Bug 443189

Summary: Crash when attempting to undo while drawing liquify strokes
Product: [Applications] krita Reporter: tomtomtomreportingin
Component: Tools/TransformAssignee: Krita Bugs <krita-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: crash CC: ahab.greybeard, dimula73
Priority: NOR    
Version First Reported In: 5.0.0-beta1   
Target Milestone: ---   
Platform: Appimage   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description tomtomtomreportingin 2021-10-01 07:49:20 UTC 
SUMMARY
Krita can segfault if the user attempts to undo while doing a liquify stroke.

This is not a regression of Krita 5.

STEPS TO REPRODUCE
1. Open a photo in Krita.
2. Activate Liquify transform on the photo.
3. Do one or two liquify strokes (this step seems somewhat necessary).
4. While doing another liquify stroke, press undo.

OBSERVED RESULT
Segmentation fault.

EXPECTED RESULT
No crash.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Debian sid
KDE Plasma Version: 5.21.5
KDE Frameworks Version: 5.86.0
Qt Version: 5.12.11 (Appimage)
Comment 1 Ahab Greybeard 2021-10-07 19:18:07 UTC 
I can replicate this with the 5.0.0-beta1 and the Oct 07 5.1.0-prealpha (git f2ad3000) appimages on Debian 10.
It doesn't happen with the 4.4.8 appimage.

I don't need to use Undo. A crash happens during the second Liquify stroke or sometimes the first liquify stroke.

For both versions:
The terminal says "Aborted".
The log file says "ASSERT (krita): "row < 0x7FFF && col < 0x7FFF" in file /home/appimage/workspace/Krita_Release_Appimage_Build/krita/libs/image/tiles3/kis_tile_hash_table2.h, line 129"
Comment 2 sh_zam 2021-10-29 19:29:50 UTC 
A rather hard to reproduce… luckily I caught it in gdb:

ASSERT (krita): “row < 0x7FFF && col < 0x7FFF” in file /krita/libs/image/tiles3/kis_tile_hash_table2.h, line 129

