[krita] [Bug 410387] Krita suddenly closes while using the palettize filter

wolthera Tue, 30 Jul 2019 09:25:04 -0700

https://bugs.kde.org/show_bug.cgi?id=410387


wolthera <griffinval...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
                 CC|                            |griffinval...@gmail.com
             Status|REPORTED                    |CONFIRMED

--- Comment #1 from wolthera <griffinval...@gmail.com> ---
Can you share that palette?

I do get an asan backtrace with a totally different palette, but it'd be nice
if we had the original palette.
================================================================
==24394==AddressSanitizer: while reporting a bug found another one. Ignoring.
==24394==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400202f610
at pc 0x7fffe6224354 bp 0x7fff7abd09c0 sp 0x7fff7abd09b0
READ of size 4 at 0x60400202f610 thread T24 (Thread (pooled))
==24394==AddressSanitizer: while reporting a bug found another one. Ignoring.
==24394==AddressSanitizer: while reporting a bug found another one. Ignoring.
    #0 0x7fffe6224353 in std::__atomic_base<int>::load(std::memory_order) const
/usr/include/c++/7/bits/atomic_base.h:396
    #1 0x7fffe6224353 in int QAtomicOps<int>::load<int>(std::atomic<int>
const&) /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:227
    #2 0x7fffe6221f3d in QBasicAtomicInteger<int>::load() const
/usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:103
    #3 0x7fffe621f1eb in QtPrivate::RefCount::ref()
/usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:55
    #4 0x7fffe6e3cab4 in QMap<int, KisSwatch>::QMap(QMap<int, KisSwatch>
const&) /usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:624
    #5 0x7fffe6e3a3ed in QVector<QMap<int, KisSwatch> >::reallocData(int, int,
QFlags<QArrayData::AllocationOption>)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qvector.h:581
    #6 0x7fffe6e3b67f in QVector<QMap<int, KisSwatch> >::detach()
/usr/include/x86_64-linux-gnu/qt5/QtCore/qvector.h:390
    #7 0x7fffe6e394c6 in QVector<QMap<int, KisSwatch> >::data()
/usr/include/x86_64-linux-gnu/qt5/QtCore/qvector.h:127
    #8 0x7fffe6e375f2 in QVector<QMap<int, KisSwatch> >::operator[](int)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qvector.h:438
    #9 0x7fffe6e34615 in KisSwatchGroup::checkEntry(int, int) const
/home/wolthera/krita/src/libs/pigment/resources/KisSwatchGroup.cpp:83
    #10 0x7fffe6e03ea0 in KoColorSet::getColorGlobal(unsigned int, unsigned
int) const /home/wolthera/krita/src/libs/pigment/resources/KoColorSet.cpp:308
    #11 0x7fffb9390e32 in
KisFilterPalettize::processImpl(KisSharedPtr<KisPaintDevice>, QRect const&,
KisPinnedSharedPtr<KisFilterConfiguration>, KoUpdater*) const
/home/wolthera/krita/src/plugins/filters/palettize/palettize.cpp:201
    #12 0x7fffedacfd8c in KisFilter::process(KisSharedPtr<KisPaintDevice>,
KisSharedPtr<KisPaintDevice>, KisSharedPtr<KisSelection>, QRect const&,
KisPinnedSharedPtr<KisFilterConfiguration>, KoUpdater*) const
/home/wolthera/krita/src/libs/image/filter/kis_filter.cc:88
    #13 0x7fffedcf3b5c in KisUpdateOriginalVisitor::visit(KisAdjustmentLayer*)
/home/wolthera/krita/src/libs/image/kis_async_merger.cpp:127
    #14 0x7fffedbf30b4 in KisAdjustmentLayer::accept(KisNodeVisitor&)
/home/wolthera/krita/src/libs/image/kis_adjustment_layer.cc:115
    #15 0x7fffede584dd in KisProjectionLeaf::accept(KisNodeVisitor&)
/home/wolthera/krita/src/libs/image/kis_projection_leaf.cpp:245
    #16 0x7fffedce8623 in KisAsyncMerger::startMerge(KisBaseRectsWalker&, bool)
/home/wolthera/krita/src/libs/image/kis_async_merger.cpp:265
    #17 0x7fffee39ba9b in KisUpdateJobItem::runMergeJob()
/home/wolthera/krita/build/libs/image/kritaimage_autogen/EWIEGA46WW/../../../../../src/libs/image/kis_update_job_item.h:118
    #18 0x7fffee39b6b1 in KisUpdateJobItem::run()
/home/wolthera/krita/build/libs/image/kritaimage_autogen/EWIEGA46WW/../../../../../src/libs/image/kis_update_job_item.h:86
    #19 0x7fffeb31e3e1  (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0xac3e1)
    #20 0x7fffeb319c71  (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0xa7c71)
    #21 0x7fffea2bc6da in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
    #22 0x7fffeaa0188e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)

