src/libs/image/kis_pixel_selection.cpp:96
#1 0x7fe94b8fb648 in
KisSelection::KisSelection(KisSharedPtr<KisPaintDevice>,
KritaUtils::DeviceCopyMode, KisSharedPtr<KisDefaultBoundsBase>)
/home/wolthera/krita/src/libs/image/kis_selection.cc:82
#2 0x7fe94b5561a9 in
KisMask::Private::initSelectionImpl(KisSharedPtr<KisSelection>,
KisSharedPtr<KisLayer>, KisSharedPtr<KisPaintDevice>)
/home/wolthera/krita/src/libs/image/kis_mask.cc:181
#3 0x7fe94b555507 in KisMask::initSelection(KisSharedPtr<KisPaintDevice>,
KisSharedPtr<KisLayer>) /home/wolthera/krita/src/libs/image/kis_mask.cc:153
#4 0x7fe94f484d30 in
KisMaskManager::createMaskCommon(KisSharedPtr<KisMask>, KisSharedPtr<KisNode>,
KisSharedPtr<KisPaintDevice>, KUndo2MagicString const&, QString const&, QString
const&, bool, bool, bool)
/home/wolthera/krita/src/libs/ui/kis_mask_manager.cc:172
#5 0x7fe94f4865cf in
KisMaskManager::createTransparencyMask(KisSharedPtr<KisNode>,
KisSharedPtr<KisPaintDevice>, bool)
/home/wolthera/krita/src/libs/ui/kis_mask_manager.cc:218
#6 0x7fe94f4b01e9 in KisNodeManager::createNode(QString const&, bool,
KisSharedPtr<KisPaintDevice>)
/home/wolthera/krita/src/libs/ui/kis_node_manager.cpp:551
#7 0x7fe94f4bfe3e in KisNodeManager::slotSplitAlphaIntoMask()
/home/wolthera/krita/src/libs/ui/kis_node_manager.cpp:1189
#8 0x7fe94feaa27a in KisNodeManager::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**)
/home/wolthera/krita/build/libs/ui/kritaui_autogen/EWIEGA46WW/moc_kis_node_manager.cpp:346
#9 0x7fe948c5fe24 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2afe24)
#10 0x7fe949a200f1 in QAction::triggered(bool)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1550f1)
#11 0x7fe949a2270b in QAction::activate(QAction::ActionEvent)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15770b)
#12 0x7fe949b973ab (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2cc3ab)
#13 0x7fe949b9e91a (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2d391a)
#14 0x7fe949b9f792 in QMenu::mouseReleaseEvent(QMouseEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2d4792)
#15 0x7fe949a66837 in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19b837)
#16 0x7fe949ba1aba in QMenu::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2d6aba)
#17 0x7fe949a2683b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b83b)
#18 0x7fe949a2eca7 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x163ca7)
#19 0x7fe94fc2bf3c in KisApplication::notify(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/KisApplication.cpp:639
#20 0x7fe948c30327 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280327)
#21 0x7fe949a2d29e in QApplicationPrivate::sendMouseEvent(QWidget*,
QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x16229e)
#22 0x7fe949a8179c (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1b679c)
#23 0x7fe949a84349 (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1b9349)
#24 0x7fe949a2683b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b83b)
#25 0x7fe949a2ddcf in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x162dcf)
#26 0x7fe94fc2bf3c in KisApplication::notify(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/KisApplication.cpp:639
#27 0x7fe948c30327 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280327)
#28 0x7fe9491f852a in
QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x11352a)
#29 0x7fe9491f9694 in
QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x114694)
#30 0x7fe9491d214a in
QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xed14a)
#31 0x7fe92f2f2309 (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x6b309)
#32 0x7fe93e9ab386 in g_main_context_dispatch
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c386)
#33 0x7fe93e9ab5bf (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c5bf)
#34 0x7fe93e9ab64b in g_main_context_iteration
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c64b)
#35 0x7fe948c8d13e in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd13e)
#36 0x7fe948c2e649 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x27e649)
#37 0x7fe949b9c5ff in QMenu::exec(QPoint const&, QAction*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2d15ff)
#38 0x7fe8f1f093dc in LayerBox::slotContextMenuRequested(QPoint const&,
QModelIndex const&)
/home/wolthera/krita/src/plugins/dockers/layerdocker/LayerBox.cpp:681
#39 0x7fe8f1f12869 in LayerBox::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**)
