404794 – Gwenview crashes when opening a very specific picture

Bug 404794 - Gwenview crashes when opening a very specific picture

Summary: Gwenview crashes when opening a very specific picture

Status:	RESOLVED FIXED

Alias:	None

Product:	gwenview
Classification:	Applications
Component:	general (other bugs)
Version First Reported In:	18.12.2
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Gwenview Bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-02-25 01:19 UTC by tildearrow
Modified:	2023-05-24 03:47 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
subject. (2.35 MB, image/tiff) 2019-02-25 01:19 UTC, tildearrow	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description tildearrow 2019-02-25 01:19:19 UTC

Created attachment 118345 [details]
subject.

SUMMARY
Here I am attaching a TIFF picture, which when opened using Gwenview (and sometimes also happens when just rendering its thumbnail) will crash the program.

STEPS TO REPRODUCE
1. Open the attachment.

OBSERVED RESULT
With a 40% chance:
```
Segmentation fault (core dumped)
```
otherwise with a 10% chance:
```
free(): invalid pointer
Aborted (core dumped)
```
otherwise the image will open and look corrupted and cropped off, but moving will result in the following:
```
gwenview: malloc.c:4009: _int_malloc: Assertion `(unsigned long) (size) >= (unsigned long) (nb)' failed.
Aborted (core dumped)
```

EXPECTED RESULT
No crashes and proper image (Krita works, eog displays nothing but does not crash).

SOFTWARE/OS VERSIONS
Windows: None
MacOS: None
Linux/KDE Plasma: 4.18.5-rt3-1-rt-bfq
KDE Plasma Version: 5.15.0
KDE Frameworks Version: 5.55.0
Qt Version: 5.12.1

Comment 1 Patrick Silva 2019-03-27 22:05:23 UTC

I can confirm the crash with gwenview 18.12.3 on Arch Linux,
but gwenview 19.07.70 does not crash on neon dev unstable.

Comment 2 Patrick Silva 2019-04-21 18:10:05 UTC

gwenview 19.04 is still crashing.

Operating System: Arch Linux 
KDE Plasma Version: 5.15.4
KDE Frameworks Version: 5.57.0
Qt Version: 5.12.2

Application: Gwenview (gwenview), signal: Segmentation fault
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f8456e708c0 (LWP 11857))]

Thread 6 (Thread 0x7f84452e4700 (LWP 11890)):
[KCrash Handler]
#6  0x00007f844d75d500 in  () at /usr/lib/libtiff.so.5
#7  0x00007f844d76ce22 in TIFFReadScanline () at /usr/lib/libtiff.so.5
#8  0x00007f84543b5c17 in  () at /usr/lib/qt/plugins/imageformats/libqtiff.so
#9  0x00007f845e61c016 in QImageReader::read(QImage*) (this=0x7f84452e3bc8, image=0x7f84500083d0) at image/qimagereader.cpp:1261
#10 0x00007f845f94989f in  () at /usr/lib/libgwenviewlib.so.5
#11 0x00007f845f939f43 in  () at /usr/lib/libgwenviewlib.so.5
#12 0x00007f845de1aa11 in QThreadPoolThread::run() (this=0x5631f796dd20) at thread/qthreadpool.cpp:99
#13 0x00007f845de1696c in QThreadPrivate::start(void*) (arg=0x5631f796dd20) at thread/qthread_unix.cpp:361
#14 0x00007f845bebea92 in start_thread () at /usr/lib/libpthread.so.0
#15 0x00007f845dafbcd3 in clone () at /usr/lib/libc.so.6

Thread 5 (Thread 0x7f8445ae5700 (LWP 11873)):
#0  0x00007f845bec4bac in pthread_cond_wait@@GLIBC_2.3.2 () at /usr/lib/libpthread.so.0
#1  0x00007f845de1cc4c in QWaitConditionPrivate::wait(QDeadlineTimer) (deadline=..., this=0x5631f6fd2b00) at thread/qwaitcondition_unix.cpp:146
#2  0x00007f845de1cc4c in QWaitCondition::wait(QMutex*, QDeadlineTimer) (this=<optimized out>, mutex=0x5631f6fb9d98, deadline=...) at thread/qwaitcondition_unix.cpp:225
#3  0x00007f845de1cd3a in QWaitCondition::wait(QMutex*, unsigned long) (this=0x5631f6fb9da0, mutex=0x5631f6fb9d98, time=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qdeadlinetimer.h:68
#4  0x00007f845f9a49a4 in  () at /usr/lib/libgwenviewlib.so.5
#5  0x00007f845de1696c in QThreadPrivate::start(void*) (arg=0x5631f6fb9d30) at thread/qthread_unix.cpp:361
#6  0x00007f845bebea92 in start_thread () at /usr/lib/libpthread.so.0
#7  0x00007f845dafbcd3 in clone () at /usr/lib/libc.so.6

