Bug 425379

Summary: Crash when saving a EXR file
Product: [Applications] krita Reporter: Dmitry Kazakov <dimula73>
Component: File formatsAssignee: Dmitry Kazakov <dimula73>
Status: RESOLVED FIXED    
Severity: grave CC: amy, halla
Priority: NOR Keywords: regression
Version: 4.3.0   
Target Milestone: ---   
Platform: Microsoft Windows   
OS: Other   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Test file

Description Dmitry Kazakov 2020-08-15 13:08:28 UTC
Created attachment 130885 [details]
Test file

In Krita 4.3.0 there is no crash, but error while saving. Krita 4.2.9 crashes as well.


STEPS TO REPRODUCE
1. Open test1.exr
2. Press Save As and try to save it
3. See the crash

(gdb) bt
#0  0x00007ff85e30bc1a in QString::toUtf8_helper(QString const&) () from c:\dev\env-3\i\bin\Qt5Core.dll
#1  0x00007fffdd6c6bb8 in QString::toUtf8() const & (this=<optimized out>) at C:/dev/env-3/i/include/QtCore/qstring.h:550
#2  EncoderImpl<float, 4, 3>::prepareFrameBuffer (this=0x2bc78060, frameBuffer=0x2c51f820, line=<optimized out>) at C:/dev/env-3/krita/plugins/impex/exr/exr_converter.cc:983
#3  0x00007fffdd6ba05f in encodeData (file=..., informationObjects=..., width=width@entry=200, height=height@entry=200) at C:/dev/env-3/krita/plugins/impex/exr/exr_converter.cc:1060
#4  0x00007fffdd6c16de in EXRConverter::buildFile (this=<optimized out>, filename=..., layer=..., flatten=false) at C:/dev/env-3/krita/plugins/impex/exr/exr_converter.cc:1384
#5  0x00007fffdd6b7016 in EXRExport::convert (this=0x1f39cf10, document=0x1e592be0, configuration=...) at C:/dev/env-3/krita/plugins/impex/exr/exr_export.cc:85
#6  0x00007ff82af5c553 in KisImportExportManager::doExportImpl (this=this@entry=0x2b5130c0, location=..., filter=..., exportConfiguration=...) at C:/dev/env-3/krita/libs/ui/KisImportExportManager.cpp:689
#7  0x00007ff82af5c86e in KisImportExportManager::doExport (this=0x2b5130c0, location=..., filter=..., exportConfiguration=..., alsoAsKra=false) at C:/dev/env-3/krita/libs/ui/KisImportExportManager.cpp:637
#8  0x00007ff82b0128c1 in std::__invoke_impl<KisImportExportErrorCode, KisImportExportErrorCode (KisImportExportManager::*&)(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool), KisImportExportManager*&, QString&, QSharedPointer<KisImportExportFilter>&, KisPinnedSharedPtr<KisPropertiesConfiguration>&, bool&> (__t=@0x1ca84d20: 0x2b5130c0, __f=
    @0x1ca84ce8: (KisImportExportErrorCode (KisImportExportManager::*)(KisImportExportManager * const, const QString &, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)) 0x7ff82af5c7e0 <KisImportExportManager::doExport(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)>)
    at C:/deps/mingw64_7.3/lib/gcc/x86_64-w64-mingw32/7.3.0/include/c++/bits/invoke.h:73
#9  std::__invoke<KisImportExportErrorCode (KisImportExportManager::*&)(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool), KisImportExportManager*&, QString&, QSharedPointer<KisImportExportFilter>&, KisPinnedSharedPtr<KisPropertiesConfiguration>&, bool&> (__fn=
    @0x1ca84ce8: (KisImportExportErrorCode (KisImportExportManager::*)(KisImportExportManager * const, const QString &, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)) 0x7ff82af5c7e0 <KisImportExportManager::doExport(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)>)
    at C:/deps/mingw64_7.3/lib/gcc/x86_64-w64-mingw32/7.3.0/include/c++/bits/invoke.h:96
#10 std::_Bind<KisImportExportErrorCode (KisImportExportManager::*(KisImportExportManager*, QString, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool))(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)>::__call<KisImportExportErrorCode, , 0ull, 1ull, 2ull, 3ull, 4ull>(std::tuple<>&&, std::_Index_tuple<0ull, 1ull, 2ull, 3ull, 4ull>) (__args=..., this=0x1ca84ce8) at C:/deps/mingw64_7.3/lib/gcc/x86_64-w64-mingw32/7.3.0/include/c++/functional:469
#11 std::_Bind<KisImportExportErrorCode (KisImportExportManager::*(KisImportExportManager*, QString, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool))(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)>::operator()<, KisImportExportErrorCode>() (this=0x1ca84ce8)
    at C:/deps/mingw64_7.3/lib/gcc/x86_64-w64-mingw32/7.3.0/include/c++/functional:551
#12 QtConcurrent::StoredFunctorCall0<KisImportExportErrorCode, std::_Bind<KisImportExportErrorCode (KisImportExportManager::*(KisImportExportManager*, QString, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool))(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)> >::runFunctor() (this=0x1ca84ca0)
    at C:/dev/env-3/i/include/QtConcurrent/qtconcurrentstoredfunctioncall.h:60
#13 QtConcurrent::RunFunctionTask<KisImportExportErrorCode>::run (this=0x1ca84ca0) at C:/dev/env-3/i/include/QtConcurrent/qtconcurrentrunbase.h:108
#14 0x00007ff85e288610 in QThreadPool::tryStart(QRunnable*) () from c:\dev\env-3\i\bin\Qt5Core.dll
#15 0x00007ff85e28162f in QThread::qt_metacall(QMetaObject::Call, int, void**) () from c:\dev\env-3\i\bin\Qt5Core.dll
#16 0x00007ff8b7cd7bd4 in KERNEL32!BaseThreadInitThunk () from C:\WINDOWS\System32\kernel32.dll
#17 0x00007ff8b94ece51 in ntdll!RtlUserThreadStart () from C:\WINDOWS\SYSTEM32\ntdll.dll
#18 0x0000000000000000 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Comment 1 Dmitry Kazakov 2020-08-15 13:15:10 UTC
The EXR file has layers of different color spaces, that makes Krita go crazy