/home/wolthera/krita/build/plugins/dockers/layerdocker/kritalayerdocker_autogen/include/moc_LayerBox.cpp:228
#40 0x7fe948c5fe24 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2afe24)
#41 0x7fe8f1f667fb in NodeView::contextMenuRequested(QPoint const&,
QModelIndex const&)
/home/wolthera/krita/build/plugins/dockers/layerdocker/kritalayerdocker_autogen/EWIEGA46WW/moc_NodeView.cpp:224
#42 0x7fe8f1f5d1dc in NodeView::showContextMenu(QPoint const&, QModelIndex
const&) /home/wolthera/krita/src/plugins/dockers/layerdocker/NodeView.cpp:318
#43 0x7fe8f1f5d160 in NodeView::contextMenuEvent(QContextMenuEvent*)
/home/wolthera/krita/src/plugins/dockers/layerdocker/NodeView.cpp:313
#44 0x7fe949a67613 in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19c613)
#45 0x7fe949b08d1d in QFrame::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x23dd1d)
#46 0x7fe949c7fc72 in QAbstractItemView::viewportEvent(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x3b4c72)
#47 0x7fe949ce980b in QTreeView::viewportEvent(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x41e80b)
#48 0x7fe8f1f5cbc2 in NodeView::viewportEvent(QEvent*)
/home/wolthera/krita/src/plugins/dockers/layerdocker/NodeView.cpp:304
#49 0x7fe948c300ac in
QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2800ac)
#50 0x7fe949a26814 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b814)
#51 0x7fe949a2e2e6 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1632e6)
#52 0x7fe94fc2bf3c in KisApplication::notify(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/KisApplication.cpp:639
#53 0x7fe948c30327 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280327)
#54 0x7fe949a81bc7 (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1b6bc7)
#55 0x7fe949a84349 (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1b9349)
#56 0x7fe949a2683b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b83b)
#57 0x7fe949a2ddcf in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x162dcf)
#58 0x7fe94fc2bf3c in KisApplication::notify(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/KisApplication.cpp:639
#59 0x7fe948c30327 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280327)
#60 0x7fe9491f852a in
QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x11352a)
#61 0x7fe9491f9694 in
QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x114694)
#62 0x7fe9491d214a in
QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xed14a)
#63 0x7fe92f2f2309 (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x6b309)
#64 0x7fe93e9ab386 in g_main_context_dispatch
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c386)
#65 0x7fe93e9ab5bf (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c5bf)
#66 0x7fe93e9ab64b in g_main_context_iteration
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c64b)
#67 0x7fe948c8d13e in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd13e)
#68 0x7fe948c2e649 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x27e649)
#69 0x7fe948c377ff in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2877ff)
#70 0x558b36046581 in main /home/wolthera/krita/src/krita/main.cc:481
#71 0x7fe94803fb96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#72 0x558b3603fba9 in _start
(/home/wolthera/krita/inst/bin/krita+0x24dbba9)
0x606003220d30 is located 48 bytes inside of 56-byte region
[0x606003220d00,0x606003220d38)
freed by thread T0 here:
#0 0x7fe9547f72d0 in operator delete(void*)
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe12d0)
#1 0x7fe94b8dccc9 in KisPixelSelection::~KisPixelSelection()
/home/wolthera/krita/src/libs/image/kis_pixel_selection.cpp:109
#2 0x7fe94b10608a in
KisSharedPtr<KisPaintDevice>::deref(KisSharedPtr<KisPaintDevice> const*,
KisPaintDevice*) /home/wolthera/krita/src/libs/global/kis_shared_ptr.h:211
#3 0x7fe94b0fff14 in KisSharedPtr<KisPaintDevice>::deref() const
/home/wolthera/krita/src/libs/global/kis_shared_ptr.h:225
#4 0x7fe94b0eb6c1 in KisSharedPtr<KisPaintDevice>::~KisSharedPtr()
/home/wolthera/krita/src/libs/global/kis_shared_ptr.h:109
#5 0x7fe94b838c5c in ~DeviceChangeColorSpaceCommand
/home/wolthera/krita/src/libs/image/kis_paint_device.cc:901
#6 0x7fe94b838c83 in ~DeviceChangeColorSpaceCommand
/home/wolthera/krita/src/libs/image/kis_paint_device.cc:901
#7 0x7fe94b825b54 in
KisPaintDevice::Private::convertColorSpace(KoColorSpace const*,
KoColorConversionTransformation::Intent,