Thread 4 (Thread 0x7f844d235700 (LWP 11860)):
#0  0x00007f845bec4fa6 in pthread_cond_timedwait@@GLIBC_2.3.2 () at /usr/lib/libpthread.so.0
#1  0x00007f845de1cbc9 in QWaitConditionPrivate::wait_relative(QDeadlineTimer) (this=0x5631f73ef140, deadline=...) at thread/qwaitcondition_unix.cpp:136
#2  0x00007f845de1cbc9 in QWaitConditionPrivate::wait(QDeadlineTimer) (deadline=..., this=0x5631f73ef140) at thread/qwaitcondition_unix.cpp:144
#3  0x00007f845de1cbc9 in QWaitCondition::wait(QMutex*, QDeadlineTimer) (this=<optimized out>, mutex=0x5631f7294360, deadline=...) at thread/qwaitcondition_unix.cpp:225
#4  0x00007f845de1cd08 in QWaitCondition::wait(QMutex*, unsigned long) (this=this@entry=0x5631f73eef80, mutex=mutex@entry=0x5631f7294360, time=<optimized out>) at thread/qwaitcondition_unix.cpp:209
#5  0x00007f845de1ac2b in QThreadPoolThread::run() (this=0x5631f73eef70) at ../../include/QtCore/../../src/corelib/thread/qmutex.h:240
#6  0x00007f845de1696c in QThreadPrivate::start(void*) (arg=0x5631f73eef70) at thread/qthread_unix.cpp:361
#7  0x00007f845bebea92 in start_thread () at /usr/lib/libpthread.so.0
#8  0x00007f845dafbcd3 in clone () at /usr/lib/libc.so.6

Thread 3 (Thread 0x7f844ffff700 (LWP 11859)):
#0  0x00007f845daecc54 in read () at /usr/lib/libc.so.6
#1  0x00007f84599b5961 in  () at /usr/lib/libglib-2.0.so.0
#2  0x00007f8459a05e40 in g_main_context_check () at /usr/lib/libglib-2.0.so.0
#3  0x00007f8459a07636 in  () at /usr/lib/libglib-2.0.so.0
#4  0x00007f8459a0777e in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#5  0x00007f845e028cb4 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f8448000b20, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#6  0x00007f845dfd1a8c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7f844fffecb0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:140
#7  0x00007f845de15569 in QThread::exec() (this=this@entry=0x7f845d7c8080 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:120
#8  0x00007f845d74cba6 in QDBusConnectionManager::run() (this=0x7f845d7c8080 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:178
#9  0x00007f845de1696c in QThreadPrivate::start(void*) (arg=0x7f845d7c8080 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:361
#10 0x00007f845bebea92 in start_thread () at /usr/lib/libpthread.so.0
#11 0x00007f845dafbcd3 in clone () at /usr/lib/libc.so.6

Thread 2 (Thread 0x7f8455e8b700 (LWP 11858)):
#0  0x00007f845daf10d1 in poll () at /usr/lib/libc.so.6
#1  0x00007f845997c630 in  () at /usr/lib/libxcb.so.1
#2  0x00007f845997e2db in xcb_wait_for_event () at /usr/lib/libxcb.so.1
#3  0x00007f8456a22989 in QXcbEventQueue::run() (this=0x5631f6f052f0) at qxcbeventqueue.cpp:228
#4  0x00007f845de1696c in QThreadPrivate::start(void*) (arg=0x5631f6f052f0) at thread/qthread_unix.cpp:361
#5  0x00007f845bebea92 in start_thread () at /usr/lib/libpthread.so.0
#6  0x00007f845dafbcd3 in clone () at /usr/lib/libc.so.6

