Version: 1.5.2 (using KDE 3.5.5, Kubuntu (edgy) 4:3.5.5-0ubuntu3) Compiler: Target: i486-linux-gnu OS: Linux (i686) release 2.6.17-10-386 (no debugging symbols found) Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". (no debugging symbols found) (no debugging symbols found) ... (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1232410960 (LWP 7090)] (no debugging symbols found) (no debugging symbols found) ... (no debugging symbols found) (no debugging symbols found) [KCrash handler] #6 0x00000000 in ?? () #7 0xb67fad2c in KoDocument::autoSaveFile () from /usr/lib/libkofficecore.so.3 #8 0xb67fb46b in KoDocument::removeAutoSaveFiles () from /usr/lib/libkofficecore.so.3 #9 0xb681ee1a in KoDocument::saveFile () from /usr/lib/libkofficecore.so.3 #10 0xb7f00d74 in KParts::ReadWritePart::save () from /usr/lib/libkparts.so.2 #11 0xb7f0719c in KParts::ReadWritePart::saveAs () from /usr/lib/libkparts.so.2 #12 0xb6820a23 in KoMainWindow::saveDocument () from /usr/lib/libkofficecore.so.3 #13 0xb67b66fd in KoMainWindow::slotFileSaveAs () from /usr/lib/libkofficecore.so.3 #14 0xb68125bb in KoMainWindow::qt_invoke () from /usr/lib/libkofficecore.so.3 #15 0xb723d957 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #16 0xb723e3fc in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #17 0xb6c863b9 in KAction::activated () from /usr/lib/libkdeui.so.4 #18 0xb6cc3c02 in KAction::slotActivated () from /usr/lib/libkdeui.so.4 #19 0xb6d8c29d in KAction::slotPopupActivated () from /usr/lib/libkdeui.so.4 #20 0xb6d8c561 in KAction::qt_invoke () from /usr/lib/libkdeui.so.4 #21 0xb723d957 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #22 0xb75c9f44 in QSignal::signal () from /usr/lib/libqt-mt.so.3 #23 0xb725d8ea in QSignal::activate () from /usr/lib/libqt-mt.so.3 #24 0xb7363fd3 in QPopupMenu::mouseReleaseEvent () from /usr/lib/libqt-mt.so.3 #25 0xb6c8f3ce in KPopupMenu::mouseReleaseEvent () from /usr/lib/libkdeui.so.4 #26 0xb7274729 in QWidget::event () from /usr/lib/libqt-mt.so.3 #27 0xb71d4b88 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3 #28 0xb71d6d46 in QApplication::notify () from /usr/lib/libqt-mt.so.3 #29 0xb78cadb2 in KApplication::notify () from /usr/lib/libkdecore.so.4 #30 0xb71673fd in QApplication::sendSpontaneousEvent () from /usr/lib/libqt-mt.so.3 #31 0xb7165d3f in QETWidget::translateMouseEvent () from /usr/lib/libqt-mt.so.3 #32 0xb716414c in QApplication::x11ProcessEvent () from /usr/lib/libqt-mt.so.3 #33 0xb717b320 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3 #34 0xb71ef25e in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3 #35 0xb71ef06e in QEventLoop::exec () from /usr/lib/libqt-mt.so.3 #36 0xb71d6731 in QApplication::exec () from /usr/lib/libqt-mt.so.3 #37 0xb7f250e4 in kdemain () from /usr/lib/libkdeinit_krita.so #38 0xb7f2750c in kdeinitmain () from /usr/lib/kde3/krita.so #39 0x0804e4df in ?? () #40 0x00000001 in ?? () #41 0x080ba988 in ?? () #42 0x00000001 in ?? () #43 0x00000000 in ?? ()
I can reproduce, and I change the summary to be more precise to the crash.