QFlags<KoColorConversionTransformation::ConversionFlag>)
/home/wolthera/krita/src/libs/image/kis_paint_device.cc:951
#8 0x7fe94b82cdfa in KisPaintDevice::convertTo(KoColorSpace const*,
KoColorConversionTransformation::Intent,
QFlags<KoColorConversionTransformation::ConversionFlag>)
/home/wolthera/krita/src/libs/image/kis_paint_device.cc:1516
#9 0x7fe94b8dca22 in
KisPixelSelection::KisPixelSelection(KisSharedPtr<KisPaintDevice>,
KritaUtils::DeviceCopyMode, KisWeakSharedPtr<KisSelection>)
/home/wolthera/krita/src/libs/image/kis_pixel_selection.cpp:94
#10 0x7fe94b8fb648 in
KisSelection::KisSelection(KisSharedPtr<KisPaintDevice>,
KritaUtils::DeviceCopyMode, KisSharedPtr<KisDefaultBoundsBase>)
/home/wolthera/krita/src/libs/image/kis_selection.cc:82
#11 0x7fe94b5561a9 in
KisMask::Private::initSelectionImpl(KisSharedPtr<KisSelection>,
KisSharedPtr<KisLayer>, KisSharedPtr<KisPaintDevice>)
/home/wolthera/krita/src/libs/image/kis_mask.cc:181
#12 0x7fe94b555507 in KisMask::initSelection(KisSharedPtr<KisPaintDevice>,
KisSharedPtr<KisLayer>) /home/wolthera/krita/src/libs/image/kis_mask.cc:153
#13 0x7fe94f484d30 in
KisMaskManager::createMaskCommon(KisSharedPtr<KisMask>, KisSharedPtr<KisNode>,
KisSharedPtr<KisPaintDevice>, KUndo2MagicString const&, QString const&, QString
const&, bool, bool, bool)
/home/wolthera/krita/src/libs/ui/kis_mask_manager.cc:172
#14 0x7fe94f4865cf in
KisMaskManager::createTransparencyMask(KisSharedPtr<KisNode>,
KisSharedPtr<KisPaintDevice>, bool)
/home/wolthera/krita/src/libs/ui/kis_mask_manager.cc:218
previously allocated by thread T0 here:
#0 0x7fe9547f6458 in operator new(unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0458)
#1 0x7fe94b8fb62b in
KisSelection::KisSelection(KisSharedPtr<KisPaintDevice>,
KritaUtils::DeviceCopyMode, KisSharedPtr<KisDefaultBoundsBase>)
/home/wolthera/krita/src/libs/image/kis_selection.cc:82
#2 0x7fe94b5561a9 in
KisMask::Private::initSelectionImpl(KisSharedPtr<KisSelection>,
KisSharedPtr<KisLayer>, KisSharedPtr<KisPaintDevice>)
/home/wolthera/krita/src/libs/image/kis_mask.cc:181
#3 0x7fe94b555507 in KisMask::initSelection(KisSharedPtr<KisPaintDevice>,
KisSharedPtr<KisLayer>) /home/wolthera/krita/src/libs/image/kis_mask.cc:153
#4 0x7fe94f484d30 in
KisMaskManager::createMaskCommon(KisSharedPtr<KisMask>, KisSharedPtr<KisNode>,
KisSharedPtr<KisPaintDevice>, KUndo2MagicString const&, QString const&, QString
const&, bool, bool, bool)
/home/wolthera/krita/src/libs/ui/kis_mask_manager.cc:172
#5 0x7fe94f4865cf in
KisMaskManager::createTransparencyMask(KisSharedPtr<KisNode>,
KisSharedPtr<KisPaintDevice>, bool)
/home/wolthera/krita/src/libs/ui/kis_mask_manager.cc:218
#6 0x7fe94f4b01e9 in KisNodeManager::createNode(QString const&, bool,
KisSharedPtr<KisPaintDevice>)
/home/wolthera/krita/src/libs/ui/kis_node_manager.cpp:551
#7 0x7fe94f4bfe3e in KisNodeManager::slotSplitAlphaIntoMask()
/home/wolthera/krita/src/libs/ui/kis_node_manager.cpp:1189
#8 0x7fe94feaa27a in KisNodeManager::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**)
/home/wolthera/krita/build/libs/ui/kritaui_autogen/EWIEGA46WW/moc_kis_node_manager.cpp:346
#9 0x7fe948c5fe24 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2afe24)
#10 0x7fe949a200f1 in QAction::triggered(bool)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1550f1)
SUMMARY: AddressSanitizer: heap-use-after-free
/home/wolthera/krita/src/libs/image/kis_pixel_selection.cpp:96 in
KisPixelSelection::KisPixelSelection(KisSharedPtr<KisPaintDevice>,
KritaUtils::DeviceCopyMode, KisWeakSharedPtr<KisSelection>)
Shadow bytes around the buggy address:
0x0c0c8063c150: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fa
0x0c0c8063c160: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c8063c170: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c8063c180: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0c8063c190: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0c8063c1a0: fd fd fd fd fd fd[fd]fa fa fa fa fa fa fa fa fa
0x0c0c8063c1b0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 fa
0x0c0c8063c1c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c8063c1d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c8063c1e0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0c8063c1f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28661==ABORTING
wolthera@Euthenia:~/krita/build$
--
You are receiving this mail because:
You are watching all bug changes.