[15380] krita.file: Checking for ARGB channels, they can occur in single-layer _or_ multi-layer images:
[15380] krita.file: Channel name =  Image.A  type =  2
[15380] krita.file: Channel name =  Image.B  type =  2
[15380] krita.file: Channel name =  Image.G  type =  2
[15380] krita.file: Channel name =  Image.R  type =  2
[15380] krita.file: Channel name =  Z.V  type =  2
[15380] krita.file: Extra layers: 2
[15380] krita.file: layer name =  Image
[15380] krita.file:  channel  Image.A suffix "A"  type =  2
[15380] krita.file:   suffix "A"
[15380] krita.file:  channel  Image.B suffix "B"  type =  2
[15380] krita.file:   suffix "B"
[15380] krita.file:  channel  Image.G suffix "G"  type =  2
[15380] krita.file:   suffix "G"
[15380] krita.file:  channel  Image.R suffix "R"  type =  2
[15380] krita.file:   suffix "R"
[15380] krita.file: layer name =  Z
[15380] krita.file:  channel  Z.V suffix "V"  type =  2
[15380] krita.file:   suffix "V"
[15380] krita.file: File has 2 layer(s)
[15380] krita.file: Image type =  2
[15380] krita.file: Colorspace:  "RGB/Alpha (32-bit float/channel)"
[15380] krita.file: Decoding  "Z"  with  1  channels, and color space  "GRAYAF32"
[15380] krita.file: G ->  "Z.V"
[15380] krita.file: Has Alpha: false
[15380] krita.file: Decoding  "Image"  with  4  channels, and color space  "RGBAF32"
Comment 2 amyspark 2020-08-15 13:56:28 UTC
It seems this is a null pointer dereference, caused by the EXR file having less channels than expected. The crash happens when accessing the second (out of 4 expected) channel.
Comment 3 Halla Rempt 2020-08-17 09:47:21 UTC
If 4.2.9 also crashes, is this really a regression?
Comment 4 Dmitry Kazakov 2020-08-19 08:48:46 UTC
Git commit 4e74996368006dd1dcfcb2c439c00ec53c794b91 by Dmitry Kazakov.
Committed on 19/08/2020 at 08:45.
Pushed by dkazakov into branch 'krita/4.3'.

