| Summary: | Crash when performing a redo action after certain crop-related steps | ||
|---|---|---|---|
| Product: | [Applications] krita | Reporter: | tomtomtomreportingin |
| Component: | General | Assignee: | sh_zam <shzam> |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | CC: | ByteEnable, ghevan, halcyoen, shzam |
| Priority: | NOR | ||
| Version: | 4.4.3-beta1 | ||
| Target Milestone: | --- | ||
| Platform: | Appimage | ||
| OS: | Linux | ||
| Latest Commit: | https://invent.kde.org/graphics/krita/commit/9ac750ab57607f3219ca4d444bc1e9ec69517e67 | Version Fixed In: | |
| Attachments: | backtrace | ||
|
Description
tomtomtomreportingin
2021-03-01 02:17:44 UTC
Created attachment 136270 [details]
backtrace
I can confirm this bug, easily reproductible following the steps provided, attached backtrace.
Can reproduce in master as well. Assigning this to myself. A possibly relevant merge request was started @ https://invent.kde.org/graphics/krita/-/merge_requests/765 Git commit 5ea95edb1f51acbac032055aee6333381efe95c8 by Sharaf Zaman. Committed on 24/03/2021 at 10:22. Pushed by szaman into branch 'master'. Bugfix: Crash with crop tool The reason for crash was use after free, and the flow is like this: 1. User Crops the image (Crop gets added to Undo Stack) 2. User Undos the Crop (Crop is popped off that stack and is available for Redo) 3. User makes a Crop Selection 4. User makes a Redo Action (Because the crop selection is active, prior to the change we would apply the crop stroke which would purge the Redo Stack, deleting the KisSavedMacroCommand* which later would be used in KisSavedCommandBase::runStroke [its vtable]). Since there is no stroke running during selection, we only have to clear the selection. M +1 -1 plugins/tools/tool_crop/kis_tool_crop.cc https://invent.kde.org/graphics/krita/commit/5ea95edb1f51acbac032055aee6333381efe95c8 Git commit 9ac750ab57607f3219ca4d444bc1e9ec69517e67 by Sharaf Zaman. Committed on 24/03/2021 at 10:39. Pushed by szaman into branch 'krita/4.3'. Bugfix: Crash with crop tool The reason for crash was use after free, and the flow is like this: 1. User Crops the image (Crop gets added to Undo Stack) 2. User Undos the Crop (Crop is popped off that stack and is available for Redo) 3. User makes a Crop Selection 4. User makes a Redo Action (Because the crop selection is active, prior to the change we would apply the crop stroke which would purge the Redo Stack, deleting the KisSavedMacroCommand* which later would be used in KisSavedCommandBase::runStroke [its vtable]). Since there is no stroke running during selection, we only have to clear the selection. (cherry picked from commit 5ea95edb1f51acbac032055aee6333381efe95c8) M +1 -1 plugins/tools/tool_crop/kis_tool_crop.cc https://invent.kde.org/graphics/krita/commit/9ac750ab57607f3219ca4d444bc1e9ec69517e67 *** Bug 435193 has been marked as a duplicate of this bug. *** Git commit a993eec3de6487ea01b712c4695503f880ee673f by Dmitry Kazakov. Committed on 03/04/2021 at 11:53. Pushed by dkazakov into branch 'master'. Fix data corruption on pressing Ctrl+Z while crop action is active M +5 -0 plugins/tools/tool_crop/kis_tool_crop.cc M +1 -0 plugins/tools/tool_crop/kis_tool_crop.h https://invent.kde.org/graphics/krita/commit/a993eec3de6487ea01b712c4695503f880ee673f Git commit 2eb56697e4646d34fe5f0b940ec0bc991d589a9b by Dmitry Kazakov. Committed on 01/06/2021 at 11:58. Pushed by dkazakov into branch 'krita/4.3'. Fix data corruption on pressing Ctrl+Z while crop action is active M +5 -0 plugins/tools/tool_crop/kis_tool_crop.cc M +1 -0 plugins/tools/tool_crop/kis_tool_crop.h https://invent.kde.org/graphics/krita/commit/2eb56697e4646d34fe5f0b940ec0bc991d589a9b *** Bug 438563 has been marked as a duplicate of this bug. *** |