Summary: | Crash when saving a EXR file | ||
---|---|---|---|
Product: | [Applications] krita | Reporter: | Dmitry Kazakov <dimula73> |
Component: | File formats | Assignee: | Dmitry Kazakov <dimula73> |
Status: | RESOLVED FIXED | ||
Severity: | grave | CC: | amy, halla |
Priority: | NOR | Keywords: | regression |
Version: | 4.3.0 | ||
Target Milestone: | --- | ||
Platform: | Microsoft Windows | ||
OS: | Other | ||
Latest Commit: | https://invent.kde.org/graphics/krita/commit/b6f8364a5a46a426b6733f93ce34b59f828f8943 | Version Fixed In: | |
Sentry Crash Report: | |||
Attachments: | Test file |
The EXR file has layers of different color spaces, that makes Krita go crazy [15380] krita.file: Checking for ARGB channels, they can occur in single-layer _or_ multi-layer images: [15380] krita.file: Channel name = Image.A type = 2 [15380] krita.file: Channel name = Image.B type = 2 [15380] krita.file: Channel name = Image.G type = 2 [15380] krita.file: Channel name = Image.R type = 2 [15380] krita.file: Channel name = Z.V type = 2 [15380] krita.file: Extra layers: 2 [15380] krita.file: layer name = Image [15380] krita.file: channel Image.A suffix "A" type = 2 [15380] krita.file: suffix "A" [15380] krita.file: channel Image.B suffix "B" type = 2 [15380] krita.file: suffix "B" [15380] krita.file: channel Image.G suffix "G" type = 2 [15380] krita.file: suffix "G" [15380] krita.file: channel Image.R suffix "R" type = 2 [15380] krita.file: suffix "R" [15380] krita.file: layer name = Z [15380] krita.file: channel Z.V suffix "V" type = 2 [15380] krita.file: suffix "V" [15380] krita.file: File has 2 layer(s) [15380] krita.file: Image type = 2 [15380] krita.file: Colorspace: "RGB/Alpha (32-bit float/channel)" [15380] krita.file: Decoding "Z" with 1 channels, and color space "GRAYAF32" [15380] krita.file: G -> "Z.V" [15380] krita.file: Has Alpha: false [15380] krita.file: Decoding "Image" with 4 channels, and color space "RGBAF32" It seems this is a null pointer dereference, caused by the EXR file having less channels than expected. The crash happens when accessing the second (out of 4 expected) channel. If 4.2.9 also crashes, is this really a regression? Git commit 4e74996368006dd1dcfcb2c439c00ec53c794b91 by Dmitry Kazakov. Committed on 19/08/2020 at 08:45. Pushed by dkazakov into branch 'krita/4.3'. Fix color space when saving EXR with Gray channels It was just a misprint :) M +1 -1 plugins/impex/exr/exr_converter.cc https://invent.kde.org/graphics/krita/commit/4e74996368006dd1dcfcb2c439c00ec53c794b91 Git commit 430bd5223ab79117a929f00cba6ad7993facff20 by Dmitry Kazakov. Committed on 19/08/2020 at 08:45. Pushed by dkazakov into branch 'krita/4.3'. Fix crash when trying to save unsupported color space into EXR `wrapLayerDevice()` will change the color space of the saved device to the supported one, therefore we should use that. We shouldn't use the original color space of the layer. M +6 -6 plugins/impex/exr/exr_converter.cc https://invent.kde.org/graphics/krita/commit/430bd5223ab79117a929f00cba6ad7993facff20 Git commit b545803551868788c23c03215d135a6ca01d08dc by Dmitry Kazakov. Committed on 19/08/2020 at 08:45. Pushed by dkazakov into branch 'krita/4.3'. Fix invalid memory access when loading a Gray/GrayA EXR channels I don't know why tis code still used the old API of KisSequentialIterator M +2 -3 plugins/impex/exr/exr_converter.cc https://invent.kde.org/graphics/krita/commit/b545803551868788c23c03215d135a6ca01d08dc Git commit b6f8364a5a46a426b6733f93ce34b59f828f8943 by Dmitry Kazakov. Committed on 19/08/2020 at 08:54. Pushed by dkazakov into branch 'master'. Fix color space when saving EXR with Gray channels It was just a misprint :) M +1 -1 plugins/impex/exr/exr_converter.cc https://invent.kde.org/graphics/krita/commit/b6f8364a5a46a426b6733f93ce34b59f828f8943 Git commit 9f48cbf31c17ae0500f5ceee0a4f8e873ecd9808 by Dmitry Kazakov. Committed on 19/08/2020 at 08:54. Pushed by dkazakov into branch 'master'. Fix invalid memory access when loading a Gray/GrayA EXR channels I don't know why tis code still used the old API of KisSequentialIterator M +2 -3 plugins/impex/exr/exr_converter.cc https://invent.kde.org/graphics/krita/commit/9f48cbf31c17ae0500f5ceee0a4f8e873ecd9808 Git commit 1d7b348b1a3cf0f7985cb3d7f46c56cb6d2af371 by Dmitry Kazakov. Committed on 19/08/2020 at 08:54. Pushed by dkazakov into branch 'master'. Fix crash when trying to save unsupported color space into EXR `wrapLayerDevice()` will change the color space of the saved device to the supported one, therefore we should use that. We shouldn't use the original color space of the layer. M +6 -6 plugins/impex/exr/exr_converter.cc https://invent.kde.org/graphics/krita/commit/1d7b348b1a3cf0f7985cb3d7f46c56cb6d2af371 |