0x60400202f610 is located 0 bytes inside of 40-byte region
[0x60400202f610,0x60400202f638)
freed by thread T24 (Thread (pooled)) here:
    #0 0x7ffff6efb9d8 in operator delete(void*, unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe19d8)
    #1 0x7fffe6e3e274 in QMapData<int, KisSwatch>::destroy()
/usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:251
    #2 0x7fffe6e3dfec in QMap<int, KisSwatch>::~QMap()
/usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:339
    #3 0x7fffe6e3ca49 in QVector<QMap<int, KisSwatch> >::destruct(QMap<int,
KisSwatch>*, QMap<int, KisSwatch>*)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qvector.h:351
    #4 0x7fffe6e39227 in QVector<QMap<int, KisSwatch>
>::freeData(QTypedArrayData<QMap<int, KisSwatch> >*)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qvector.h:542
    #5 0x7fffe6e3690f in QVector<QMap<int, KisSwatch> >::~QVector()
/usr/include/x86_64-linux-gnu/qt5/QtCore/qvector.h:73
    #6 0x7fffe6e39337 in KisSwatchGroup::Private::~Private()
/home/wolthera/krita/src/libs/pigment/resources/KisSwatchGroup.cpp:24
    #7 0x7fffe6e39364 in
QScopedPointerDeleter<KisSwatchGroup::Private>::cleanup(KisSwatchGroup::Private*)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:60
    #8 0x7fffe6e37498 in QScopedPointer<KisSwatchGroup::Private,
QScopedPointerDeleter<KisSwatchGroup::Private>
>::reset(KisSwatchGroup::Private*)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qscopedpointer.h:159
    #9 0x7fffe6e343c0 in KisSwatchGroup::operator=(KisSwatchGroup const&)
/home/wolthera/krita/src/libs/pigment/resources/KisSwatchGroup.cpp:62
    #10 0x7fffe6e03e83 in KoColorSet::getColorGlobal(unsigned int, unsigned
int) const /home/wolthera/krita/src/libs/pigment/resources/KoColorSet.cpp:306
    #11 0x7fffb9390e32 in
KisFilterPalettize::processImpl(KisSharedPtr<KisPaintDevice>, QRect const&,
KisPinnedSharedPtr<KisFilterConfiguration>, KoUpdater*) const
/home/wolthera/krita/src/plugins/filters/palettize/palettize.cpp:201
    #12 0x7fffedacfd8c in KisFilter::process(KisSharedPtr<KisPaintDevice>,
KisSharedPtr<KisPaintDevice>, KisSharedPtr<KisSelection>, QRect const&,
KisPinnedSharedPtr<KisFilterConfiguration>, KoUpdater*) const
/home/wolthera/krita/src/libs/image/filter/kis_filter.cc:88
    #13 0x7fffedcf3b5c in KisUpdateOriginalVisitor::visit(KisAdjustmentLayer*)
/home/wolthera/krita/src/libs/image/kis_async_merger.cpp:127
    #14 0x7fffedbf30b4 in KisAdjustmentLayer::accept(KisNodeVisitor&)
/home/wolthera/krita/src/libs/image/kis_adjustment_layer.cc:115
    #15 0x7fffede584dd in KisProjectionLeaf::accept(KisNodeVisitor&)
/home/wolthera/krita/src/libs/image/kis_projection_leaf.cpp:245
    #16 0x7fffedce8623 in KisAsyncMerger::startMerge(KisBaseRectsWalker&, bool)
/home/wolthera/krita/src/libs/image/kis_async_merger.cpp:265
    #17 0x7fffee39ba9b in KisUpdateJobItem::runMergeJob()
/home/wolthera/krita/build/libs/image/kritaimage_autogen/EWIEGA46WW/../../../../../src/libs/image/kis_update_job_item.h:118
    #18 0x7fffee39b6b1 in KisUpdateJobItem::run()
/home/wolthera/krita/build/libs/image/kritaimage_autogen/EWIEGA46WW/../../../../../src/libs/image/kis_update_job_item.h:86
    #19 0x7fffeb31e3e1  (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0xac3e1)