Fix color space when saving EXR with Gray channels

It was just a misprint :)

M  +1    -1    plugins/impex/exr/exr_converter.cc

https://invent.kde.org/graphics/krita/commit/4e74996368006dd1dcfcb2c439c00ec53c794b91
Comment 5 Dmitry Kazakov 2020-08-19 08:48:54 UTC
Git commit 430bd5223ab79117a929f00cba6ad7993facff20 by Dmitry Kazakov.
Committed on 19/08/2020 at 08:45.
Pushed by dkazakov into branch 'krita/4.3'.

Fix crash when trying to save unsupported color space into EXR

`wrapLayerDevice()` will change the color space of the saved device
to the supported one, therefore we should use that. We shouldn't use
the original color space of the layer.

M  +6    -6    plugins/impex/exr/exr_converter.cc

https://invent.kde.org/graphics/krita/commit/430bd5223ab79117a929f00cba6ad7993facff20
Comment 6 Dmitry Kazakov 2020-08-19 08:49:02 UTC
Git commit b545803551868788c23c03215d135a6ca01d08dc by Dmitry Kazakov.
Committed on 19/08/2020 at 08:45.
Pushed by dkazakov into branch 'krita/4.3'.

Fix invalid memory access when loading a Gray/GrayA EXR channels

I don't know why tis code still used the old API of
KisSequentialIterator

M  +2    -3    plugins/impex/exr/exr_converter.cc

https://invent.kde.org/graphics/krita/commit/b545803551868788c23c03215d135a6ca01d08dc
Comment 7 Dmitry Kazakov 2020-08-19 08:54:36 UTC
Git commit b6f8364a5a46a426b6733f93ce34b59f828f8943 by Dmitry Kazakov.
Committed on 19/08/2020 at 08:54.
Pushed by dkazakov into branch 'master'.

Fix color space when saving EXR with Gray channels

It was just a misprint :)

M  +1    -1    plugins/impex/exr/exr_converter.cc

https://invent.kde.org/graphics/krita/commit/b6f8364a5a46a426b6733f93ce34b59f828f8943
Comment 8 Dmitry Kazakov 2020-08-19 08:54:44 UTC
Git commit 9f48cbf31c17ae0500f5ceee0a4f8e873ecd9808 by Dmitry Kazakov.
Committed on 19/08/2020 at 08:54.
Pushed by dkazakov into branch 'master'.

Fix invalid memory access when loading a Gray/GrayA EXR channels

I don't know why tis code still used the old API of
KisSequentialIterator

M  +2    -3    plugins/impex/exr/exr_converter.cc

https://invent.kde.org/graphics/krita/commit/9f48cbf31c17ae0500f5ceee0a4f8e873ecd9808
Comment 9 Dmitry Kazakov 2020-08-19 08:54:52 UTC
Git commit 1d7b348b1a3cf0f7985cb3d7f46c56cb6d2af371 by Dmitry Kazakov.
Committed on 19/08/2020 at 08:54.
Pushed by dkazakov into branch 'master'.

Fix crash when trying to save unsupported color space into EXR

`wrapLayerDevice()` will change the color space of the saved device
to the supported one, therefore we should use that. We shouldn't use
the original color space of the layer.

M  +6    -6    plugins/impex/exr/exr_converter.cc

https://invent.kde.org/graphics/krita/commit/1d7b348b1a3cf0f7985cb3d7f46c56cb6d2af371