Summary: | ShowFoto crash while saving PNG | ||
---|---|---|---|
Product: | [Applications] digikam | Reporter: | dilnix <dilnix> |
Component: | Plugin-DImg-PNG | Assignee: | Digikam Developers <digikam-bugs-null> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | caulier.gilles, kevin.kofler, nucleo, rdieter, vivo75+kde |
Priority: | NOR | ||
Version: | 2.6.0 | ||
Target Milestone: | --- | ||
Platform: | Fedora RPMs | ||
OS: | Linux | ||
Latest Commit: | http://commits.kde.org/digikam/6c1db4afb98e1718fa237c6310170b5980d4af81 | Version Fixed In: | 2.6.0 |
Sentry Crash Report: | |||
Attachments: |
result of command "locate libqt >> libqt.txt"
result of command "locate libkde >> libkde.txt" |
Description
dilnix
2012-05-12 15:22:00 UTC
It crash indeep into KDELibs/Qt. Sound like a binary compatibilty issue on your computer. Please check is libqt and libkdelibs are updated properly... Gilles Caulier Created attachment 71049 [details]
result of command "locate libqt >> libqt.txt"
searching libqt...
Created attachment 71050 [details]
result of command "locate libkde >> libkde.txt"
searching libkde
Ok. My system is always updated. Updates checking proceeds every day. So: kdelibs-4.8.3-1.fc17.i686 is installed and i made some attachments about searching libqt & libkde What's about digiKam ? Your crash sound abnormal. I suspect something not recompiled. Do you install digiKam & co by a package or a compilation done by you ? Gilles I have all the system installed from original repos & rpmfusion repos... so all software including digiKam is installed from RPM packages. Only one program installed by "autopackage" project, it is Xara Xtreme DL. I have digikam-2.6.0-0.4.beta3.fc17.1.i686 from Fedora repos... I suspect a problem with digiKam package compiled. Can you try to compile yoursef wholde digiKam & co source code ? Gilles Caulier I did not ever made compiling any program from source... I can try to do it if you give me instructions. I see you made post about 2.6.0 RC on off.site. Maybe if I try to install it (cause i have beta3) so that problem can be resolved? Maybe i can install it even from RPM??? Or it has no bearing on the case? Take a look here : http://www.digikam.org/drupal/download/GIT Gilles Caulier Ok, i will try to do it so tomorrow... because i'm in Ukraine & we having 00:26am now... so i going to sleep. Have a good dreams! 2012/5/13 Gilles Caulier <caulier.gilles@gmail.com> > https://bugs.kde.org/show_bug.cgi?id=299886 > > --- Comment #9 from Gilles Caulier <caulier.gilles@gmail.com> --- > Take a look here : > > http://www.digikam.org/drupal/download/GIT > > Gilles Caulier > > -- > You are receiving this mail because: > You reported the bug. > digikam-2.6.0-rc is in Fedora 17 updates-testing. you can install it with 'yum --enablerepo updates-testing update digikam\* kipi-plugins\* libkface libkgeomap libkvkontakte libmediawiki' (In reply to comment #1) > It crash indeep into KDELibs/Qt. Sound like a binary compatibilty issue on > your computer. Please check is libqt and libkdelibs are updated properly... > > Gilles Caulier This is impossible for Fedora packages. digikam package have necessary requirements for KDE libs used at build time: Requires: kdebase-runtime%{?_kde4_version: >= %{_kde4_version}} I have tried to install RC from updates-testing repo and made check. Tried to crop and save PNG in various situations. So, when i opened only one file at the time by showFoto -> no problems. But when i opened few files at the time and tried to crop and save one of them -> showFoto have been crashed. & I found some new bug in digiKam... when i tried to rotate some JPG, it comes hanging... i tried to wait some 5 minutes & then exit digiKam... he said "finishing tasks"... i chosed to Finish & it crashed I made new bug report for it (Bug 299917) ...if it's important I can build digiKam from source and then test... Crash happen only with PNG files ? Note that i use everyday PNG in my workflow with any problem. Which libpng you use ? Do you updated it recently ? Gilles Caulier *** Bug 299917 has been marked as a duplicate of this bug. *** (In reply to comment #14) > Crash happen only with PNG files ? Note that i use everyday PNG in my > workflow with any problem. > > Which libpng you use ? Do you updated it recently ? > > Gilles Caulier libpng-1.5.10 