previously allocated by thread T0 here:
    #0 0x7ffff6efa458 in operator new(unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0458)
    #1 0x7fffeb38951d in QMapDataBase::createData()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x11751d)
    #2 0x7fffe6e3ccac in QMap<int, KisSwatch>::detach_helper()
/usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:1006
    #3 0x7fffe6e395fd in QMap<int, KisSwatch>::detach()
/usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:364
    #4 0x7fffe6e376c5 in QMap<int, KisSwatch>::operator[](int const&)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:673
    #5 0x7fffe6e34545 in KisSwatchGroup::setEntry(KisSwatch const&, int, int)
/home/wolthera/krita/src/libs/pigment/resources/KisSwatchGroup.cpp:75
    #6 0x7fffe6e26854 in KoColorSet::Private::loadKplGroup(QDomDocument const&,
QDomElement const&, KisSwatchGroup*)
/home/wolthera/krita/src/libs/pigment/resources/KoColorSet.cpp:1644
    #7 0x7fffe6e12dc9 in KoColorSet::Private::loadKpl()
/home/wolthera/krita/src/libs/pigment/resources/KoColorSet.cpp:1001
    #8 0x7fffe6e0ae06 in KoColorSet::Private::init()
/home/wolthera/krita/src/libs/pigment/resources/KoColorSet.cpp:718
    #9 0x7fffe6e01efa in KoColorSet::loadFromDevice(QIODevice*)
/home/wolthera/krita/src/libs/pigment/resources/KoColorSet.cpp:161
    #10 0x7fffe6e0191f in KoColorSet::load()
/home/wolthera/krita/src/libs/pigment/resources/KoColorSet.cpp:145
    #11 0x7fffe8374f09 in KoResourceServer<KoColorSet,
PointerStoragePolicy<KoColorSet> >::loadResources(QStringList)
/home/wolthera/krita/src/libs/widgets/KoResourceServer.h:203
    #12 0x7fffe8366aa1 in KoResourceServerProvider::KoResourceServerProvider()
/home/wolthera/krita/src/libs/widgets/KoResourceServerProvider.cpp:137
    #13 0x7fffe8368084 in Holder
/home/wolthera/krita/src/libs/widgets/KoResourceServerProvider.cpp:157
    #14 0x7fffe8368120 in innerFunction
/home/wolthera/krita/src/libs/widgets/KoResourceServerProvider.cpp:157
    #15 0x7fffe83686f5 in operator QGlobalStatic<KoResourceServerProvider,
(anonymous namespace)::Q_QGS_s_instance::innerFunction, (anonymous
namespace)::Q_QGS_s_instance::guard>::Type*
/usr/include/x86_64-linux-gnu/qt5/QtCore/qglobalstatic.h:134
    #16 0x7fffe8368185 in KoResourceServerProvider::instance()
/home/wolthera/krita/src/libs/widgets/KoResourceServerProvider.cpp:161
    #17 0x7ffff248f4e3 in KisApplication::loadResources()
/home/wolthera/krita/src/libs/ui/KisApplication.cpp:287
    #18 0x7ffff249163c in KisApplication::start(KisApplicationArguments const&)
/home/wolthera/krita/src/libs/ui/KisApplication.cpp:425
    #19 0x555557932893 in main /home/wolthera/krita/src/krita/main.cc:513
    #20 0x7fffea901b96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Thread T24 (Thread (pooled)) created by T21 (Thread (pooled)) here:
    #0 0x7ffff6e51d2f in __interceptor_pthread_create
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x7fffeb3192ed in QThread::start(QThread::Priority)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0xa72ed)

Thread T21 (Thread (pooled)) created by T0 here:
    #0 0x7ffff6e51d2f in __interceptor_pthread_create
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x7fffeb3192ed in QThread::start(QThread::Priority)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0xa72ed)

SUMMARY: AddressSanitizer: heap-use-after-free
/usr/include/c++/7/bits/atomic_base.h:396 in
std::__atomic_base<int>::load(std::memory_order) const
Shadow bytes around the buggy address:
  0x0c08803fde70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c08803fde80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c08803fde90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c08803fdea0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c08803fdeb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c08803fdec0: fa fa[fd]fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x0c08803fded0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c08803fdee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c08803fdef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c08803fdf00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c08803fdf10: fa fa 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==24394==ABORTING
[Thread 0x7fff7617a700 (LWP 25230) exited]
[Thread 0x7fff7abd4700 (LWP 25229) exited]
[Thread 0x7fff7bbd6700 (LWP 25228) exited]
[Thread 0x7fff7a3d3700 (LWP 25227) exited]
[Thread 0x7fff7b3d5700 (LWP 25226) exited]
[Thread 0x7fff9d048700 (LWP 25016) exited]
[Thread 0x7fff9e0af700 (LWP 25003) exited]
[Thread 0x7fff93272700 (LWP 24816) exited]
[Thread 0x7fff95475700 (LWP 24810) exited]
[Thread 0x7fffc508c700 (LWP 24549) exited]
[Thread 0x7fffd3e21700 (LWP 24548) exited]
[Thread 0x7fffcf97d700 (LWP 24543) exited]
[Thread 0x7ffff7f8ce80 (LWP 24394) exited]
[Inferior 1 (process 24394) exited with code 01]
(gdb)

-- 
You are receiving this mail because:
You are watching all bug changes.

[krita] [Bug 410387] Krita suddenly closes while using the palettize filter

Reply via email to