Bug 406209

Summary:	Crash when converting image to 32-bit float
Product:	[Applications] krita	Reporter:	Alvin Wong <alvin>
Component:	General	Assignee:	Krita Bugs <krita-bugs-null>
Status:	RESOLVED FIXED
Severity:	normal	CC:	dimula73, halla
Priority:	NOR
Version:	git master (please specify the git hash!)
Target Milestone:	---
Platform:	Microsoft Windows
OS:	Microsoft Windows
Latest Commit:		Version Fixed In:
Sentry Crash Report:
Attachments:	detailed backtrace with gdb

Description Alvin Wong 2019-04-04 09:32:17 UTC

Got a reproducible crash when converting image colour space to 32-bit float RGBA. Original image is in 16-bit integer RGBA. No crash when converting to the other two colour spaces.

Local Windows build at commit 4689792431b1e7abd426022a7ef346d77170beb2

---

Error occurred on Thursday, April 4, 2019 at 17:25:40.

krita.exe caused an Access Violation at location 00007FFE7530D61C in module libkritapigment.dll Reading from location FFFFFFFFFFFFFFFF.

AddrPC           Params
00007FFE7530D61C 0000000000000000 0000000000000000 000000004E008CB0  libkritapigment.dll!0x9d61c genericComposite<false, false, OverCompositor128<float, unsigned int, false, true>, 16>+0xa8c  [Z:/build/i_deps/include/KF5/KI18n/klocalizedstring.h @ 1340]
00007FFE7545B690 000000004E0A5F00 000000004E008C00 000000004E0A5F00  libkritapigment.dll!0x1eb690 composite+0x2f0  [D:/dev/krita/src-vanilla/libs/pigment/compositeops/KoStreamedMath.h @ 250]
   248:             srcRowStart = buf;
   249:             srcLinearInc = 0;
>  250:             srcVectorInc = 0;
   251:         }
   252:     }
00007FFE752889CD 0000000000000007 00007FFE60DA5045 0000000000000001  libkritapigment.dll!0x189cd bitBlt+0x18d  [D:/dev/krita/src-vanilla/libs/pigment/KoColorSpace.cpp @ 511]
   509:     }
   510:     else {
>  511:         op->composite(params);
   512:     }
   513: }
00007FFE615DB37A 00000000561CFC80 00007FFE00000000 0000000000000000  libkritaimage.dll!0x2ab37a bitBltImpl<false>+0x83a  [D:/dev/krita/src-vanilla/libs/image/kis_painter.cc @ 223]
   221:         // } else */
   222:         {
>  223:             KisPainter gc(dst);
   224:             gc.setSelection(selection);
   225:             gc.setCompositeOp(dst->colorSpace()->compositeOp(COMPOSITE_COPY));
00007FFE61356DAD 00000000561CFC80 000000001C0E4B70 000000001C0E4B70  libkritaimage.dll!0x26dad bitBlt+0x4d  [D:/dev/krita/src-vanilla/libs/image/kis_painter.cc @ 773]
   771:                         qint32 srcWidth, qint32 srcHeight)
   772: {
>  773:     bitBltImpl<false>(dstX, dstY, srcDev, srcX, srcY, srcWidth, srcHeight);
   774: }
   775: 
00007FFE61356E36 00000000561CFD80 00007FFE6134D1E0 0000000000000208  libkritaimage.dll!0x26e36 bitBlt+0x56  [D:/dev/krita/src-vanilla/libs/image/kis_painter.cc @ 779]
   777: void KisPainter::bitBlt(const QPoint & pos, const KisPaintDeviceSP srcDev, const QRect & srcRect)
   778: {
>  779:     bitBlt(pos.x(), pos.y(), srcDev, srcRect.x(), srcRect.y(), srcRect.width(), srcRect.height());
   780: }
   781: 
00007FFE61481B6D 0000000000000000 0000000000000000 0000000000190000  libkritaimage.dll!0x151b6d apply+0x6ad  [D:/dev/krita/src-vanilla/libs/image/kis_layer_projection_plane.cpp @ 99]
    97:     painter->setCompositeOp(m_d->layer->compositeOpId());
    98:     painter->setOpacity(m_d->layer->projectionLeaf()->opacity());
>   99:     painter->bitBlt(needRect.topLeft(), device, needRect);
   100: }
   101: 
00007FFE61428D1D 000000001C9E0280 0000000360EF885D 0000000000000100  libkritaimage.dll!0xf8d1d startMerge+0x28d  [D:/dev/krita/src-vanilla/libs/image/kis_async_merger.cpp @ 362]
   360: 
   361:     KisPainter gc(m_currentProjection);
>  362:     leaf->projectionPlane()->apply(&gc, rect);
   363: 
   364:     DEBUG_NODE_ACTION("Compositing projection", "", leaf, rect);
00007FFE615FA3E4 0000000000000010 000000001C9E0280 000000001C600BC0  libkritaimage.dll!0x2ca3e4 run+0x164  [D:/dev/krita/src-vanilla/libs/image/kis_base_node.h @ 327]
   325:         Q_UNUSED(visitor);
   326:         Q_UNUSED(undoAdapter);
>  327:     }
   328: 
   329:     /**
00007FFE60D28620 000000004DF39BD0 000000001C600B00 0000000000000000  Qt5Core.dll!0x28620 QThreadPool::tryStart+0x520
00007FFE60D2169B 0000000000000000 0000000000000000 0000000000000000  Qt5Core.dll!0x2169b QThread::qt_metacall+0x68b
00007FFEABC13DC4 0000000000000000 0000000000000000 0000000000000000  KERNEL32.DLL!0x13dc4 BaseThreadInitThunk+0x14
00007FFEAE353691 0000000000000000 0000000000000000 0000000000000000  ntdll.dll!0x73691 RtlUserThreadStart+0x21