used in Fedora 17, it has not been updated recently. (In reply to comment #16) > (In reply to comment #14) > > Crash happen only with PNG files ? Note that i use everyday PNG in my > > workflow with any problem. > > > > Which libpng you use ? Do you updated it recently ? > > > > Gilles Caulier > > libpng-1.5.10 used in Fedora 17, it has not been updated recently. Thats right... i have installed libpng-1.5.10 now. So what me to do? Delete digiKam that is from repo and install anew from source? (In reply to comment #17) > So what me to do? Delete digiKam that is from repo and install anew from > source? No sense to do that until bug not fixed. When fix will be available it will be backported in fedora package. *** Bug 300066 has been marked as a duplicate of this bug. *** $ valgrind showfoto ==1597== Memcheck, a memory error detector ==1597== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==1597== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==1597== Command: showfoto ==1597== libdc1394 error: Failed to initialize libdc1394 ==1597== Invalid read of size 8 ==1597== at 0x543666F: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x5633B5C: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563DFCB: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x55B73CF: QPainter::drawPixmap(QRectF const&, QPixmap const&, QRectF const&) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x577D5FE: QStyle::drawItemPixmap(QPainter*, QRect const&, int, QPixmap const&) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xF: ??? ==1597== Address 0x117c9f20 is 8 bytes before a block of size 1,024 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550E667: QImage::convertToFormat(QImage::Format, QFlags<Qt::ImageConversionFlag>) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x553793E: QRasterPixmapData::createPixmapForImage(QImage&, QFlags<Qt::ImageConversionFlag>, bool) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x1101: ??? ==1597== ==1597== Invalid read of size 8 ==1597== at 0x5436910: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x5633B5C: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563DFCB: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x55B73CF: QPainter::drawPixmap(QRectF const&, QPixmap const&, QRectF const&) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x577D5FE: QStyle::drawItemPixmap(QPainter*, QRect const&, int, QPixmap const&) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xF: ??? ==1597== Address 0x117ca328 is 0 bytes after a block of size 1,024 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550E667: QImage::convertToFormat(QImage::Format, QFlags<Qt::ImageConversionFlag>) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x553793E: QRasterPixmapData::createPixmapForImage(QImage&, QFlags<Qt::ImageConversionFlag>, bool) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x1101: ??? ==1597== ==1597== Invalid read of size 8 ==1597== at 0x54366D0: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563200F: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== Address 0x11069458 is 0 bytes after a block of size 1,024 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550E667: QImage::convertToFormat(QImage::Format, QFlags<Qt::ImageConversionFlag>) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x553793E: QRasterPixmapData::createPixmapForImage(QImage&, QFlags<Qt::ImageConversionFlag>, bool) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xBEC852BF: ??? ==1597== ==1597== Invalid read of size 8 ==1597== at 0x54366D0: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x5633B5C: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563DFCB: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x55B73CF: QPainter::drawPixmap(QRectF const&, QPixmap const&, QRectF const&) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x577D5FE: QStyle::drawItemPixmap(QPainter*, QRect const&, int, QPixmap const&) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xF: ??? ==1597== Address 0x118b78f8 is 0 bytes after a block of size 1,024 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550E667: QImage::convertToFormat(QImage::Format, QFlags<Qt::ImageConversionFlag>) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x553793E: QRasterPixmapData::createPixmapForImage(QImage&, QFlags<Qt::ImageConversionFlag>, bool) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x1101: ??? ==1597== Adding device "/org/freedesktop/UDisks2/Manager" Adding device "/org/freedesktop/UDisks2/block_devices/loop0" Adding device "/org/freedesktop/UDisks2/block_devices/loop1" Adding device "/org/freedesktop/UDisks2/block_devices/loop2" Adding device "/org/freedesktop/UDisks2/block_devices/loop3" Adding device "/org/freedesktop/UDisks2/block_devices/loop4" Adding device "/org/freedesktop/UDisks2/block_devices/loop5" Adding device "/org/freedesktop/UDisks2/block_devices/loop6" Adding device "/org/freedesktop/UDisks2/block_devices/loop7" Adding device "/org/freedesktop/UDisks2/block_devices/sda" Adding device "/org/freedesktop/UDisks2/block_devices/sda1" Adding device "/org/freedesktop/UDisks2/block_devices/sda2" Adding device "/org/freedesktop/UDisks2/block_devices/sr0" Adding device "/org/freedesktop/UDisks2/drives/VMware_Virtual_IDE_CDROM_Drive_10000000000000000001" Adding device "/org/freedesktop/UDisks2/drives/VMware_Virtual_IDE_Hard_Drive_00000000000000000001" ==1597== Thread 5: ==1597== Conditional jump or move depends on uninitialised value(s) ==1597== at 0x10D40E0E: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x10D42601: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x5517880: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xFD0C9BF: ??? ==1597== ==1597== Thread 1: ==1597== Invalid read of size 8 ==1597== at 0x543666F: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563200F: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== Address 0x110e20a0 is 8 bytes before a block of size 1,764 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x1194FFFF: ??? ==1597== ==1597== Invalid read of size 8 ==1597== at 0x5436910: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563200F: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== Address 0x110e2788 is 1,760 bytes inside a block of size 1,764 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x1194FFFF: ??? ==1597== ==1597== Thread 5: ==1597== Conditional jump or move depends on uninitialised value(s) ==1597== at 0x10D40E0E: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x10D42601: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x5517880: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xDC96407: ??? ==1597== ==1597== Conditional jump or move depends on uninitialised value(s) ==1597== at 0x10D40E0E: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x10D42601: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x5517880: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xF5E709F: ??? ==1597== ==1597== Thread 6: ==1597== Conditional jump or move depends on uninitialised value(s) ==1597== at 0x10D40E0E: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x10D42601: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x5517880: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x108F1E6F: ??? ==1597== ==1597== Thread 1: ==1597== Invalid write of size 4 ==1597== at 0x402CD64: memmove (mc_replace_strmem.c:981) ==1597== by 0x4A3AEEE: cmsGetHeaderProfileID (string3.h:58) ==1597== by 0xBEC847F7: ??? ==1597== Address 0x133b2864 is 11 bytes after a block of size 1 alloc'd ==1597== at 0x4029B55: operator new(unsigned int) (vg_replace_malloc.c:282) ==1597== by 0x41A0A02: dkCmsTakeProfileID(void*) (digikam-lcms.cpp:494) ==1597== by 0xBEC847F7: ??? ==1597== ==1597== Thread 5: ==1597== Conditional jump or move depends on uninitialised value(s) ==1597== at 0x10D40E0E: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x10D42601: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x5517880: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xFDB5F3F: ??? ==1597== ==1597== ==1597== HEAP SUMMARY: ==1597== in use at exit: 1,184,325 bytes in 10,228 blocks ==1597== total heap usage: 1,709,690 allocs, 1,699,462 frees, 246,538,858 bytes allocated ==1597== ==1597== LEAK SUMMARY: ==1597== definitely lost: 14,535 bytes in 107 blocks ==1597== indirectly lost: 544,654 bytes in 3,284 blocks ==1597== possibly lost: 252,436 bytes in 905 blocks ==1597== still reachable: 372,700 bytes in 5,932 blocks ==1597== suppressed: 0 bytes in 0 blocks ==1597== Rerun with --leak-check=full to see details of leaked memory ==1597== ==1597== For counts of detected and suppressed errors, rerun with: -v ==1597== Use --track-origins=yes