Summary: | digiKam crashes when applying Restoration on a PNG picture | ||
---|---|---|---|
Product: | [Applications] digikam | Reporter: | Theo Widmer <theowidmer> |
Component: | Plugin-Editor-Restoration | Assignee: | Digikam Developers <digikam-bugs-null> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | axel.krebs, caulier.gilles, marcel.wiesweg, philip.johnsson |
Priority: | NOR | ||
Version: | 2.6.0 | ||
Target Milestone: | --- | ||
Platform: | Debian unstable | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | 2.9.0 |
Description
Theo Widmer
2012-07-06 18:04:03 UTC
*** Bug 301526 has been marked as a duplicate of this bug. *** Marcel, I can reproduce the crash here. Whithout to change any settings in Restortation filter config, let's filter processing image until end, and at 99% it crash : (gdb) bt #0 0xffffe424 in __kernel_vsyscall () #1 0xb497da7f in raise () from /lib/i686/libc.so.6 #2 0xb497f4a5 in abort () from /lib/i686/libc.so.6 #3 0xb49b733a in __libc_message () from /lib/i686/libc.so.6 #4 0xb49bdbe2 in malloc_printerr () from /lib/i686/libc.so.6 #5 0xb49bf832 in _int_malloc () from /lib/i686/libc.so.6 #6 0xb49c150c in malloc () from /lib/i686/libc.so.6 #7 0xb4df3e7b in qMalloc(unsigned int) () from /usr/lib/libQtCore.so.4 #8 0xb4f260b3 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4 #9 0xb6dda050 in Digikam::DImgThreadedFilter::finished (this=0xb343fe8, _t1=true) at /mnt/data/Devel/GIT/2.x/build/core/digikam/dimgthreadedfilter.moc:117 #10 0xb6ddab03 in Digikam::DImgThreadedFilter::startFilterDirectly (this=0xb343fe8) at /mnt/data/Devel/GIT/2.x/core/libs/dimg/filters/dimgthreadedfilter.cpp:199 #11 0xb6ddacb0 in Digikam::DImgThreadedFilter::run (this=0xb343fe8) at /mnt/data/Devel/GIT/2.x/core/libs/dimg/filters/dimgthreadedfilter.cpp:210 #12 0xb6f83d98 in Digikam::DynamicThread::DynamicThreadPriv::run (this=0xb4921d8) at /mnt/data/Devel/GIT/2.x/core/libs/threads/dynamicthread.cpp:186 #13 0xb4dee45b in ?? () from /usr/lib/libQtCore.so.4 #14 0xb4dfbb60 in ?? () from /usr/lib/libQtCore.so.4 #15 0xb4d7fa37 in start_thread () from /lib/i686/libpthread.so.0 #16 0xb4a2598e in clone () from /lib/i686/libc.so.6 Backtrace stopped: Not enough registers or memory available to unwind further (gdb) It sound like it try to emit finished() signal and end through dimgthreadedfilter.cpp:199. Perhaps filter instance is go out quickly from memory ? Gilles Caulier #4 0xb49bdbe2 in malloc_printerr () from /lib/i686/libc.so.6 #5 0xb49bf832 in _int_malloc () from /lib/i686/libc.so.6 #6 0xb49c150c in malloc () from /lib/i686/libc.so.6 Seems libc/malloc detects memory corruption and aborts. Maybe valgrind can point to the root of the problem (probably unrelated location) ok, as i can reproduce the problem, tomorrow morning i will run digiKam through Valgrind and get a backtrace... MArcel, On my home computer, i can get a valgrind backtrace : ==3687== Conditional jump or move depends on uninitialised value(s) ==3687== at 0xD7CB579: sin (in /lib64/libm-2.14.1.so) ==3687== by 0x7C0FA06: cimg_library::CImg<float> const& cimg_library::CImg<float>::eigen<float>(cimg_library::CImg<float>&, cimg_library::CImg<float>&) const (CImg.h:27384) ==3687== by 0x7C05BA1: cimg_library::CImg<float> const& cimg_library::CImg<float>::symmetric_eigen<float>(cimg_library::CImg<float>&, cimg_library::CImg<float>&) const (CImg.h:27434) ==3687== by 0x7BFD94D: cimg_library::CImg<float>& cimg_library::CImg<float>::blur_anisotropic<unsigned char>(cimg_library::CImg<unsigned char> const&, float, float, float, float, float, float, float, float, unsigned int, bool, float) (CImg.h:25545) ==3687== by 0x7BC8050: cimg_library::CImg<float>::greycstoration_thread(void*) (greycstoration.h:428) ==3687== by 0xCD1CB98: start_thread (in /lib64/libpthread-2.14.1.so) ==3687== by 0xDD200CC: clone (in /lib64/libc-2.14.1.so) ==3687== ==3687== Conditional jump or move depends on uninitialised value(s) ==3687== at 0xD7ECC60: ??? (in /lib64/libm-2.14.1.so) ==3687== by 0xD7CBA49: cos (in /lib64/libm-2.14.1.so) ==3687== by 0x7C0F9C9: cimg_library::CImg<float> const& cimg_library::CImg<float>::eigen<float>(cimg_library::CImg<float>&, cimg_library::CImg<float>&) const (CImg.h:27383) ==3687== by 0x7C05BA1: cimg_library::CImg<float> const& cimg_library::CImg<float>::symmetric_eigen<float>(cimg_library::CImg<float>&, cimg_library::CImg<float>&) const (CImg.h:27434) ==3687== by 0x7BFD94D: cimg_library::CImg<float>& cimg_library::CImg<float>::blur_anisotropic<unsigned char>(cimg_library::CImg<unsigned char> const&, float, float, float, float, float, float, float, float, unsigned int, bool, float) (CImg.h:25545) ==3687== by 0x7BC8050: cimg_library::CImg<float>::greycstoration_thread(void*) (greycstoration.h:428) ==3687== by 0xCD1CB98: start_thread (in /lib64/libpthread-2.14.1.so) ==3687== by 0xDD200CC: clone (in /lib64/libc-2.14.1.so) ==3687== ... ==3687== ==3687== Conditional jump or move depends on uninitialised value(s) ==3687== at 0x7C0DF9F: cimg_library::CImg<float>& cimg_library::CImg<float>::blur_anisotropic<float>(cimg_library::CImg<float> const&, float, float, float, float, unsigned int, bool) (CImg.h:25470) ==3687== by 0x7BFDD12: cimg_library::CImg<float>& cimg_library::CImg<float>::blur_anisotropic<unsigned char>(cimg_library::CImg<unsigned char> const&, float, float, float, float, float, float, float, float, unsigned int, bool, float) (CImg.h:25558) ==3687== by 0x7BC8050: cimg_library::CImg<float>::greycstoration_thread(void*) (greycstoration.h:428) ==3687== by 0xCD1CB98: start_thread (in /lib64/libpthread-2.14.1.so) ==3687== by 0xDD200CC: clone (in /lib64/libc-2.14.1.so) ==3687== ==3687== Thread 8: ==3687== Invalid write of size 1 ==3687== at 0x7BC8389: cimg_library::CImg<float>::greycstoration_thread(void*) (greycstoration.h:457) ==3687== by 0xCD1CB98: start_thread (in /lib64/libpthread-2.14.1.so) ==3687== by 0xDD200CC: clone (in /lib64/libc-2.14.1.so) ==3687== Address 0x295de690 is 0 bytes inside a block of size 1 free'd ==3687== at 0x4C2572C: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==3687== by 0x7BC8254: cimg_library::CImg<float>::greycstoration_thread(void*) (greycstoration.h:448) ==3687== by 0xCD1CB98: start_thread (in /lib64/libpthread-2.14.1.so) ==3687== by 0xDD200CC: clone (in /lib64/libc-2.14.1.so) This is when i press TRY button on editor. Rendering is done. No crash into valgrind... Gilles Marcel, This is the valgrind result on home computer when i press Apply button on Restoration tool : digikam(3687)/digikam (core) Digikam::GreycstorationFilter::filterImage: Finalization... digikam(3687)/digikam (core) Digikam::EditorToolThreaded::slotFilterFinished: Preview "Restoration" completed... digikam(3687)/digikam (core) Digikam::EditorToolThreaded::slotOk: Final "Restoration" started... digikam(3687)/digikam (core) Digikam::GreycstorationFilter::filterImage: Initialization... digikam(3687)/digikam (core) Digikam::GreycstorationFilter::filterImage: Process Computation... ==3687== Conditional jump or move depends on uninitialised value(s) ==3687== at 0xD7C9FBE: sin (in /lib64/libm-2.14.1.so) ==3687== by 0x7C0FA06: cimg_library::CImg<float> const& cimg_library::CImg<float>::eigen<float>(cimg_library::CImg<float>&, cimg_library::CImg<float>&) const (CImg.h:27384) ==3687== by 0x7C05BA1: cimg_library::CImg<float> const& cimg_library::CImg<float>::symmetric_eigen<float>(cimg_library::CImg<float>&, cimg_library::CImg<float>&) const (CImg.h:27434) ==3687== by 0x7BFD94D: cimg_library::CImg<float>& cimg_library::CImg<float>::blur_anisotropic<unsigned char>(cimg_library::CImg<unsigned char> const&, float, float, float, float, float, float, float, float, unsigned int, bool, float) (CImg.h:25545) ==3687== by 0x7BC8050: cimg_library::CImg<float>::greycstoration_thread(void*) (greycstoration.h:428) ==3687== by 0xCD1CB98: start_thread (in /lib64/libpthread-2.14.1.so) ==3687== by 0xDD200CC: clone (in /lib64/libc-2.14.1.so) ==3687== ==3687== Conditional jump or move depends on uninitialised value(s) ==3687== at 0xD7CC72B: cos (in /lib64/libm-2.14.1.so) ==3687== by 0x7C0F9C9: cimg_library::CImg<float> const& cimg_library::CImg<float>::eigen<float>(cimg_library::CImg<float>&, cimg_library::CImg<float>&) const (CImg.h:27383) ==3687== by 0x7C05BA1: cimg_library::CImg<float> const& cimg_library::CImg<float>::symmetric_eigen<float>(cimg_library::CImg<float>&, cimg_library::CImg<float>&) const (CImg.h:27434) ==3687== by 0x7BFD94D: cimg_library::CImg<float>& cimg_library::CImg<float>::blur_anisotropic<unsigned char>(cimg_library::CImg<unsigned