Version: (using KDE 4.3.1) KisConvolutionPainter::applyMatrix returns empty paint device when some conditions are met (see source code for more). If we consequently apply it to such an empty device it'll crash in iterators. Possible solutions: 1) applyMatrix always returns a result (not an empty device) or asserts 2) introduce some way of reporting faults PS: There is quite strange check: if (areaSize.width() < kw || areaSize.height() < kh || ...) return; I guess it should be removed as nevertheless we read outside of areaSize a couple of lines below.
SVN commit 1066740 by dkazakov: Workaround for consequent convolutions crash FIXME: Implementation can return empty destination device on faults and has no way to report this. This will cause a crash on sequential convolutions inside iteratiors. o implementation should do it's work or assert otherwise (or report the issue somehow) o check other cases of the switch for the vulnerability CCBUG:220310 CCMAIL:cberger@cberger.net M +13 -1 kis_convolution_painter.cc WebSVN link: http://websvn.kde.org/?view=rev&revision=1066740
What's the status of this bug? Can it already be closed?
This is more a design problem of KisConvolutionPainter. I added it here for someone to fix this. I don't really know what to do with the problem.
Downgrade to normal, since we have a workaround.
if nobody knows, let's add a comment to the source code and close the bug.
Git commit 50d695fd5bf9f28ab5bc01cda3f7dbd1b8569d30 by Boudewijn Rempt. Committed on 29/02/2012 at 13:37. Pushed by rempt into branch 'master'. Add a note about possible issues that need fixing M +7 -0 krita/image/kis_convolution_painter.h http://commits.kde.org/calligra/50d695fd5bf9f28ab5bc01cda3f7dbd1b8569d30