to see where uninitialised values come from ==1597== ERROR SUMMARY: 434 errors from 12 contexts (suppressed: 2 from 1) Note that we switched to lcms2. digikam-lcms.cpp:494 is probably the line around which to look for the error. Not sure that lcms2 can be the problem : ==1597== Thread 1: ==1597== Invalid write of size 4 ==1597== at 0x402CD64: memmove (mc_replace_strmem.c:981) ==1597== by 0x4A3AEEE: cmsGetHeaderProfileID (string3.h:58) ==1597== by 0xBEC847F7: ??? ==1597== Address 0x133b2864 is 11 bytes after a block of size 1 alloc'd ==1597== at 0x4029B55: operator new(unsigned int) (vg_replace_malloc.c:282) ==1597== by 0x41A0A02: dkCmsTakeProfileID(void*) (digikam-lcms.cpp:494) ==1597== by 0xBEC847F7: ??? https://projects.kde.org/projects/extragear/graphics/digikam/repository/revisions/master/entry/libs/dklcms/digikam-lcms.cpp#L494 but as you can see in the code, it just a memory allocation through new operator... Other parts from your trace show a KDELibs corruption into kimg_pic.so and other from QImage... Just to test, can you switch to lcms1 ? Gilles Caulier The linked location is exactly the source of the error. You're allocating a single cmsUInt8Number (a single byte!) with new, then you're passing it to cmsGetHeaderProfileID, which clearly expects a whole array of cmsUInt8Number (it's writing to byte 12, i.e. the thirteenth byte, of what it thinks is an array of cmsUInt8Number). So this needs at least a cmsUInt8Number[13], please check the documentation for how big the array really needs to be. So, the profile ID is an MD5, it also says "7.2.18 Profile ID field (Bytes 84 to 99)". This means you need to allocate a cmsUInt8Number[16], which is also what e.g. http://mail.gnome.org/archives/commits-list/2011-April/msg04234.html does. (And the Valgrind log also says that, because the write at byte 12 is of size 4, and there are no further offending writes.) confirmed that's what the lcms2 api docs say (in essence): cmsProfileID (union): cmsUInt8Number ID8[16]; cmsUInt16Number ID16[8]; cmsUInt32Number ID32[4]; mine (In reply to comment #23) > Just to test, can you switch to lcms1 ? Showfoto built agains lcms1 looks more stable with limited number of tests. probably you know but the plan was to leave lcms2 as an option for this release, switch to lcms2 default next and remove lcms1 the one even after. While we do apreciate greatly more testing on lcms2, maybe it's advisable to stay on lcms1 for now, since it's not so well tested, unless obviously lcms1 has been removed in fedora repo. (However I'm using lcms2 and never triggered this bug) rgds, Francesco R. Well, I'd rather we fix the issues with lcms2 rather than switching back to the deprecated lcms 1. This particular buffer overflow is trivial to fix, just allocate the correct amount of memory.
> (However I'm using lcms2 and never triggered this bug)
You just didn't notice. This overflow always happens, but it doesn't always trigger a crash.
Git commit 6c1db4afb98e1718fa237c6310170b5980d4af81 by Francesco Riosa. Committed on 16/05/2012 at 00:09. Pushed by riosa into branch 'master'. dkCmsTakeProfileID allocate right size Thanks Kevin Kofler and Nucleo(Fedora) for squashing it. M +1 -1 libs/dklcms/digikam-lcms.cpp http://commits.kde.org/digikam/6c1db4afb98e1718fa237c6310170b5980d4af81 Gilles I've tested only with lcms2, but lcms1 was not involved, also I've searched briefly for other similar bugs maybe for the early morning coding of that piece but there aren't evident ones. Kevin, nucleo thanks again, if problem arise in lcms2 code feel free to assign to me (if bugzilla permit it, dunno) digikam-2.6.0-0.9.rc.fc17 with fix from Comment 31 pushed to Fedora 17 updates-testing repository (may need some time for mirrors synchronization). Please test it. You can install it with 'yum --enablerepo updates-testing update digikam\* kipi-plugins\* libkface libkgeomap libkvkontakte libmediawiki' (In reply to comment #33) > digikam-2.6.0-0.9.rc.fc17 with fix from Comment 31 pushed to Fedora 17 > updates-testing repository (may need some time for mirrors synchronization). > Please test it. You can install it with > 'yum --enablerepo updates-testing update digikam\* kipi-plugins\* libkface > libkgeomap libkvkontakte libmediawiki' Thank you! Since digiKam updated there is no any problem. Nice to use stable app =) |