Summary: | converting from 8u rgb to 32f rgb crashes in KisTIleData::allocData() | ||
---|---|---|---|
Product: | [Applications] krita | Reporter: | Halla Rempt <halla> |
Component: | Color models | Assignee: | Krita Bugs <krita-bugs-null> |
Status: | RESOLVED FIXED | ||
Severity: | crash | ||
Priority: | NOR | ||
Version: | git master (please specify the git hash!) | ||
Target Milestone: | --- | ||
Platform: | unspecified | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Halla Rempt
2012-11-04 08:55:31 UTC
It also happens when going from rgbu16 to rgbf16 -- and those have the same memory footprints. Hm, and memcheck crashes on this as well. krita(23246)/koffice (lib pigment) KoColorConversionSystem::createColorConverter: "RGBA" "sRGB built-in" krita(23246)/koffice (lib pigment) KoColorConversionSystem::createColorConverter: "RGBAF32" "scRGB (linear)" krita(23246)/koffice (lib pigment) KoColorConversionSystem::nodeFor: Look for node: "RGBA" "F32" "scRGB (linear)" krita(23246)/koffice (lib pigment) KoColorConversionSystem::nodeFor: Look for node: "RGBA" "F32" "scRGB (linear)" 0x1d28ebc0 krita(23246)/koffice (lib pigment) KoColorConversionSystem::nodeFor: Look for node: "RGBA" "U8" "sRGB built-in" krita(23246)/koffice (lib pigment) KoColorConversionSystem::nodeFor: Look for node: "RGBA" "U8" "sRGB built-in" 0x1cccff60 krita(23246)/koffice (lib pigment) KoColorConversionSystem::findBestPath: Find best path between "RGBA U8 sRGB built-in" and "RGBA F32 scRGB (linear)" krita(23246)/koffice (lib pigment) KoColorConversionSystem::createColorConverter: "RGBA" "sRGB built-in" krita(23246)/koffice (lib pigment) KoColorConversionSystem::createColorConverter: "RGBAF32" "scRGB (linear)" krita(23246)/koffice (lib pigment) KoColorConversionSystem::nodeFor: Look for node: "RGBA" "F32" "scRGB (linear)" krita(23246)/koffice (lib pigment) KoColorConversionSystem::nodeFor: Look for node: "RGBA" "F32" "scRGB (linear)" 0x1d28ebc0 krita(23246)/koffice (lib pigment) KoColorConversionSystem::nodeFor: Look for node: "RGBA" "U8" "sRGB built-in" krita(23246)/koffice (lib pigment) KoColorConversionSystem::nodeFor: Look for node: "RGBA" "U8" "sRGB built-in" 0x1cccff60 krita(23246)/koffice (lib pigment) KoColorConversionSystem::findBestPath: Find best path between "RGBA U8 sRGB built-in" and "RGBA F32 scRGB (linear)" ==23246== Invalid write of size 4 ==23246== at 0x3179904F: PackFloatFrom16 (cmspack.c:2377) ==23246== by 0x3179D2D0: PrecalculatedXFORM (cmsxform.c:221) ==23246== by 0x313D3D3C: KoLcmsColorConversionTransformation::transform(unsigned char const*, unsigned char*, int) const (IccColorSpaceEngine.cpp:82) ==23246== by 0x97B5DF0: KoColorSpace::convertPixelsTo(unsigned char const*, unsigned char*, KoColorSpace const*, unsigned int, KoColorConversionTransformation::Intent, QFlags<KoColorConversionTransformation::ConversionFlag>) const (KoColorSpace.cpp:247) ==23246== by 0x311D646C: KoColorSpaceAbstract<KoBgrU8Traits>::convertPixelsTo(unsigned char const*, unsigned char*, KoColorSpace const*, unsigned int, KoColorConversionTransformation::Intent, QFlags<KoColorConversionTransformation::ConversionFlag>) const (KoColorSpaceAbstract.h:203) ==23246== by 0x64719E9: KisPaintDevice::convertTo(KoColorSpace const*, KoColorConversionTransformation::Intent, QFlags<KoColorConversionTransformation::ConversionFlag>) (kis_paint_device.cc:599) ==23246== by 0x63BF4E3: KisColorSpaceConvertVisitor::convertPaintDevice(KisLayer*) (kis_colorspace_convert_visitor.cpp:115) ==23246== by 0x63C1D89: KisColorSpaceConvertVisitor::visit(KisGroupLayer*) (kis_colorspace_convert_visitor.cpp:56) ==23246== by 