Comment 1 Dmitry Kazakov 2019-04-04 12:39:07 UTC

I cannot reproduce the rash :(

It really looks like the crash in bug 406157 that was fixed in

https://phabricator.kde.org/R37:d8abbc50a7c2f8032760fe5f5ed150b1f00ad11f

Comment 2 Alvin Wong 2019-04-04 13:16:41 UTC

Created attachment 119238 [details]
detailed backtrace with gdb

The gdb backtrace is much clearer

Comment 3 Halla Rempt 2019-04-05 09:32:41 UTC

I can confirm on Windows; this doesn't happen on Linux.

Comment 4 Alvin Wong 2019-04-05 10:03:16 UTC

The 4.1.7 release doesn't crash on this.

Comment 5 Alvin Wong 2019-04-05 10:40:49 UTC

It looks like some operations involving 32-bit float colour space crashes at about the same place. Creating a 32-bit float file crashes. Converting an empty layer to 32-bit float then attempting to draw on it crashes.

It crashes on a `vmovaps` instruction trying to access a YMMWORD PTR that is not 32-byte aligned, so memory alignment issue.

Comment 6 Alvin Wong 2019-04-06 16:16:37 UTC

Likely relevant GCC bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49001
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54412

Comment 7 Alvin Wong 2019-04-08 12:38:10 UTC

Dmitry opened an issue on Vc: https://github.com/VcDevel/Vc/issues/241

Comment 8 Dmitry Kazakov 2019-04-10 09:48:34 UTC

Git commit f8e3380747729fbd385fbc45c2ee2ad1f44d2962 by Dmitry Kazakov.
Committed on 10/04/2019 at 09:48.
Pushed by dkazakov into branch 'master'.

Add GUI switch for disabling AVX optimization on Widnows

If you happen to have any random crashes while normal painting
with a brush, and you are on Windows, then try to disable this
option, it might help.

M  +12   -2    libs/pigment/compositeops/KoVcMultiArchBuildSupport.h
M  +11   -0    libs/ui/dialogs/kis_dlg_preferences.cc
M  +8    -1    libs/ui/forms/wdgperformancesettings.ui
M  +10   -0    libs/ui/kis_config.cc
M  +3    -0    libs/ui/kis_config.h

https://commits.kde.org/krita/f8e3380747729fbd385fbc45c2ee2ad1f44d2962

Comment 9 Dmitry Kazakov 2019-04-10 09:48:34 UTC

Git commit da5d38cbe3b238ebe67254234c806de9db626938 by Dmitry Kazakov.
Committed on 10/04/2019 at 09:48.
Pushed by dkazakov into branch 'master'.

Add a patch for VC to workaround GCC unaligned stack bug

See original report for details:
https://github.com/VcDevel/Vc/issues/241

A  +36   -0    3rdparty/ext_vc/0001-Workaround-AVX-argument-failures.patch
M  +19   -2    3rdparty/ext_vc/CMakeLists.txt

https://commits.kde.org/krita/da5d38cbe3b238ebe67254234c806de9db626938

Comment 10 Dmitry Kazakov 2019-04-10 09:52:38 UTC

I guess the bug can now be considered as "fixed" :)