Created attachment 130885 [details] Test file In Krita 4.3.0 there is no crash, but error while saving. Krita 4.2.9 crashes as well. STEPS TO REPRODUCE 1. Open test1.exr 2. Press Save As and try to save it 3. See the crash (gdb) bt #0 0x00007ff85e30bc1a in QString::toUtf8_helper(QString const&) () from c:\dev\env-3\i\bin\Qt5Core.dll #1 0x00007fffdd6c6bb8 in QString::toUtf8() const & (this=<optimized out>) at C:/dev/env-3/i/include/QtCore/qstring.h:550 #2 EncoderImpl<float, 4, 3>::prepareFrameBuffer (this=0x2bc78060, frameBuffer=0x2c51f820, line=<optimized out>) at C:/dev/env-3/krita/plugins/impex/exr/exr_converter.cc:983 #3 0x00007fffdd6ba05f in encodeData (file=..., informationObjects=..., width=width@entry=200, height=height@entry=200) at C:/dev/env-3/krita/plugins/impex/exr/exr_converter.cc:1060 #4 0x00007fffdd6c16de in EXRConverter::buildFile (this=<optimized out>, filename=..., layer=..., flatten=false) at C:/dev/env-3/krita/plugins/impex/exr/exr_converter.cc:1384 #5 0x00007fffdd6b7016 in EXRExport::convert (this=0x1f39cf10, document=0x1e592be0, configuration=...) at C:/dev/env-3/krita/plugins/impex/exr/exr_export.cc:85 #6 0x00007ff82af5c553 in KisImportExportManager::doExportImpl (this=this@entry=0x2b5130c0, location=..., filter=..., exportConfiguration=...) at C:/dev/env-3/krita/libs/ui/KisImportExportManager.cpp:689 #7 0x00007ff82af5c86e in KisImportExportManager::doExport (this=0x2b5130c0, location=..., filter=..., exportConfiguration=..., alsoAsKra=false) at C:/dev/env-3/krita/libs/ui/KisImportExportManager.cpp:637 #8 0x00007ff82b0128c1 in std::__invoke_impl<KisImportExportErrorCode, KisImportExportErrorCode (KisImportExportManager::*&)(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool), KisImportExportManager*&, QString&, QSharedPointer<KisImportExportFilter>&, KisPinnedSharedPtr<KisPropertiesConfiguration>&, bool&> (__t=@0x1ca84d20: 0x2b5130c0, __f= @0x1ca84ce8: (KisImportExportErrorCode (KisImportExportManager::*)(KisImportExportManager * const, const QString &, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)) 0x7ff82af5c7e0 <KisImportExportManager::doExport(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)>) at C:/deps/mingw64_7.3/lib/gcc/x86_64-w64-mingw32/7.3.0/include/c++/bits/invoke.h:73 #9 std::__invoke<KisImportExportErrorCode (KisImportExportManager::*&)(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool), KisImportExportManager*&, QString&, QSharedPointer<KisImportExportFilter>&, KisPinnedSharedPtr<KisPropertiesConfiguration>&, bool&> (__fn= @0x1ca84ce8: (KisImportExportErrorCode (KisImportExportManager::*)(KisImportExportManager * const, const QString &, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)) 0x7ff82af5c7e0 <KisImportExportManager::doExport(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)>) at C:/deps/mingw64_7.3/lib/gcc/x86_64-w64-mingw32/7.3.0/include/c++/bits/invoke.h:96 #10 std::_Bind<KisImportExportErrorCode (KisImportExportManager::*(KisImportExportManager*, QString, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool))(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)>::__call<KisImportExportErrorCode, , 0ull, 1ull, 2ull, 3ull, 4ull>(std::tuple<>&&, std::_Index_tuple<0ull, 1ull, 2ull, 3ull, 4ull>) (__args=..., this=0x1ca84ce8) at C:/deps/mingw64_7.3/lib/gcc/x86_64-w64-mingw32/7.3.0/include/c++/functional:469 #11 std::_Bind<KisImportExportErrorCode (KisImportExportManager::*(KisImportExportManager*, QString, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool))(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)>::operator()<, KisImportExportErrorCode>() (this=0x1ca84ce8) at C:/deps/mingw64_7.3/lib/gcc/x86_64-w64-mingw32/7.3.0/include/c++/functional:551 #12 QtConcurrent::StoredFunctorCall0<KisImportExportErrorCode, std::_Bind<KisImportExportErrorCode (KisImportExportManager::*(KisImportExportManager*, QString, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool))(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)> >::runFunctor() (this=0x1ca84ca0) at C:/dev/env-3/i/include/QtConcurrent/qtconcurrentstoredfunctioncall.h:60 #13 QtConcurrent::RunFunctionTask<KisImportExportErrorCode>::run (this=0x1ca84ca0) at C:/dev/env-3/i/include/QtConcurrent/qtconcurrentrunbase.h:108 #14 0x00007ff85e288610 in QThreadPool::tryStart(QRunnable*) () from c:\dev\env-3\i\bin\Qt5Core.dll #15 0x00007ff85e28162f in QThread::qt_metacall(QMetaObject::Call, int, void**) () from c:\dev\env-3\i\bin\Qt5Core.dll #16 0x00007ff8b7cd7bd4 in KERNEL32!BaseThreadInitThunk () from C:\WINDOWS\System32\kernel32.dll #17 0x00007ff8b94ece51 in ntdll!RtlUserThreadStart () from C:\WINDOWS\SYSTEM32\ntdll.dll #18 0x0000000000000000 in ?? () Backtrace stopped: previous frame inner to this frame (corrupt stack?)