0x64267C1: KisImage::convertImageColorSpace(KoColorSpace const*, KoColorConversionTransformation::Intent, QFlags<KoColorConversionTransformation::ConversionFlag>) (kis_image.cc:707) ==23246== by 0x4261ADA1: ColorSpaceConversion::slotImageColorSpaceConversion() (colorspaceconversion.cc:108) ==23246== by 0x4261C7C7: _ZN20ColorSpaceConversion18qt_static_metacallEP7QObjectN11QMetaObject4CallEiPPv.part.8 (colorspaceconversion.moc:52) ==23246== by 0x55C039E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3556) ==23246== Address 0x49369f60 is 0 bytes after a block of size 65,536 alloc'd ==23246== at 0x4C2ABED: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==23246== by 0x62E7386: KisTileData::KisTileData(KisTileData const&, bool) (kis_tile_data.cc:121) ==23246== by 0x62E93B6: KisTileDataStore::duplicateTileData(KisTileData*) (kis_tile_data_store.cc:147) ==23246== by 0x62E5E80: KisTile::lockForWrite() (kis_tile_data.h:88) ==23246== by 0x63037CB: KisHLineIterator2::fetchTileDataForCache(KisHLineIterator2::KisTileInfo&, int, int) (kis_base_iterator.h:43) ==23246== by 0x630626C: KisHLineIterator2::KisHLineIterator2(KisDataManager*, int, int, int, int, int, bool) (kis_hline_iterator.cpp:59) ==23246== by 0x6470474: KisPaintDevice::createHLineIteratorNG(int, int, int) (kis_paint_device.cc:775) ==23246== by 0x6471A9A: KisPaintDevice::convertTo(KoColorSpace const*, KoColorConversionTransformation::Intent, QFlags<KoColorConversionTransformation::ConversionFlag>) (kis_paint_device.cc:594) ==23246== by 0x63BF4E3: KisColorSpaceConvertVisitor::convertPaintDevice(KisLayer*) (kis_colorspace_convert_visitor.cpp:115) ==23246== by 0x63C1D89: KisColorSpaceConvertVisitor::visit(KisGroupLayer*) (kis_colorspace_convert_visitor.cpp:56) ==23246== by 0x64267C1: KisImage::convertImageColorSpace(KoColorSpace const*, KoColorConversionTransformation::Intent, QFlags<KoColorConversionTransformation::ConversionFlag>) (kis_image.cc:707) ==23246== by 0x4261ADA1: ColorSpaceConversion::slotImageColorSpaceConversion() (colorspaceconversion.cc:108) ==23246== --23246-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --23246-- si_code=80; Faulting address: 0x0; sp: 0x402adad60 valgrind: the 'impossible' happened: Killed by fatal signal ==23246== at 0x38057361: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==23246== by 0x3805863D: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==23246== by 0x38020C05: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==23246== by 0x38021841: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==23246== by 0x3808F465: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) ==23246== by 0x3809E919: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux) sched status: running_tid=1 Thread 1: status = VgTs_Runnable ==23246== at 0x4C2ACCE: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==23246== by 0x54DE559: QRegExpMatchState::prepareForMatch(QRegExpEngine*) (qregexp.cpp:1380) ==23246== by 0x54EA1F0: prepareEngineForMatch(QRegExpPrivate*, QString const&) (qregexp.cpp:3731) ==23246== by 0x54EA3AA: QRegExp::indexIn(QString const&, int, QRegExp::CaretMode) const (qregexp.cpp:4124) ==23246== by 0xD6A03CE: ??? (in /usr/lib64/libkdecore.so.5.9.2) ==23246== by 0xD6A3536: ??? (in /usr/lib64/libkdecore.so.5.9.2) ==23246== by 0xD6A354B: ??? (in /usr/lib64/libkdecore.so.5.9.2) ==23246== by 0xD68DEC4: ??? (in /usr/lib64/libkdecore.so.5.9.2) ==23246== by 0xD6907C1: ??? (in /usr/lib64/libkdecore.so.5.9.2) ==23246== by 0xD6913E3: KLocalizedString::toString() const (in /usr/lib64/libkdecore.so.5.9.2) ==23246== by 0x30DCF29B: KoID::KoID(KoID