Thread 1 (Thread 0x7f8456e708c0 (LWP 11857)):
#0  0x00007f845bec4bac in pthread_cond_wait@@GLIBC_2.3.2 () at /usr/lib/libpthread.so.0
#1  0x00007f845de1cc4c in QWaitConditionPrivate::wait(QDeadlineTimer) (deadline=..., this=0x5631f73eef00) at thread/qwaitcondition_unix.cpp:146
#2  0x00007f845de1cc4c in QWaitCondition::wait(QMutex*, QDeadlineTimer) (this=this@entry=0x5631f7294388, mutex=mutex@entry=0x5631f7294360, deadline=...) at thread/qwaitcondition_unix.cpp:225
#3  0x00007f845de19438 in QThreadPoolPrivate::waitForDone(QDeadlineTimer const&) (this=this@entry=0x5631f72942f0, timer=...) at thread/qthreadpool.cpp:311
#4  0x00007f845de19844 in QThreadPoolPrivate::waitForDone(int) (this=0x5631f72942f0, msecs=<optimized out>) at thread/qthreadpool.cpp:321
#5  0x00007f845de198dd in QThreadPool::~QThreadPool() (this=0x7f845e284760 <(anonymous namespace)::Q_QGS_theInstance::innerFunction()::holder>, __in_chrg=<optimized out>) at thread/qthreadpool.cpp:473
#6  0x00007f845de1991a in (anonymous namespace)::Q_QGS_theInstance::Holder::~Holder() (this=<optimized out>, __in_chrg=<optimized out>) at thread/qthreadpool.cpp:48
#7  0x00007f845da3af2c in __run_exit_handlers () at /usr/lib/libc.so.6
#8  0x00007f845da3b05e in  () at /usr/lib/libc.so.6
#9  0x00007f84569ef226 in QXcbConnection::processXcbEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x5631f6ef6850, flags=flags@entry=...) at qxcbconnection.cpp:1003
#10 0x00007f8456a239a4 in xcbSourceDispatch(GSource*, GSourceFunc, gpointer) (source=<optimized out>) at qxcbeventdispatcher.cpp:103
#11 0x00007f8459a057bf in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#12 0x00007f8459a07739 in  () at /usr/lib/libglib-2.0.so.0
#13 0x00007f8459a0777e in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#14 0x00007f845e028c99 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x5631f6f445a0, flags=...) at kernel/qeventdispatcher_glib.cpp:422
#15 0x00007f845dfd1a8c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffd97720c30, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:140
#16 0x00007f845dfd9de6 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:120
#17 0x00005631f67a274c in  ()
#18 0x00007f845da24ce3 in __libc_start_main () at /usr/lib/libc.so.6
#19 0x00005631f67a2d3e in _start ()
[Inferior 1 (process 11857) detached]

Comment 3 2wxsy58236r3 2019-06-26 10:07:24 UTC

I can reproduce this on 19.04.2:

$ gwenview tildearrow.tif
Invalid url QUrl("")
Gwenview can only apply color profile on RGB32 or ARGB32 images
free(): invalid pointer
中止 (コアダンプ)

Comment 4 Justin Zobel 2022-09-23 02:22:50 UTC

Thank you for reporting this crash in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the crash with a recent software version?

If you can reproduce the issue, please change the status to "CONFIRMED" when replying. Thank you!

Comment 5 2wxsy58236r3 2022-09-23 05:07:15 UTC

(In reply to Justin Zobel from comment #4)
> Thank you for reporting this crash in KDE software. As it has been a while
> since this issue was reported, can we please ask you to see if you can
> reproduce the crash with a recent software version?
> 
> If you can reproduce the issue, please change the status to "CONFIRMED" when
> replying. Thank you!

On Gwenview 22.08.1 (Arch Linux), the test file does not crash Gwenview, but the image cannot be displayed properly. Gwenview is also unable to render the preview.

Meanwhile, GIMP displays the test file without any issue.

```
kf.i18n.kuit: "Unknown subcue ':whatsthis,' in UI marker in context {@info:whatsthis, %1 the action's text}."
KTranscript: Loaded module: /usr/share/locale/ja/LC_SCRIPTS/ki18n5/ki18n5.js
org.kde.kdegraphics.gwenview.lib: Unresolved mime type  "image/x-mng"
org.kde.kdegraphics.gwenview.lib: Unresolved raw mime type  "image/x-samsung-srw"
gwenview.libtiff: Error foo "Sorry, can not handle images with 32-bit samples"
gwenview.libtiff: Error foo "Sorry, can not handle images with 32-bit samples"
org.kde.kdegraphics.gwenview.lib: Gwenview cannot apply color profile on QImage::Format_ARGB32_Premultiplied images
gwenview.libtiff: Error foo "Sorry, can not handle images with 32-bit samples"
org.kde.kdegraphics.gwenview.lib: Could not generate thumbnail for file "file:///tmp/tildearrow.tif"
JXL image has Qt-unsupported or invalid ICC profile!
JXL image has Qt-unsupported or invalid ICC profile!
gwenview.libtiff: Error foo "Sorry, can not handle images with 32-bit samples"
org.kde.kdegraphics.gwenview.lib: Could not generate thumbnail for file "file:///tmp/tildearrow.tif"
org.kde.kdegraphics.gwenview.lib: Gwenview cannot apply color profile on QImage::Format_ARGB32_Premultiplied images
```

Comment 6 Bug Janitor Service 2022-10-08 04:52:57 UTC

Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!

Comment 7 Bug Janitor Service 2022-10-23 05:00:51 UTC

This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!

Comment 8 tildearrow 2023-05-24 03:47:50 UTC

Apologies for the extremely long delay!
Gwenview 23.04.1... no longer crashes when opening the picture.
Image is still improperly displayed though...