Thread 50 “Thread (pooled)” received signal SIGABRT, Aborted.
[Switching to Thread 0x7fff3e5f1640 (LWP 2086920)]
0x00007ffff3bcdd22 in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff3bcdd22 in raise () at /usr/lib/libc.so.6
#1  0x00007ffff3bb7862 in abort () at /usr/lib/libc.so.6
#2  0x00007ffff404194e in  () at /usr/lib/libQt5Core.so.5
#3  0x00007ffff62320a1 in kis_assert_common(char const*, char const*, int, bool, bool)
    (assertion=0x7ffff715d1f8 “row < 0x7FFF && col < 0x7FFF”, file=0x7ffff715820d “/krita/libs/image/tiles3/kis_tile_hash_table2.h”, line=line@entry=129, throwException=<optimized out>, isIgnorable=false)
    at /krita/libs/global/kis_assert.cpp:89
#4  0x00007ffff623237a in kis_assert_recoverable(char const*, char const*, int) (assertion=0x2 <error: Cannot access memory at address 0x2>, file=0x7fff3e5ef9f0 “”, line=0, line@entry=129) at /krita/libs/global/kis_assert.cpp:102
#5  0x00007ffff723e626 in KisTileHashTableTraits2<KisTile>::calculateHash(int, int) (this=0x7fff601ca880, col=900376, row=3) at /krita/libs/image/tiles3/kis_tile_hash_table2.h:129
#6  KisTileHashTableTraits2<KisTile>::getReadOnlyTileLazy(int, int, bool&) (this=0x7fff601ca880, col=900376, row=3, existingTile=@0x7fff3e5efe3f: false) at /krita/libs/image/tiles3/kis_tile_hash_table2.h:375
#7  0x00007ffff724a0eb in KisTiledDataManager::getTile(int, int, bool) (this=<optimized out>, col=<optimized out>, row=<optimized out>, writable=<optimized out>) at /krita/libs/image/tiles3/kis_tiled_data_manager.h:116
#8  KisTiledDataManager::getTilesPair(int, int, bool, KisSharedPtr<KisTile>*, KisSharedPtr<KisTile>*) (this=0x7fff601c9c40, col=900376, row=3, writable=<optimized out>, tile=0x7fff7483b550, oldTile=0x7fff7483b558)
    at /krita/libs/image/tiles3/kis_tiled_data_manager.h:95
#9  0x00007ffff724bdb1 in KisRandomAccessor2::fetchTileData(int, int) (this=this@entry=0x7fff7483c4d0, col=900376, row=3) at /krita/libs/image/tiles3/kis_random_accessor.cc:113
#10 0x00007ffff724bd07 in KisRandomAccessor2::moveTo(int, int) (this=0x7fff7483c4d0, x=57624115, y=242) at /krita/libs/image/tiles3/kis_random_accessor.cc:80
#11 0x00007ffff74958d4 in KisRandomSubAccessor::sampledOldRawData(unsigned char*)
    (this=0x7fff7483b5e0, dst=0x7fff878f30ec “\377\345\275\377\231\217\177\377\231\217\177\377\231\217\177\377\231\217\177\377\231\217\177\377\232\220\200\377\232\220\200\377\232\220\200\377\377\357\307\377\377\357\307\377\377\357\307\377\377\357\307\377\377\357\307\377\377\357\307\377\377\357\307\377\377\357\306\377\377\357\306\377\377\357\306\377\377\357\306\377\377\357\306\377\377\357\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\356\306\377\377\355\305\377\377\355\305\377\377\355\305\377\377\355\305\377\377\355\305\377\377\355\305\377\377\355\304\377\377\354\303\377\377\353\301\377\377\352\301\377\377\351\301\377”…) at /krita/libs/image/kis_random_sub_accessor.cpp:51
#12 0x00007ffff74b0233 in GridIterationTools::PaintDevicePolygonOp::operator()(QPolygonF const&, QPolygonF const&, QPolygonF const&) (this=0x7fff3e5f0220, srcPolygon=<optimized out>, dstPolygon=<optimized out>, clipDstPolygon=…)
    at /krita/libs/image/kis_grid_interpolation_tools.h:209
#13 0x00007ffff74bb8cb in GridIterationTools::PaintDevicePolygonOp::operator()(QPolygonF const&, QPolygonF const&) (this=0x7fff3e5f0220, srcPolygon=…, dstPolygon=…) at /krita/libs/image/kis_grid_interpolation_tools.h:171
#14 GridIterationTools::iterateThroughGrid<GridIterationTools::AlwaysCompletePolygonPolicy, GridIterationTools::PaintDevicePolygonOp, GridIterationTools::RegularGridIndexesOp>(GridIterationTools::PaintDevicePolygonOp&, GridIterationTools::RegularGridIndexesOp&, QSize const&, QVector<QPointF> const&, QVector<QPointF> const&) (polygonOp=…, indexesOp=…, gridSize=<optimized out>, originalPoints=QVector<QPointF> (size = 191395) = {…}, transformedPoints=QVector<QPointF> (size = 191395) = {…})
