Created attachment 116955 [details] Screenshot SUMMARY KPat crashes when any user of Adélie Linux (based on musl libc) attempts to use the Change Appearance dialog. STEPS TO REPRODUCE 1. Open KPat. 2. Choose Tools -> Change Appearance, or press the F10 key. OBSERVED RESULT Thread 6 "PreviewThread" received signal SIGSEGV, Segmentation fault. [Switching to LWP 31799] 0x00003ffff6b367f0 in fetchTransformedBilinear64<(TextureBlendType)4> (buffer=0x3fffeaf68418, data=0x100763428, y=0, x=0, length=74) at painting/qdrawhelper.cpp:2967 2967 painting/qdrawhelper.cpp: No such file or directory. (gdb) bt #0 0x00003ffff6b367f0 in fetchTransformedBilinear64<(TextureBlendType)4> (buffer=0x3fffeaf68418, data=0x100763428, y=0, x=0, length=74) at painting/qdrawhelper.cpp:2967 #1 0x00003ffff6b4186c in BlendSrcGenericRGB64::fetch (len=74, y=0, x=0, this=0x3fffeaf64378) at painting/qdrawhelper.cpp:4054 #2 handleSpans<BlendSrcGenericRGB64> (count=256, spans=0x3fffeaf6c710, data=<optimized out>, handler=...) at painting/qdrawhelper.cpp:3967 #3 0x00003ffff6b409e8 in blend_src_generic_rgb64 (count=<optimized out>, spans=0x3fffeaf6c710, userData=0x100763428) at painting/qdrawhelper.cpp:4081 #4 0x00003ffff6b3b0dc in qBlendTexture (count=<optimized out>, spans=0x3fffeaf6c710, userData=0x100763428) at painting/qdrawhelper.cpp:5347 #5 0x00003ffff6b6bcf0 in qt_span_fill_clipRect (count=<optimized out>, spans=0x3fffeaf6c710, userData=0x100763428) at painting/qpaintengine_raster.cpp:4099 #6 0x00003ffff6bde020 in QSpanBuffer::flushSpans (this=0x3fffeaf6c700) at painting/qrasterizer.cpp:111 #7 QSpanBuffer::addSpan (coverage=<optimized out>, y=85, len=<optimized out>, x=<optimized out>, this=0x3fffeaf6c700) at painting/qrasterizer.cpp:105 #8 QRasterizer::rasterizeLine (this=0x10074d7c0, a=..., b=..., width=<optimized out>, squareCap=<optimized out>) at painting/qrasterizer.cpp:917 #9 0x00003ffff6b75b2c in QRasterPaintEngine::drawImage (this=0x100763000, r=..., img=..., sr=...) at painting/qpaintengine_raster.cpp:2423 #10 0x00003ffff6b9aca8 in QPainter::drawImage (this=0x3fffeaf6d840, targetRect=..., image=..., sourceRect=..., flags=...) at painting/qpainter.cpp:5477 #11 0x00003ffff5c10364 in QPainter::drawImage (image=..., r=..., this=0x3fffeaf6d840) at /usr/include/QtGui/qpainter.h:848 #12 QSvgImage::draw (this=0x101092a40, p=0x3fffeaf6d840, states=...) at qsvggraphics.cpp:137 #13 0x00003ffff5c3cd94 in QSvgG::draw (this=0x1010926a0, p=0x3fffeaf6d840, states=...) at qsvgstructure.cpp:71 #14 0x00003ffff5c3cd94 in QSvgG::draw (this=0x101092440, p=0x3fffeaf6d840, states=...) at qsvgstructure.cpp:71 #15 0x00003ffff5c477c0 in QSvgTinyDocument::draw (this=0x1007ef200, p=0x3fffeaf6d840, id=..., bounds=...) at qsvgtinydocument.cpp:304 #16 0x00003ffff5c4a580 in QSvgRenderer::render (this=<optimized out>, painter=<optimized out>, elementId=..., bounds=...) at qsvgrenderer.cpp:399 #17 0x00003ffff7e60858 in PreviewThread::run (this=0x10075b520) at /usr/src/packages/user/kpat/src/kpat-18.08.3/libkcardgame/kcardthemewidget.cpp:104 #18 0x00003ffff61b3c88 in QThreadPrivate::start (arg=0x10075b520) at thread/qthread_unix.cpp:368 #19 0x00003ffff7fa276c in start (p=0x3fffeaf6da78) at src/thread/pthread_create.c:147 #20 0x00003ffff7fae608 in __clone () at src/thread/powerpc64/clone.s:43 EXPECTED RESULT The dialog to work properly. SOFTWARE/OS VERSIONS Linux: 4.14.76 KDE Plasma Version: 5.12.7 KDE Frameworks Version: 5.52.0 Qt Version: 5.9.7 ADDITIONAL INFORMATION This occurs on PowerPC and x86. We haven't had any reports from ARM users yet. This seems like a regression; kpat 18.04 didn't seem have this issue. It does draw the current card deck before it crashes; attached is a screenshot showing where the window stops drawing when running KPat under gdb.