const&) (KoID.h:68) ==23246== by 0x31291DFF: RgbF32ColorSpace::colorModelId() const (RgbF32ColorSpace.h:35) ==23246== by 0x311D64BA: KoColorSpaceAbstract<KoBgrU8Traits>::convertPixelsTo(unsigned char const*, unsigned char*, KoColorSpace const*, unsigned int, KoColorConversionTransformation::Intent, QFlags<KoColorConversionTransformation::ConversionFlag>) const (KoColorSpaceAbstract.h:173) ==23246== by 0x64719E9: KisPaintDevice::convertTo(KoColorSpace const*, KoColorConversionTransformation::Intent, QFlags<KoColorConversionTransformation::ConversionFlag>) (kis_paint_device.cc:599) ==23246== by 0x63BF4E3: KisColorSpaceConvertVisitor::convertPaintDevice(KisLayer*) (kis_colorspace_convert_visitor.cpp:115) ==23246== by 0x63C1D89: KisColorSpaceConvertVisitor::visit(KisGroupLayer*) (kis_colorspace_convert_visitor.cpp:56) ==23246== by 0x64267C1: KisImage::convertImageColorSpace(KoColorSpace const*, KoColorConversionTransformation::Intent, QFlags<KoColorConversionTransformation::ConversionFlag>) (kis_image.cc:707) ==23246== by 0x4261ADA1: ColorSpaceConversion::slotImageColorSpaceConversion() (colorspaceconversion.cc:108) ==23246== by 0x4261C7C7: _ZN20ColorSpaceConversion18qt_static_metacallEP7QObjectN11QMetaObject4CallEiPPv.part.8 (colorspaceconversion.moc:52) ==23246== by 0x55C039E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3556) ==23246== by 0xC782541: QAction::triggered(bool) (moc_qaction.cpp:277) ==23246== by 0xC78272F: QAction::activate(QAction::ActionEvent) (qaction.cpp:1257) ==23246== by 0xCBBBDC2: QMenuPrivate::activateCausedStack(QList<QPointer<QWidget> > const&, QAction*, QAction::ActionEvent, bool) (qmenu.cpp:1028) ==23246== by 0xCBC20D8: QMenuPrivate::activateAction(QAction*, QAction::ActionEvent, bool) (qmenu.cpp:1120) ==23246== by 0xC2447BF: KMenu::mouseReleaseEvent(QMouseEvent*) (in /usr/lib64/libkdeui.so.5.9.2) ==23246== by 0xC7D7ECF: QWidget::event(QEvent*) (qwidget.cpp:8371) ==23246== by 0xCBC338A: QMenu::event(QEvent*) (qmenu.cpp:2469) ==23246== by 0xC78874B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4557) ==23246== by 0xC78D42A: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4100) ==23246== by 0x6871AF7: KoApplication::notify(QObject*, QEvent*) (KoApplication.cpp:504) ==23246== by 0x55A9B0D: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:915) ==23246== by 0xC78958A: QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (qcoreapplication.h:231) ==23246== by 0xC803BDB: QETWidget::translateMouseEvent(_XEvent const*) (qapplication_x11.cpp:4452) ==23246== by 0xC802AA0: QApplication::x11ProcessEvent(_XEvent*) (qapplication_x11.cpp:3641) ==23246== by 0xC829818: QEventDispatcherX11::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_x11.cpp:132) ==23246== by 0x55A885E: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149) ==23246== by 0x55A8AE7: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:204) ==23246== by 0x55AD787: QCoreApplication::exec() (qcoreapplication.cpp:1187) ==23246== by 0x5015721: kdemain (main.cc:74) ==23246== by 0xE433454: (below main) (in /lib64/libc-2.15.so) Thread 2: status = VgTs_WaitSys ==23246== at 0x590D8F4: pthread_cond_wait@@GLIBC_2.3.2 (in /lib64/libpthread-2.15.so) ==23246== by 0x54AE4FA: QWaitCondition::wait(QMutex*, unsigned long) (qwaitcondition_unix.cpp:86) ==23246== by 0x54AA406: QSemaphore::acquire(int) (qsemaphore.cpp:144) ==23246== by 0x62EAB53: KisTileDataPooler::run() (kis_tile_data_pooler.cc:162) ==23246== by 0x54ADF9B: QThreadPrivate::start(void*) (qthread_unix.cpp:338) ==23246== by 0x5909E0D: start_thread (in /lib64/libpthread-2.15.so) ==23246== by 