Bug 408484 - SIGSEGV while walking through undo/redo on 4.2.1 git-01440fb
Summary: SIGSEGV while walking through undo/redo on 4.2.1 git-01440fb
Status: RESOLVED FIXED
Alias: None
Product: krita
Classification: Applications
Component: General (show other bugs)
Version: 4.2.1
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Dmitry Kazakov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-06-09 16:09 UTC by epicwrathssin
Modified: 2019-06-20 10:49 UTC (History)
1 user (show)

See Also:
Latest Commit: https://invent.kde.org/kde/krita/commit/3ec4483b5fb1f9118b81d361c63abf7de32b9fb6
Version Fixed In:

Attachments
thread apply all bt SIGSEGV KisBaseRectsWalker_getNodeLevelOfDetail (13.48 KB, text/plain)
2019-06-09 16:09 UTC, epicwrathssin 		Details
thread1_frame_info_args (8.16 KB, text/plain)
2019-06-19 17:46 UTC, epicwrathssin 		Details
thread1_frame_info_locals (7.75 KB, text/plain)
2019-06-19 17:47 UTC, epicwrathssin 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description epicwrathssin 2019-06-09 16:09:37 UTC 
Created attachment 120726 [details]
thread apply all bt SIGSEGV KisBaseRectsWalker_getNodeLevelOfDetail

SUMMARY

This crash happened while pressing control-z (or control-shift-z) repeatedly.

STEPS TO REPRODUCE
Unknown

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Ubuntu 19.04 / Linux 5.0.0-16-generic
(available in About System)
KDE Plasma Version: 5.15.4
KDE Frameworks Version: 5.56.0
Qt Version: 5.12.2

ADDITIONAL INFORMATION

Attached is the output from 'thread apply all bt'
A core dump is available if requested.
Binary was compiled as a RelWithDebInfo build.
Krita reports version as 4.2.1 (git-01440fb)
Comment 1 Dmitry Kazakov 2019-06-19 17:07:30 UTC 
Hm... I looked at the code and I cannot find how the assert could happen without severe memory corruption (in software, not hardware). I will mark this bug as NEEDSINFO, if you happen to see this crash again, please reopen it and try to remember, what types of nodes you had. And what actions you did with them before starting undo operation.

According to the backtrace, a layer or mask has been deleted while a smart pointer still pointing to it, which is not possible in normal situation... :(
Comment 2 epicwrathssin 2019-06-19 17:46:32 UTC 
Created attachment 121010 [details]
thread1_frame_info_args
Comment 3 epicwrathssin 2019-06-19 17:47:23 UTC 
Created attachment 121011 [details]
thread1_frame_info_locals
Comment 4 Dmitry Kazakov 2019-06-19 18:43:23 UTC 
Okay, I found our the reason of the bug. The node became detached and a failing algorithm in getNodeLevelOfDetail() got fall over it.
Comment 5 Dmitry Kazakov 2019-06-19 20:05:38 UTC 
Git commit 0da4a74e407f72604b3a7a455d82f29125ed6d5b by Dmitry Kazakov.
Committed on 19/06/2019 at 20:05.
Pushed by dkazakov into branch 'master'.

Fix a crash when undoing node creation too quickly

The loop in getNodeLevelOfDetail() was just unsafe, because `leaf`
may easily become null, when traversing a graph.

M  +9    -2    libs/image/kis_base_rects_walker.h

https://invent.kde.org/kde/krita/commit/0da4a74e407f72604b3a7a455d82f29125ed6d5b
Comment 6 Halla Rempt 2019-06-20 10:49:29 UTC 
Git commit 3ec4483b5fb1f9118b81d361c63abf7de32b9fb6 by Boudewijn Rempt, on behalf of Dmitry Kazakov.
Committed on 20/06/2019 at 10:33.
Pushed by rempt into branch 'krita/4.2'.

Fix a crash when undoing node creation too quickly

The loop in getNodeLevelOfDetail() was just unsafe, because `leaf`
may easily become null, when traversing a graph.

M  +9    -2    libs/image/kis_base_rects_walker.h

https://invent.kde.org/kde/krita/commit/3ec4483b5fb1f9118b81d361c63abf7de32b9fb6