It's crashing in Qt. Have you also updated your Qt by any chance? Do you have a valgrind trace?
We were still using 5.9.6 when this started, but we have since updated to 5.9.7 with no change. Valgrind output is not helpful: awilcox on gwyn [pts/11 Wed 19 18:43] ~: valgrind kpat ==22303== Memcheck, a memory error detector ==22303== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==22303== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==22303== Command: kpat ==22303== ==22303== Conditional jump or move depends on uninitialised value(s) ==22303== at 0x402BFE0: strchrnul (strchrnul.c:21) ==22303== by 0x403E1CB: getenv (getenv.c:9) ==22303== by 0x84E0BEB: ??? (in /usr/lib/libGL.so.1.2.0) ==22303== by 0x96D3893: ??? (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0x96D461F: ??? (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0x96D66D3: ??? (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0x96D6E73: ??? (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0x96D8FE7: XML_ParseBuffer (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0x96D975F: XML_Parse (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0x84E283B: ??? (in /usr/lib/libGL.so.1.2.0) ==22303== by 0x84DF373: ??? (in /usr/lib/libGL.so.1.2.0) ==22303== by 0x84DDD37: ??? (in /usr/lib/libGL.so.1.2.0) ==22303== ==22303== Conditional jump or move depends on uninitialised value(s) ==22303== at 0x402BFE0: strchrnul (strchrnul.c:21) ==22303== by 0x403E1CB: getenv (getenv.c:9) ==22303== by 0xE33924B: ??? (in /usr/lib/xorg/modules/dri/r600_dri.so) ==22303== by 0x96D3893: ??? (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0x96D461F: ??? (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0x96D66D3: ??? (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0x96D6E73: ??? (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0x96D8FE7: XML_ParseBuffer (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0x96D975F: XML_Parse (in /usr/lib/libexpat.so.1.6.8) ==22303== by 0xE33AE9B: ??? (in /usr/lib/xorg/modules/dri/r600_dri.so) ==22303== by 0xE19D5B3: ??? (in /usr/lib/xorg/modules/dri/r600_dri.so) ==22303== by 0x84DDE2B: ??? (in /usr/lib/libGL.so.1.2.0) ==22303== ==22303== ==22303== Process terminating with default action of signal 11 (SIGSEGV) ==22303== Bad permissions for mapped region at address 0x159D8048 ==22303== at 0x6267FCC: convertARGB32PMToARGB64PM(QRgba64*, unsigned int const*, int, QVector<unsigned int> const*, QDitherInfo*) (qdrawhelper.cpp:653) ==22303== ==22303== HEAP SUMMARY: ==22303== in use at exit: 35,374,539 bytes in 90,629 blocks ==22303== total heap usage: 268,386 allocs, 177,757 frees, 100,049,643 bytes allocated ==22303== ==22303== LEAK SUMMARY: ==22303== definitely lost: 216 bytes in 7 blocks ==22303== indirectly lost: 0 bytes in 0 blocks ==22303== possibly lost: 26,002 bytes in 432 blocks ==22303== still reachable: 35,313,113 bytes in 90,097 blocks ==22303== of which reachable via heuristic: ==22303== newarray : 96 bytes in 3 blocks ==22303== multipleinheritance: 72,120 bytes in 88 blocks ==22303== suppressed: 35,208 bytes in 93 blocks ==22303== Rerun with --leak-check=full to see details of leaked memory ==22303== ==22303== For counts of detected and suppressed errors, rerun with: -v ==22303== Use --track-origins=yes to see where uninitialised values come from ==22303== ERROR SUMMARY: 26 errors from 2 contexts (suppressed: 0 from 0) zsh: segmentation fault valgrind kpat I really hope this does not turn into another round of hot potato where the KDE devs blame Qt and the Qt devs blame KDE and meanwhile nobody can change card decks or backgrounds in KPat. I will attempt to bisect this crash and see if I can find an exact commit that causes it.