0xE4F62BC: clone (in /lib64/libc-2.15.so) Thread 3: status = VgTs_WaitSys ==23246== at 0x590D8F4: pthread_cond_wait@@GLIBC_2.3.2 (in /lib64/libpthread-2.15.so) ==23246== by 0x54AE4FA: QWaitCondition::wait(QMutex*, unsigned long) (qwaitcondition_unix.cpp:86) ==23246== by 0x54AA7D7: QSemaphore::tryAcquire(int, int) (qsemaphore.cpp:221) ==23246== by 0x6318879: KisTileDataSwapper::run() (kis_tile_data_swapper.cpp:92) ==23246== by 0x54ADF9B: QThreadPrivate::start(void*) (qthread_unix.cpp:338) ==23246== by 0x5909E0D: start_thread (in /lib64/libpthread-2.15.so) ==23246== by 0xE4F62BC: clone (in /lib64/libc-2.15.so) Thread 5: status = VgTs_WaitSys ==23246== at 0xE4EFF13: ??? (in /lib64/libc-2.15.so) ==23246== by 0x55D5112: qt_safe_select(int, fd_set*, fd_set*, fd_set*, timeval const*) (qcore_unix.cpp:83) ==23246== by 0x55D9AC3: QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timeval*) (qeventdispatcher_unix.cpp:223) ==23246== by 0x55DAC51: QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_unix.cpp:941) ==23246== by 0x55A885E: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149) ==23246== by 0x55A8AE7: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:204) ==23246== by 0x54AAFBF: QThread::exec() (qthread.cpp:501) ==23246== by 0x5588FCE: QInotifyFileSystemWatcherEngine::run() (qfilesystemwatcher_inotify.cpp:248) ==23246== by 0x54ADF9B: QThreadPrivate::start(void*) (qthread_unix.cpp:338) ==23246== by 0x5909E0D: start_thread (in /lib64/libpthread-2.15.so) ==23246== by 0xE4F62BC: clone (in /lib64/libc-2.15.so) Thread 13: status = VgTs_WaitSys ==23246== at 0x590D8F4: pthread_cond_wait@@GLIBC_2.3.2 (in /lib64/libpthread-2.15.so) ==23246== by 0x54AE4FA: QWaitCondition::wait(QMutex*, unsigned long) (qwaitcondition_unix.cpp:86) ==23246== by 0xCC73985: QFileInfoGatherer::run() (qfileinfogatherer.cpp:214) ==23246== by 0x54ADF9B: QThreadPrivate::start(void*) (qthread_unix.cpp:338) ==23246== by 0x5909E0D: start_thread (in /lib64/libpthread-2.15.so) ==23246== by 0xE4F62BC: clone (in /lib64/libc-2.15.so) Thread 14: status = VgTs_WaitSys ==23246== at 0xE4EFF13: ??? (in /lib64/libc-2.15.so) ==23246== by 0x55D5112: qt_safe_select(int, fd_set*, fd_set*, fd_set*, timeval const*) (qcore_unix.cpp:83) ==23246== by 0x55D9AC3: QEventDispatcherUNIXPrivate::doSelect(QFlags<QEventLoop::ProcessEventsFlag>, timeval*) (qeventdispatcher_unix.cpp:223) ==23246== by 0x55DAC51: QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_unix.cpp:941) ==23246== by 0x55A885E: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149) ==23246== by 0x55A8AE7: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:204) ==23246== by 0x54AAFBF: QThread::exec() (qthread.cpp:501) ==23246== by 0x5588FCE: QInotifyFileSystemWatcherEngine::run() (qfilesystemwatcher_inotify.cpp:248) ==23246== by 0x54ADF9B: QThreadPrivate::start(void*) (qthread_unix.cpp:338) ==23246== by 0x5909E0D: start_thread (in /lib64/libpthread-2.15.so) ==23246== by 0xE4F62BC: clone (in /lib64/libc-2.15.so) Note: see also the FAQ in the source distribution. It contains workarounds to several common problems. In particular, if Valgrind aborted or crashed after identifying problems in your program, there's a good chance that fixing those problems will prevent Valgrind aborting or crashing, especially if it happened in m_mallocfree.c. If that doesn't help, please report this bug to: www.valgrind.org In the bug report, send all the above text, the valgrind version, and what OS and version you are using. Thanks. I think this is an lcms issue as well. When I upgraded to the latest lcms from git master, the problem went away. |