Laurence Tratt writes:
> I'm not a heavy user of gimp, but I've noticed it segfaulting regularly
> (e.g. when saving, adjusting colours) whenever I've tried using it in the
> last couple of weeks or more. Having updated my amd64 snapshot + packages
> this morning to I'm still seeing problems. Here's an example backtrace from
> github which suggests the problem might be in bable? I wonder if anyone else
> has seen this problem, or has any idea what it might be (or what might have
> caused it)?
Thanks for reporting this. I can reproduce this problem while resizing.
Reproducer (resizing)
=====================
1. open image
2. shift+s to resize
3. resize image with corners
4. gimp crashes
Solution
========
The solution is to bump resource limits. It might be nice to include a
MESSAGE or README as in games/dolphin/pkg/README, but firefox and chrome
do not have one. More conservative limits would be better, but I have
not tried searching for optimal limits. It seems like babl wants to
allocate more memory than earlier versions.
$ ulimit -d 17000000
login.conf:
default:
...
:datasize-max=17G:\
:datasize-cur=17G:\
I had it set to 1024M and it crashed. This printf patch revealed that
the babl calls malloc and assumes it returns correctly without checking
for failure. In my case, lut malloc failed with 12 ENOMEM and babl
happily tries to write to this destination.
printf debugging
================
#+begin_src
Index: babl/babl-fish-path.c
--- babl/babl-fish-path.c.orig
+++ babl/babl-fish-path.c
@@ -20,6 +20,7 @@
#include <math.h>
#include "babl-internal.h"
#include "babl-ref-pixels.h"
+#include <errno.h>
#define BABL_TOLERANCE 0.0000047
#define BABL_MAX_COST_VALUE 2000000
@@ -345,7 +346,16 @@ static inline int babl_fish_lut_process_maybe (const B
else if (source_bpp == 4 && dest_bpp == 16)
{
uint32_t *temp_lut = malloc (256 * 256 * 256 * 4);
+ if (temp_lut == NULL) {
+ printf("NAMTSUI malloc failed for temp_lut\n");
+ return 0;
+ }
lut = malloc (256 * 256 * 256 * 16);
+ if (lut == NULL) {
+ printf("NAMTSUI malloc failed for lut %d\n", errno);
+ free(temp_lut);
+ return 0;
+ }
for (int o = 0; o < 256 * 256 * 256; o++)
temp_lut[o] = o;
process_conversion_path (babl->fish_path.conversion_list,
#+end_src
stacktrace (from older 0.1.92 babl)
===================================
#+begin_src
0x00000fe5d9ae84f1 in conv_rgbaF_rgbAF (conversion=<optimized out>,
srcc=0xfe60927ba10 "", dstc=0x0, samples=<optimized out>)
at ../babl-0.1.92/extensions/gegl-fixups.c:442
442 dst[0] = src[0] * used_alpha;
(gdb) bt
#0 0x00000fe5d9ae84f1 in conv_rgbaF_rgbAF (conversion=<optimized out>,
srcc=0xfe60927ba10 "", dstc=0x0, samples=<optimized out>)
at ../babl-0.1.92/extensions/gegl-fixups.c:442
#1 0x00000fe628a7945c in babl_conversion_process (babl=0x1,
source=0xfe60927ba10 "", destination=0x0, n=512)
at ../babl-0.1.92/babl/babl-internal.h:440
#2 process_conversion_path (source_buffer=0xfe6e8472000,
source_bpp=<error reading variable: Cannot access memory at address 0x4>,
destination_buffer=0x0,
dest_bpp=<error reading variable: Cannot access memory at address 0x10>,
n=<error reading variable: Cannot access memory at address 0x1000000>,
path=<optimized out>) at ../babl-0.1.92/babl/babl-fish-path.c:1439
#3 babl_fish_lut_process_maybe (babl=0xfe60c48c830,
source=0xfe6c3c99480
"\247\276\352\377\250\277\353\377\250\277\353\377\251\300\354\377\251\300\354\377\252\301\355\377\252\301\355\377\252\301\355\377\250\300\354\377\247\277\353\377\246\276\352\377\246\276\352\377\245\275\351\377\245\275\351\377\246\276\352\377\246\276\352\377\243\274\345\377\244\275\346\377\245\276\347\377\245\276\347\377\243\274\345\377\241\272\343\377\241\272\343\377\242\273\344\377\245\276\346\377\245\276\346\377\245\276\346\377\244\275\345\377\243\274\344\377\242\273\343\377\241\272\342\377\240\271\341\377\236\272\341\377\236\272\341\377\237\273\340\377\237\273\340\377\240\275\337\377\240\275\337\377\240\275\337\377\240\275\337\377\242\274\337\377\243\275\340\377\244\276\343\377\244\276\343\377\242\273\343\377\242\273\343\377\243\274\345\377\244\275\346\377\245\276\346\377\244\275",
<incomplete sequence \345\377>...,
destination=0xfe5faaa0c30 "", n=6, data=<optimized out>)
at ../babl-0.1.92/babl/babl-fish-path.c:351
