Bug 408484

Summary: SIGSEGV while walking through undo/redo on 4.2.1 git-01440fb
Product: [Applications] krita Reporter: epicwrathssin
Component: GeneralAssignee: Dmitry Kazakov <dimula73>
Status: RESOLVED FIXED    
Severity: crash CC: halla
Priority: NOR    
Version: 4.2.1   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: thread apply all bt SIGSEGV KisBaseRectsWalker_getNodeLevelOfDetail
thread1_frame_info_args
thread1_frame_info_locals

Description epicwrathssin 2019-06-09 16:09:37 UTC
Created attachment 120726 [details]
thread apply all bt SIGSEGV KisBaseRectsWalker_getNodeLevelOfDetail

SUMMARY

This crash happened while pressing control-z (or control-shift-z) repeatedly.

STEPS TO REPRODUCE
Unknown

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Ubuntu 19.04 / Linux 5.0.0-16-generic
(available in About System)
KDE Plasma Version: 5.15.4
KDE Frameworks Version: 5.56.0
Qt Version: 5.12.2

ADDITIONAL INFORMATION

Attached is the output from 'thread apply all bt'
A core dump is available if requested.
Binary was compiled as a RelWithDebInfo build.
Krita reports version as 4.2.1 (git-01440fb)
Comment 1 Dmitry Kazakov 2019-06-19 17:07:30 UTC
Hm... I looked at the code and I cannot find how the assert could happen without severe memory corruption (in software, not hardware). I will mark this bug as NEEDSINFO, if you happen to see this crash again, please reopen it and try to remember, what types of nodes you had. And what actions you did with them before starting undo operation.

According to the backtrace, a layer or mask has been deleted while a smart pointer still pointing to it, which is not possible in normal situation... :(
Comment 2 epicwrathssin 2019-06-19 17:46:32 UTC
Created attachment 121010 [details]
thread1_frame_info_args
Comment 3 epicwrathssin 2019-06-19 17:47:23 UTC
Created attachment 121011 [details]
thread1_frame_info_locals
Comment 4 Dmitry Kazakov 2019-06-19 18:43:23 UTC
Okay, I found our the reason of the bug. The node became detached and a failing algorithm in getNodeLevelOfDetail() got fall over it.
Comment 5 Dmitry Kazakov 2019-06-19 20:05:38 UTC
Git commit 0da4a74e407f72604b3a7a455d82f29125ed6d5b by Dmitry Kazakov.
Committed on 19/06/2019 at 20:05.
Pushed by dkazakov into branch 'master'.

Fix a crash when undoing node creation too quickly

The loop in getNodeLevelOfDetail() was just unsafe, because `leaf`
may easily become null, when traversing a graph.

M  +9    -2    libs/image/kis_base_rects_walker.h

https://invent.kde.org/kde/krita/commit/0da4a74e407f72604b3a7a455d82f29125ed6d5b
Comment 6 Halla Rempt 2019-06-20 10:49:29 UTC
Git commit 3ec4483b5fb1f9118b81d361c63abf7de32b9fb6 by Boudewijn Rempt, on behalf of Dmitry Kazakov.
Committed on 20/06/2019 at 10:33.
Pushed by rempt into branch 'krita/4.2'.

Fix a crash when undoing node creation too quickly

The loop in getNodeLevelOfDetail() was just unsafe, because `leaf`
may easily become null, when traversing a graph.

M  +9    -2    libs/image/kis_base_rects_walker.h

https://invent.kde.org/kde/krita/commit/3ec4483b5fb1f9118b81d361c63abf7de32b9fb6