    at /krita/libs/image/kis_grid_interpolation_tools.h:619
#15 0x00007ffff74b8e53 in KisLiquifyTransformWorker::run(KisSharedPtr<KisPaintDevice>, KisSharedPtr<KisPaintDevice>) (this=0x7fff74006e30, srcDevice=…, dstDevice=…) at /krita/libs/image/kis_liquify_transform_worker.cpp:402
#16 0x00007fffbc7c9860 in (anonymous namespace)::transformDeviceImpl(ToolTransformArgs const&, KisSharedPtr<KisPaintDevice>, KisSharedPtr<KisPaintDevice>, KisProcessingVisitor::ProgressHelper*, bool) (config=
    …, srcDevice=…, dstDevice=…, helper=0x7fff3e5f0878, cropDst=false) at /krita/plugins/tools/tool_transform2/kis_transform_utils.cpp:310
#17 0x00007fffbc7c8f69 in KisTransformUtils::transformDevice(ToolTransformArgs const&, KisSharedPtr<KisPaintDevice>, KisSharedPtr<KisPaintDevice>, KisProcessingVisitor::ProgressHelper*) (config=…, srcDevice=…, dstDevice=…, helper=0x7ffff3bcdd22 <raise+322>,
    helper@entry=0x7fff3e5f0878) at /krita/plugins/tools/tool_transform2/kis_transform_utils.cpp:366
#18 0x00007fffbc7cbbd0 in KisTransformUtils::transformAndMergeDevice(ToolTransformArgs const&, KisSharedPtr<KisPaintDevice>, KisSharedPtr<KisPaintDevice>, KisProcessingVisitor::ProgressHelper*) (config=…, src=…, dst=…, helper=0x7fff3e5f0878)
    at /krita/plugins/tools/tool_transform2/kis_transform_utils.cpp:576
#19 0x00007fffbc7e1bd5 in InplaceTransformStrokeStrategy::transformNode(KisSharedPtr<KisNode>, ToolTransformArgs const&, int) (this=0x555566925cc0, node=…, config=…, levelOfDetail=2)
    at /krita/plugins/tools/tool_transform2/strokes/inplace_transform_stroke_strategy.cpp:678
#20 0x00007fffbc7e677d in InplaceTransformStrokeStrategy::reapplyTransform(ToolTransformArgs, QVector<KisStrokeJobData*>&, int, bool)::$_13::operator()() const (this=<optimized out>)
    at /krita/plugins/tools/tool_transform2/strokes/inplace_transform_stroke_strategy.cpp:841
#21 std::__invoke_impl<void, InplaceTransformStrokeStrategy::reapplyTransform(ToolTransformArgs, QVector<KisStrokeJobData*>&, int, bool)::$_13&>(std::__invoke_other, InplaceTransformStrokeStrategy::reapplyTransform(ToolTransformArgs, QVector<KisStrokeJobData*>&, int, bool)::$_13&) (__f=<optimized out>) at /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/invoke.h:61
#22 std::__invoke_r<void, InplaceTransformStrokeStrategy::reapplyTransform(ToolTransformArgs, QVector<KisStrokeJobData*>&, int, bool)::$_13&>(InplaceTransformStrokeStrategy::reapplyTransform(ToolTransformArgs, QVector<KisStrokeJobData*>&, int, bool)::$_13&)
    (__fn=<optimized out>) at /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/invoke.h:154
#23 std::_Function_handler<void (), InplaceTransformStrokeStrategy::reapplyTransform(ToolTransformArgs, QVector<KisStrokeJobData*>&, int, bool)::$_13>::_M_invoke(std::_Any_data const&) (__functor=<optimized out>)
    at /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/std_function.h:291
#24 0x00007ffff7394439 in KisStrokeStrategyUndoCommandBased::doStrokeCallback(KisStrokeJobData*) (this=0x555566925cd0, data=0x7fff58006ed0) at /krita/libs/image/kis_stroke_strategy_undo_command_based.cpp:127
#25 0x00007fffbc7dcdb7 in InplaceTransformStrokeStrategy::doStrokeCallback(KisStrokeJobData*) (this=<optimized out>, data=0x7fff58006ed0) at /krita/plugins/tools/tool_transform2/strokes/inplace_transform_stroke_strategy.cpp:198
#26 0x00007ffff722c460 in KisUpdateJobItem::run() (this=0x555557115860) at libs/image/kritaimage_autogen/EWIEGA46WW/../../../../../krita/libs/image/kis_update_job_item.h:90
#27 0x00007ffff4083b42 in  () at /usr/lib/libQt5Core.so.5
#28 0x00007ffff40803cb in  () at /usr/lib/libQt5Core.so.5
#29 0x00007ffff3d68259 in start_thread () at /usr/lib/libpthread.so.0
#30 0x00007ffff3c8f5e3 in clone () at /usr/lib/libc.so.6
Comment 3 Dmitry Kazakov 2021-12-16 10:13:40 UTC 
I think I have solved this bug as a part of the fix for bug 441826

*** This bug has been marked as a duplicate of bug 441826 ***