Okay, so it seems that even using KPat 17.12.0 now shows this same error. I started looking harder and it looks like it may actually be in the card decks themselves. Removing: svg-ancient-egyptians svg-future svg-jolly-royal svg-konqi-modern svg-standard svg-xskat-french from /usr/share/carddecks allows KPat to draw the rest of the card decks fine.
All decks affected have embedded PNG images as the actual card data. For example, from the xskat-french card deck: <image id="2_diamond" x="864" y="336" height="112" width="72" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAABwCAMAAACKGsa1AAAACXBIWXMAAABIAAAASABGyWs+AAAB YlBMVEX+/v7////5+fnAwMC8vLy/v7+6urqoqKinp6ekpKRvb2+NjY2Ojo5qampqamplZWVpaWnB wcE5OTk9PT309PT29vb6+vr8/Pz/AAD/AQH/AgL/AwP/BAT/BQX/Bwf/CQn/Cgr/Cwv/DQ3/EhL/ GBj/HR3/ICD/IiL/IyP/JSX/Jib/Jyf/KSn/MDD/ODj/OTn/PDz/PT3/Pj7/Pz//RET/R0f/Skr/ V1f/WVn/Wlr/W1v/XFz/XV3/YGD/Zmb/Z2f/bGz/e3v/fX3/fn7/f3//gID/hIT/ior/k5P/lZX/ l5f/mJj/mZn/mpr/np7/n5//oaH/pKT/t7f/wMD/wcH/wsL/xcX/xsb/x8f/1tb/2dn/29v/3d3/ 3t7/4OD/4eH/5eX/6Oj/6en/6ur/6+v/7Oz/7e3/7u7/7+//8PD/8fH/8vL/9PT/9fX/9vb/9/f/ +fn/+/v//Pz//f3//v7///9kWM14AAAAEnRSTlMAAAQ3ODg9Wltcsezs8PH8/P0Y+4y8AAAAAWJL R0QAiAUdSAAAAqdJREFUeNrtmVlTGkEURgd3cUVULgY3NDGJC6DGgAuogEbcDTKDoEIIRkAkMHP/ f2ik6FBDV1eNPPYp3i6cqb4zw8P3SSaTqaO7yzxmNciYuau7oyqRqp++4REL2gyClpHhPqkm6h+Y wHcxMdBfFUm9g+P4msk8a2gA7TmTecXxwV5J6hyaxFJofs6VQAMkXHPzoRJODnVKPaOIMnj27AE0 gN++5wEFcbRHMlsQ05H4k9OQKHqhnhKRxSxZbeSo4RU382haTkUmqc2lYAnRZq2JSsHlrRR7D99u NebMs3qkYkOkgPf8JIqtuXPDp5/IIDB9HDlLU5EDAPzYkvt1APhyyxIBwJTcEBUUWY4lsRWPLiB8 lrElyZgsK4WGiE1iDd74GNOQDRWpN0XGfuqw9lS8UZtEV4uHFdTxsAGUrzHUUzlcvPpfdL0AM8Gy /nIHDir6/gt1lIMzsHDdEFUunQDgOCi2/OIbdl8eGRdyXlbqopddIGw8oI5KaBpqbBeQefTdl7oI szsA4L7DFvwNTUGVnSzrYSUzuqOsD9YY71op/AHAl2U+HmRGRZjbTyKDcnDWm0cWyf1c0+3XVA1Z VH78QRbkh1T0ToRIiIRIiIRIiIRIiIRIiIRIiIRIiIRIiIRIiISIHdbxZvUhPz6kM058yAs06YwT aPIiVjrjRKy80BcL20BYv0d+6KuPoSl5nx1quB6RG0Ozg3GynzpkT6xgnB/V//YCxRXnRPW0POCJ uOUBhXM0FrqChbNsfsEikzg+gMi7/Xr85HYrDVH6LHI8rRfxH0iMnpx7gYpQPVr1GHpFMLW13NSv LW2mDL20CfdKWEMiqlWHCpyqF1EjfyMB51M8kibVYa3MVEiZ6UcDBEiZKZMys231atsK3zZV0G0s xdtW0/8DQD+4xI0tmI8AAAAASUVORK5CYII= " /> So perhaps this is a bug in Qt. I suppose I can close this and attempt to file a bug upstream.