Bug 444256

Summary: Crashes upon exporting
Product: [Applications] krita Reporter: tildearrow <tildearrow>
Component: File formatsAssignee: Krita Bugs <krita-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: halla
Priority: NOR    
Version: 4.4.8   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: https://invent.kde.org/graphics/krita/commit/5b247c2359ec992d809f25688ce4c06ab5fd0a3f Version Fixed In:
Sentry Crash Report:

Description tildearrow 2021-10-23 08:13:57 UTC 
SUMMARY
Yep, as the title says. Krita crashes upon exporting an image to PNG.

STEPS TO REPRODUCE
1. Open the linked image at the footer of this bug report (sorry, it is bigger than 4MB).
2. Export to PNG with the following settings:
- Compression: 9
- Store alpha channel
3. Click OK. Krita will crash...

OBSERVED RESULT
Crash

EXPECTED RESULT
Document exported. No crash

SOFTWARE/OS VERSIONS
Windows: N/A
macOS: N/A
Linux/KDE Plasma: Linux kernel 5.4.61-rt37-1-rt-lts/Plasma 5.22.4
(available in About System)
KDE Plasma Version: 5.22.4
KDE Frameworks Version: 5.84.0
Qt Version: 5.15.2+kde+r211-1/6.1.2-1

ADDITIONAL INFORMATION
The chance of crashing greatly depends upon the image. Most of them export correctly, but some don't.
The image that reproduces the bug: https://tildearrow.org/p/lecmcAIchG.png
Comment 1 tildearrow 2021-10-23 08:24:00 UTC 
Hmm... seems like something related to EXIF metadata present on the image!
Here's a backtrace:

```
SAFE ASSERT (krita): "0 && "Unknown alternative array type"" in file /build/krita/src/krita-4.4.8/libs/ui/kisexiv2/kis_exiv2.cpp, line 195
--Type <RET> for more, q to quit, c to continue without paging--

Thread 64 "Thread (pooled)" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff99d65640 (LWP 3029)]
0x00007ffff40fac6c in Exiv2::Exifdatum::Exifdatum(Exiv2::ExifKey const&, Exiv2::Value const*) ()
   from /usr/lib/libexiv2.so.27
(gdb) backtrace
#0  0x00007ffff40fac6c in Exiv2::Exifdatum::Exifdatum(Exiv2::ExifKey const&, Exiv2::Value const*) ()
   from /usr/lib/libexiv2.so.27
#1  0x00007ffff40fb3da in Exiv2::ExifData::add(Exiv2::ExifKey const&, Exiv2::Value const*) ()
   from /usr/lib/libexiv2.so.27
#2  0x00007ffff6edb494 in ?? () from /usr/lib/libkritaui.so.20
#3  0x00007ffff6e80cc9 in KisPNGConverter::buildFile(QIODevice*, QRect const&, double, double, KisSharedPtr<KisPaintDevice>, QTypedArrayData<KisSharedPtr<KisAnnotation> >::iterator, QTypedArrayData<KisSharedPtr<KisAnnotation> >::iterator, KisPNGOptions, KisMetaData::Store*) () from /usr/lib/libkritaui.so.20
#4  0x00007fff641e33bf in ?? () from /usr/lib/kritaplugins/kritapngexport.so
#5  0x00007ffff70b6228 in KisImportExportManager::doExportImpl(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>) () from /usr/lib/libkritaui.so.20
#6  0x00007ffff70b6603 in KisImportExportManager::doExport(QString const&, QSharedPointer<KisImportExportFilter>, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool) () from /usr/lib/libkritaui.so.20
#7  0x00007ffff70ba897 in ?? () from /usr/lib/libkritaui.so.20
#8  0x00007ffff48932f2 in ?? () from /usr/lib/libQt5Core.so.5
#9  0x00007ffff488ffef in ?? () from /usr/lib/libQt5Core.so.5
#10 0x00007ffff2d55259 in start_thread () from /usr/lib/libpthread.so.0
#11 0x00007ffff44c35e3 in clone () from /usr/lib/libc.so.6
```
Comment 2 Bug Janitor Service 2021-10-29 18:08:20 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/graphics/krita/-/merge_requests/1130
Comment 3 sh_zam 2021-10-29 18:22:31 UTC 
Git commit 929c0e6ce856269e0d2be407cc9650f296fcc191 by Sharaf Zaman.
Committed on 29/10/2021 at 17:49.
Pushed by szaman into branch 'master'.

Fix crash when exporting an image with  exiv data

This is a use after free. As soon as scope of the AutoPtr would end it
would be freed and we'd be left with garbage, resulting in a crash.

M  +1    -1    plugins/metadata/common/kis_exiv2_common.h

https://invent.kde.org/graphics/krita/commit/929c0e6ce856269e0d2be407cc9650f296fcc191
Comment 4 sh_zam 2021-10-29 18:22:39 UTC 
Git commit fbe192a178acd2739de52e6c2533c1738e4ea34f by Sharaf Zaman.
Committed on 29/10/2021 at 18:18.
Pushed by szaman into branch 'master'.

Catch an exception when encoding XMP

If there's an image with an invalid data Krita enters an undefined
state.

M  +6    -1    plugins/metadata/xmp/kis_xmp_io.cpp

https://invent.kde.org/graphics/krita/commit/fbe192a178acd2739de52e6c2533c1738e4ea34f
Comment 5 sh_zam 2021-11-08 10:18:52 UTC 
Git commit 5b247c2359ec992d809f25688ce4c06ab5fd0a3f by Sharaf Zaman.
Committed on 08/11/2021 at 10:10.
Pushed by szaman into branch 'krita/5.0'.

Fix crash when exporting an image with  exiv data

This is a use after free. As soon as scope of the AutoPtr would end it
would be freed and we'd be left with garbage, resulting in a crash.
(cherry picked from commit 929c0e6ce856269e0d2be407cc9650f296fcc191)

M  +1    -1    libs/ui/kisexiv2/kis_exiv2.cpp

https://invent.kde.org/graphics/krita/commit/5b247c2359ec992d809f25688ce4c06ab5fd0a3f