Bug 220310

Summary: KisConvolutionPainter crashes when called several times
Product: [Applications] krita Reporter: Dmitry Kazakov <dimula73>
Component: GeneralAssignee: Krita Bugs <krita-bugs-null>
Status: RESOLVED FIXED    
Severity: normal CC: halla
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Unspecified   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Dmitry Kazakov 2009-12-27 20:47:53 UTC 
Version:            (using KDE 4.3.1)

KisConvolutionPainter::applyMatrix returns empty paint device when some conditions are met (see source code for more). If we consequently apply it to such an empty device it'll crash in iterators.

Possible solutions:
1) applyMatrix always returns a result (not an empty device) or asserts
2) introduce some way of reporting faults

PS:
There is quite strange check:

if (areaSize.width() < kw || areaSize.height() < kh || ...) return;

I guess it should be removed as nevertheless we read outside of areaSize a couple of lines below.
Comment 1 Dmitry Kazakov 2009-12-27 21:08:58 UTC 
SVN commit 1066740 by dkazakov:

Workaround for consequent convolutions crash


FIXME: Implementation can return empty destination device
on faults and has no way to report this. This will cause a crash
on sequential convolutions inside iteratiors.

o implementation should do it's work or assert otherwise
  (or report the issue somehow)
o check other cases of the switch for the vulnerability

CCBUG:220310
CCMAIL:cberger@cberger.net


 M  +13 -1     kis_convolution_painter.cc  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1066740
Comment 2 Halla Rempt 2010-01-20 21:11:37 UTC 
What's the status of this bug? Can it already be closed?
Comment 3 Dmitry Kazakov 2010-01-20 21:21:30 UTC 
This is more a design problem of KisConvolutionPainter. I added it here for someone to fix this. I don't really know what to do with the problem.
Comment 4 Halla Rempt 2010-09-12 12:38:17 UTC 
Downgrade to normal, since we have a workaround.
Comment 5 Halla Rempt 2011-10-16 13:52:46 UTC 
if nobody knows, let's add a comment to the source code and close the bug.
Comment 6 Halla Rempt 2012-02-29 18:02:10 UTC 
Git commit 50d695fd5bf9f28ab5bc01cda3f7dbd1b8569d30 by Boudewijn Rempt.
Committed on 29/02/2012 at 13:37.
Pushed by rempt into branch 'master'.

Add a note about possible issues that need fixing

M  +7    -0    krita/image/kis_convolution_painter.h

http://commits.kde.org/calligra/50d695fd5bf9f28ab5bc01cda3f7dbd1b8569d30