| Summary: | Crash in LCMS when certain icc files are present | ||
|---|---|---|---|
| Product: | [Applications] krita | Reporter: | Halla Rempt <halla> |
| Component: | Color models | Assignee: | Tiar <tamtamy.tymona> |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | CC: | li20020410, tamtamy.tymona, tysontanx |
| Priority: | NOR | ||
| Version: | 4.3.0 | ||
| Target Milestone: | --- | ||
| Platform: | Compiled Sources | ||
| OS: | Linux | ||
| Latest Commit: | https://invent.kde.org/graphics/krita/commit/ba852b2040c2b694143a8f3e9eece0b81e5003db | Version Fixed In: | |
| Attachments: | broken icc files | ||
A possibly relevant merge request was started @ https://invent.kde.org/graphics/krita/-/merge_requests/455 Git commit 94ff5b91d3c67919b1339bd9fe43bca41c255395 by Agata Cacko.
Committed on 01/08/2020 at 20:17.
Pushed by tymond into branch 'master'.
Fix crash on particular LCMS profiles
Before this commit, Krita would crash on particular LCMS profiles
because they were saying that they contain definition of white point
("cmsIsTag") but later the pointer that "cmsReadTag" returned was empty.
This commit makes sure that even if the pointer is empty, Krita won't
crash.
M +35 -28 plugins/color/lcms2engine/colorprofiles/LcmsColorProfileContainer.cpp
https://invent.kde.org/graphics/krita/commit/94ff5b91d3c67919b1339bd9fe43bca41c255395
Git commit ba852b2040c2b694143a8f3e9eece0b81e5003db by Boudewijn Rempt, on behalf of Agata Cacko.
Committed on 21/08/2020 at 11:28.
Pushed by rempt into branch 'krita/4.3'.
Fix crash on particular LCMS profiles
Before this commit, Krita would crash on particular LCMS profiles
because they were saying that they contain definition of white point
("cmsIsTag") but later the pointer that "cmsReadTag" returned was empty.
This commit makes sure that even if the pointer is empty, Krita won't
crash.
(cherry picked from commit 94ff5b91d3c67919b1339bd9fe43bca41c255395)
M +35 -28 plugins/color/lcms2engine/colorprofiles/LcmsColorProfileContainer.cpp
https://invent.kde.org/graphics/krita/commit/ba852b2040c2b694143a8f3e9eece0b81e5003db
Git commit a7163c957a62017b96da6231824061d14fea10bf by Agata Cacko. Committed on 25/08/2020 at 11:42. Pushed by tymond into branch 'master'. Make LCMS init() crash-proof Before this commit, there was multiple cases when LcmsColorProfileContainer::init() could crash when reading the profile because cmsIsTag() returns true but cmsReadTag() returns a null pointer. This commit checks all the pointers before dereferencing it. M +47 -40 plugins/color/lcms2engine/colorprofiles/LcmsColorProfileContainer.cpp https://invent.kde.org/graphics/krita/commit/a7163c957a62017b96da6231824061d14fea10bf Git commit f501273e5066ca30318ef49e25fb34c913bdfe06 by Agata Cacko. Committed on 25/08/2020 at 11:43. Pushed by tymond into branch 'krita/4.3'. Make LCMS init() crash-proof Before this commit, there was multiple cases when LcmsColorProfileContainer::init() could crash when reading the profile because cmsIsTag() returns true but cmsReadTag() returns a null pointer. This commit checks all the pointers before dereferencing it. (cherry picked from commit a7163c957a62017b96da6231824061d14fea10bf) M +47 -40 plugins/color/lcms2engine/colorprofiles/LcmsColorProfileContainer.cpp https://invent.kde.org/graphics/krita/commit/f501273e5066ca30318ef49e25fb34c913bdfe06 *** Bug 426735 has been marked as a duplicate of this bug. *** *** Bug 426805 has been marked as a duplicate of this bug. *** |