#4 0x00000fe628a77dab in babl_fish_path_process (babl=0xfe60c48c830,
source=0xfe6c3c99480
"\247\276\352\377\250\277\353\377\250\277\353\377\251\300\354\377\251\300\354\377\252\301\355\377\252\301\355\377\252\301\355\377\250\300\354\377\247\277\353\377\246\276\352\377\246\276\352\377\245\275\351\377\245\275\351\377\246\276\352\377\246\276\352\377\243\274\345\377\244\275\346\377\245\276\347\377\245\276\347\377\243\274\345\377\241\272\343\377\241\272\343\377\242\273\344\377\245\276\346\377\245\276\346\377\245\276\346\377\244\275\345\377\243\274\344\377\242\273\343\377\241\272\342\377\240\271\341\377\236\272\341\377\236\272\341\377\237\273\340\377\237\273\340\377\240\275\337\377\240\275\337\377\240\275\337\377\240\275\337\377\242\274\337\377\243\275\340\377\244\276\343\377\244\276\343\377\242\273\343\377\242\273\343\377\243\274\345\377\244\275\346\377\245\276\346\377\244\275",
<incomplete sequence \345\377>...,
destination=0xfe5faaa0c30 "", n=6, data=0x1)
at ../babl-0.1.92/babl/babl-fish-path.c:1223
#5 0x00000fe628a7804c in babl_process_rows (fish=0xfe60c48c830,
source=<optimized out>, source_stride=512, dest=<optimized out>,
dest_stride=<optimized out>, n=<optimized out>, rows=13)
at ../babl-0.1.92/babl/babl-fish-path.c:1357
#6 0x00000fe680215852 in gegl_buffer_iterate_read_simple (
buffer=<optimized out>, roi=<optimized out>, buf=0xfe5faaa0c30 "",
buf_stride=1024, format=<optimized out>, level=0)
at ../gegl-0.4.38/gegl/buffer/gegl-buffer-access.c:1025
#7 0x00000fe680215ea8 in gegl_buffer_iterate_read_abyss_color (
buffer=0xfe6786a0780, roi=<optimized out>, abyss=<optimized out>,
buf=<optimized out>, buf_stride=1024, format=0xfe628936e30, level=0,
color=0x0, repeat_mode=GEGL_ABYSS_NONE)
at ../gegl-0.4.38/gegl/buffer/gegl-buffer-access.c:1374
#8 0x00000fe680214450 in gegl_buffer_iterate_read_dispatch (
buffer=<optimized out>, roi=<optimized out>, buf=0xfe5faaa0000 "",
rowstride=1024, format=0xfe628936e30, level=<optimized out>,
repeat_mode=GEGL_ABYSS_NONE)
at ../gegl-0.4.38/gegl/buffer/gegl-buffer-access.c:1597
#9 0x00000fe6802105ed in _gegl_buffer_get_unlocked (buffer=0xfe6786a0780,
scale=<optimized out>,
rect=<error reading variable: Cannot access memory at address 0x0>,
format=0xfe628936e30, dest_buf=0xfe5faaa0000, rowstride=<optimized out>,
flags=GEGL_ABYSS_NONE)
at ../gegl-0.4.38/gegl/buffer/gegl-buffer-access.c:2087
#10 0x00000fe680226f08 in gegl_sampler_get_ptr (sampler=0xfe6036aeb10,
x=<optimized out>, y=<optimized out>, repeat_mode=GEGL_ABYSS_NONE)
at ../gegl-0.4.38/gegl/buffer/gegl-sampler.h:232
#11 gegl_sampler_cubic_interpolate (self=0xfe6036aeb10,
absolute_x=<optimized out>, absolute_y=<optimized out>,
--Type <RET> for more, q to quit, c to continue without paging--
output=0xfe6092811d0, repeat_mode=GEGL_ABYSS_NONE)
at ../gegl-0.4.38/gegl/buffer/gegl-sampler-cubic.c:187
#12 0x00000fe680226bc5 in gegl_sampler_cubic_get (self=0xfe6036aeb10,
absolute_x=0.72000002746582137, absolute_y=0.72005206522711329,
scale=<optimized out>, output=0xfe6c786e050, repeat_mode=GEGL_ABYSS_NONE)
at ../gegl-0.4.38/gegl/buffer/gegl-sampler-cubic.c:227
#13 0x00000fe6b0a0b2ef in transform_affine (operation=<optimized out>,
dest=0x3fe70aaaa0f22aaf, src=<optimized out>, matrix=0x10,
roi=0xfe600000080, level=<optimized out>)
at ../gegl-0.4.38/operations/transform/transform-core.c:1239
#14 0x00000fe6b0a0b87d in thread_process (area=0xfe6092813e8,
data=0x7f7ffffdded0)
at ../gegl-0.4.38/operations/transform/transform-core.c:1101
#15 0x00000fe6801f3c10 in gegl_parallel_distribute_area_func (
i=<optimized out>, n=<optimized out>, data=0x1)
at ../gegl-0.4.38/gegl/gegl-parallel.c:319
#16 0x00000fe6801f3d90 in gegl_parallel_distribute_thread_func (
thread=0xfe68029c2a0 <gegl_parallel_distribute_threads>)
at ../gegl-0.4.38/gegl/gegl-parallel.c:492
#17 0x00000fe69c2ea715 in g_thread_proxy ()
from /usr/local/lib/libglib-2.0.so.4201.8
#18 0x00000fe67a2bef01 in _rthread_start (v=<optimized out>)
at /usr/src/lib/librthread/rthread.c:96
#19 0x00000fe608230e8a in __tfork_thread ()
at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:84
#+end_src
> I don't rule out that I'm doing something stupid, though I must admit that
> I'm not sure what that might be!
>
>
> Laurie