char> const&, float, float, float, float, float, float, float, float, unsigned int, bool, float) (CImg.h:25545) ==3687== by 0x7BC8050: cimg_library::CImg<float>::greycstoration_thread(void*) (greycstoration.h:428) ==3687== by 0xCD1CB98: start_thread (in /lib64/libpthread-2.14.1.so) ==3687== by 0xDD200CC: clone (in /lib64/libc-2.14.1.so) ==3687== ==3687== Thread 5: ==3687== Invalid read of size 8 ==3687== at 0x7BC6F64: cimg_library::CImg<float>::greycstoration_progress() const (greycstoration.h:136) ==3687== by 0x7BC3FCE: Digikam::GreycstorationFilter::iterationLoop(unsigned int) (greycstorationfilter.cpp:482) ==3687== by 0x7BC37AB: Digikam::GreycstorationFilter::restoration() (greycstorationfilter.cpp:344) ==3687== by 0x7BC319D: Digikam::GreycstorationFilter::filterImage() (greycstorationfilter.cpp:248) ==3687== by 0x7B01751: Digikam::DImgThreadedFilter::startFilterDirectly() (dimgthreadedfilter.cpp:189) ==3687== by 0x7B01910: Digikam::DImgThreadedFilter::run() (dimgthreadedfilter.cpp:210) ==3687== by 0x7CB421B: Digikam::DynamicThread::DynamicThreadPriv::run() (dynamicthread.cpp:186) ==3687== by 0xC8B34A1: ??? (in /usr/lib64/libQtCore.so.4.8.2) ==3687== by 0xC8BFC3A: ??? (in /usr/lib64/libQtCore.so.4.8.2) ==3687== by 0xCD1CB98: start_thread (in /lib64/libpthread-2.14.1.so) ==3687== by 0xDD200CC: clone (in /lib64/libc-2.14.1.so) ==3687== Address 0x3c5fb610 is 0 bytes inside a block of size 8 free'd ==3687== at 0x4C2572C: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==3687== by 0x7BC81F6: cimg_library::CImg<float>::greycstoration_thread(void*) (greycstoration.h:446) ==3687== by 0xCD1CB98: start_thread (in /lib64/libpthread-2.14.1.so) ==3687== by 0xDD200CC: clone (in /lib64/libc-2.14.1.so) ==3687== ==3687== (action on error) vgdb me ... Gilles ==3687== Invalid write of size 1 ==3687== at 0x7BC8389: cimg_library::CImg<float>::greycstoration_thread(void*) (greycstoration.h:457) Look at the relevant code: if (p.stop_request) delete p.stop_request; [...] (*p.stop_request) = false; Already good for a crash, isn't it? ==3687== Invalid read of size 8 ==3687== at 0x7BC6F64: cimg_library::CImg<float>::greycstoration_progress() const (greycstoration.h:136) ==3687== by 0x7BC3FCE: Digikam::GreycstorationFilter::iterationLoop(unsigned int) (greycstorationfilter.cpp:482) if (!greycstoration_is_running()) return 0.0f; const unsigned long counter = greycstoration_params->counter?*(greycstoration_params->counter):0; Now the question is: is this thread-safe? Then we'd need to know about the place and time of destroying the counter. It's here: if (p.counter) delete p.counter; In a thread, without mutex lock! This whole threading here I dont really like, it's not clean. I will have a look for a fix. commit 7c1573a32020bc046c74d3dc1a346e4e97401bd3 Author: Marcel Wiesweg <marcel.wiesweg@gmx.de> Date: Mon Aug 27 21:55:40 2012 +0200 Rewrite the threading code for CImg using Qt classes and our own dynamic thread. Remove hacks and caveats which were probably associated with the old implementation missing some necessities. This needs testing. It does not crash and run smoothly, but i'm not sure the individual methods all do what they are supposed to do. Restauration seems to come to some sort of blur, inpainting - I'm not sure what it's supposed to do. Marcel, Restoration tool crash is fixed now with your commit. I tested with small and large image on 2 computers. Gilles Marcel, I think fixes to greystoration tool is not enough, or at least must be check with your last fix through this entry in bugzilla : https://bugs.kde.org/show_bug.cgi?id=304002 https://bugs.kde.org/show_bug.cgi?id=232926 Both are about Inpainting tool using GreyStoration algorithm. It's about 2.6.0 release, as this report. I'm not a specialist of this implementation. Restauration use vertex like mechanism to render and fix image. There is a lots of parameter to control algorithm. If you want to know about, look here : http://dlraw.sourceforge.net/GREYC/guide.shtml The mess is about Cimg, which become a image container with transform tools. greycstoration algorithm have been moved to a new dedicated lib named GMic. we need to port restoration tool to this library in the future... *** Bug 309857 has been marked as a duplicate of this bug. *** |