Created attachment 129785 [details] broken icc files Put these files in .local/share/krita/profiles and Krita will crash with the following backtrace: Thread 1 "krita" received signal SIGSEGV, Segmentation fault. 0x00007fffc29201d5 in LcmsColorProfileContainer::init (this=0x555559c0ddc0) at /home/boud/dev/4.3/plugins/color/lcms2engine/colorprofiles/LcmsColorProfileContainer.cpp:163 163 d->mediaWhitePoint = *((cmsCIEXYZ *)cmsReadTag(d->profile, cmsSigMediaWhitePointTag)); (gdb) bt #0 0x00007fffc29201d5 in LcmsColorProfileContainer::init (this=0x555559c0ddc0) at /home/boud/dev/4.3/plugins/color/lcms2engine/colorprofiles/LcmsColorProfileContainer.cpp:163 #1 0x00007fffc2920526 in LcmsColorProfileContainer::LcmsColorProfileContainer (this=0x555559c0ddc0, data=0x555559bbd330) at /home/boud/dev/4.3/plugins/color/lcms2engine/colorprofiles/LcmsColorProfileContainer.cpp:88 #2 0x00007fffc292470c in IccColorProfile::init (this=0x555559bbd4a0) at /home/boud/dev/4.3/plugins/color/lcms2engine/colorprofiles/IccColorProfile.cpp:306 #3 0x00007fffc2924ed6 in IccColorProfile::load (this=this@entry=0x555559bbd4a0) at /home/boud/dev/4.3/plugins/color/lcms2engine/colorprofiles/IccColorProfile.cpp:291 #4 0x00007fffc292a95d in LcmsEnginePlugin::LcmsEnginePlugin (this=0x555559bd3120, parent=<optimized out>) at /home/boud/dev/4.3/plugins/color/lcms2engine/LcmsEnginePlugin.cpp:138 #5 0x00007fffc29427cf in KPluginFactory::createInstance<LcmsEnginePlugin, QObject> (parentWidget=<optimized out>, parent=<optimized out>, args=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject.h:519 #6 0x00007fffee201236 in KPluginFactory::create(char const*, QWidget*, QObject*, QList<QVariant> const&, QString const&) () from /usr/lib/x86_64-linux-gnu/libKF5CoreAddons.so.5 #7 0x00007fffee46529f in KPluginFactory::create<QObject> (args=..., parent=0x7fffee67a5b0 <(anonymous namespace)::Q_QGS_pluginLoaderInstance::innerFunction()::holder>, this=0x555559beced0) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject.h:153 #8 KoPluginLoader::load (this=this@entry=0x7fffee67a5b0 <(anonymous namespace)::Q_QGS_pluginLoaderInstance::innerFunction()::holder>, serviceType=..., versionString=..., config=..., owner=owner@entry=0x0, cache=cache@entry=true) at /home/boud/dev/4.3/libs/koplugin/KoPluginLoader.cpp:141 #9 0x00007fffefe9f309 in KoColorSpaceRegistry::init (this=0x7ffff03aa0d0 <_ZZN12_GLOBAL__N_116Q_QGS_s_instance13innerFunctionEvE6holder>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:794 #10 0x00007fffefe9fcd6 in KoColorSpaceRegistry::instance () at /home/boud/dev/4.3/libs/pigment/KoColorSpaceRegistry.cpp:52 #11 0x00007ffff6c687fc in KisApplication::loadPlugins (this=<optimized out>) at /home/boud/dev/4.3/libs/ui/KisApplication.cpp:331 #12 0x00007ffff6c6bfbb in KisApplication::start (this=this@entry=0x7fffffffd6e0, args=...) at /home/boud/dev/4.3/libs/ui/KisApplication.cpp:413 #13 0x0000555555e27b3a in main (argc=<optimized out>, argv=0x7fffffffd848) at /home/boud/dev/4.3/krita/main.cc:588 This is not a regression because of updating to lcms 2.10.