I'm suspecting a bug in graphicsmagick here, judging from the valgrind output: ==28765== ==28765== Invalid free() / delete / delete[] ==28765== at 0x4020FB0: free (vg_replace_malloc.c:233) ==28765== by 0xC21131C: DestroyImage (image.c:2386) ==28765== by 0xC18B351: KisImageMagickConverter::buildFile(KURL const&, KSharedPtr<KisPaintLayer>, KSharedPtr<KisAnnotation>*, KSharedPtr<KisAnnotation>*) (kis_image_magick_converter.cc:910) ==28765== by 0xC185F09: MagickExport::convert(QCString const&, QCString const&) (magickexport.cpp:71) ==28765== by 0x40CC989: KoFilterChain::ChainLink::invokeFilter(KoFilterChain::ChainLink const*) (KoFilterChain.cpp:66) ==28765== by 0x40CCB73: KoFilterChain::invokeChain() (KoFilterChain.cpp:165) ==28765== by 0x40B31D1: KoFilterManager::exp0rt(QString const&, QCString&) (KoFilterManager.cpp:302) ==28765== by 0x40A72EC: KoDocument::saveFile() (KoDocument.cpp:415) ==28765== by 0x4278D73: KParts::ReadWritePart::save() (in /usr/lib/libkparts.so.2.1.0) ==28765== by 0x40BDB08: KoMainWindow::saveDocument(bool, bool) (KoMainWindow.cpp:936) ==28765== by 0x40B7C7F: KoMainWindow::slotFileSave() (KoMainWindow.cpp:1133) ==28765== by 0x40C07F5: KoMainWindow::qt_invoke(int, QUObject*) (KoMainWindow.moc:178) ==28765== Address 0xA59CD10 is 0 bytes inside a block of size 6,876 free'd ==28765== at 0x4020FB0: free (vg_replace_malloc.c:233) ==28765== by 0xC21131C: DestroyImage (image.c:2386) ==28765== by 0xC18B351: KisImageMagickConverter::buildFile(KURL const&, KSharedPtr<KisPaintLayer>, KSharedPtr<KisAnnotation>*, KSharedPtr<KisAnnotation>*) (kis_image_magick_converter.cc:910) ==28765== by 0xC185F09: MagickExport::convert(QCString const&, QCString const&) (magickexport.cpp:71) ==28765== by 0x40CC989: KoFilterChain::ChainLink::invokeFilter(KoFilterChain::ChainLink const*) (KoFilterChain.cpp:66) ==28765== by 0x40CCB73: FilterChain::invokeChain() (KoFilterChain.cpp:165) ==28765== by 0x40B31D1: KoFilterManager::exp0rt(QString const&, QCString&) (KoFilterManager.cpp:302) ==28765== by 0x40A72EC: KoDocument::saveFile() (KoDocument.cpp:415) ==28765== by 0x4278D73: KParts::ReadWritePart::save() (in /usr/lib/libkparts.so.2.1.0) ==28765== by 0x427F19B: KParts::ReadWritePart::saveAs(KURL const&) (in /usr/lib/libkparts.so.2.1.0) ==28765== by 0x40BD887: KoMainWindow::saveDocument(bool, bool) (KoMainWindow.cpp:892) ==28765== by 0x40B7C33: KoMainWindow::slotFileSaveAs() (KoMainWindow.cpp:1139) Or maybe we set the image's generic_profile wrongly. It's this code in GraphicsMagick: if (image->generic_profile[i].length != 0) MagickFreeMemory(image->generic_profile[i].info);
SVN commit 621853 by berger: forward port: fix crashing when saving twice an image throught graphicsmagick filter CCBUG:137847 M +3 -1 kis_image_magick_converter.cc --- trunk/koffice/filters/krita/gmagick/kis_image_magick_converter.cc #621852:621853 @@ -289,8 +289,10 @@ kDebug(41008) << "Storing of attribute " << (*it) -> type() << "failed!\n"; } } else { // Profile + unsigned char * profiledata = new unsigned char[(*it) -> annotation() . size()]; + memcpy( profiledata, (*it) -> annotation() . data(), (*it) -> annotation() . size()); if (!ProfileImage(dst, (*it) -> type().ascii(), - (unsigned char*)(*it) -> annotation() . data(), + profiledata, (*it) -> annotation() . size(), MagickFalse)) { kDebug(41008) << "Storing failed!" << endl; }
SVN commit 621854 by berger: fix crashing when saving twice an image throught graphicsmagick filter BUG:137847 M +3 -2 kis_image_magick_converter.cc --- branches/koffice/1.6/koffice/filters/krita/gmagick/kis_image_magick_converter.cc #621853:621854 @@ -289,9 +289,10 @@ kdDebug(41008) << "Storing of attribute " << (*it) -> type() << "failed!\n"; } } else { // Profile + unsigned char * profiledata = new unsigned char[(*it) -> annotation() . size()]; + memcpy( profiledata, (*it) -> annotation() . data(), (*it) -> annotation() . size()); if (!ProfileImage(dst, (*it) -> type().ascii(), - (unsigned char*)(*it) -> annotation() . data(), - (*it) -> annotation() . size(), MagickFalse)) { + profiledata, (*it) -> annotation() . size(), MagickFalse)) { kdDebug(41008) << "Storing failed!" << endl; } }
You need to log in before you can comment on or make changes to this bug.
KDE Bug Tracking System
KDE Bug Tracking System 