SUMMARY Krita segfaults when performing a redo action after taking certain steps related to the crop tool. STEPS TO REPRODUCE 1. Draw something. 2. Select crop tool. 3. Make a crop box. 4. Undo (this single undo will undo both the drawing and the crop box). 5. Make another crop box. 6. Redo. Another case: 1. Select crop tool. 2. Make a crop box. 3. Crop. 4. Undo. 5. Make another crop box. 6. Redo. OBSERVED RESULT Krita segfaults. EXPECTED RESULT Krita shouldn't segfault. Perhaps the crop box selection action could be considered its own action in the undo stack as well. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Debian sid (available in About System) KDE Plasma Version: 5.20.5 KDE Frameworks Version: 5.78.0 Qt Version: 5.12.9 (Appimage) ADDITIONAL INFORMATION Not a regression, from what I can tell.
Created attachment 136270 [details] backtrace I can confirm this bug, easily reproductible following the steps provided, attached backtrace.
Can reproduce in master as well. Assigning this to myself.
A possibly relevant merge request was started @ https://invent.kde.org/graphics/krita/-/merge_requests/765
Git commit 5ea95edb1f51acbac032055aee6333381efe95c8 by Sharaf Zaman. Committed on 24/03/2021 at 10:22. Pushed by szaman into branch 'master'. Bugfix: Crash with crop tool The reason for crash was use after free, and the flow is like this: 1. User Crops the image (Crop gets added to Undo Stack) 2. User Undos the Crop (Crop is popped off that stack and is available for Redo) 3. User makes a Crop Selection 4. User makes a Redo Action (Because the crop selection is active, prior to the change we would apply the crop stroke which would purge the Redo Stack, deleting the KisSavedMacroCommand* which later would be used in KisSavedCommandBase::runStroke [its vtable]). Since there is no stroke running during selection, we only have to clear the selection. M +1 -1 plugins/tools/tool_crop/kis_tool_crop.cc https://invent.kde.org/graphics/krita/commit/5ea95edb1f51acbac032055aee6333381efe95c8
Git commit 9ac750ab57607f3219ca4d444bc1e9ec69517e67 by Sharaf Zaman. Committed on 24/03/2021 at 10:39. Pushed by szaman into branch 'krita/4.3'. Bugfix: Crash with crop tool The reason for crash was use after free, and the flow is like this: 1. User Crops the image (Crop gets added to Undo Stack) 2. User Undos the Crop (Crop is popped off that stack and is available for Redo) 3. User makes a Crop Selection 4. User makes a Redo Action (Because the crop selection is active, prior to the change we would apply the crop stroke which would purge the Redo Stack, deleting the KisSavedMacroCommand* which later would be used in KisSavedCommandBase::runStroke [its vtable]). Since there is no stroke running during selection, we only have to clear the selection. (cherry picked from commit 5ea95edb1f51acbac032055aee6333381efe95c8) M +1 -1 plugins/tools/tool_crop/kis_tool_crop.cc https://invent.kde.org/graphics/krita/commit/9ac750ab57607f3219ca4d444bc1e9ec69517e67
*** Bug 435193 has been marked as a duplicate of this bug. ***
Git commit a993eec3de6487ea01b712c4695503f880ee673f by Dmitry Kazakov. Committed on 03/04/2021 at 11:53. Pushed by dkazakov into branch 'master'. Fix data corruption on pressing Ctrl+Z while crop action is active M +5 -0 plugins/tools/tool_crop/kis_tool_crop.cc M +1 -0 plugins/tools/tool_crop/kis_tool_crop.h https://invent.kde.org/graphics/krita/commit/a993eec3de6487ea01b712c4695503f880ee673f
Git commit 2eb56697e4646d34fe5f0b940ec0bc991d589a9b by Dmitry Kazakov. Committed on 01/06/2021 at 11:58. Pushed by dkazakov into branch 'krita/4.3'. Fix data corruption on pressing Ctrl+Z while crop action is active M +5 -0 plugins/tools/tool_crop/kis_tool_crop.cc M +1 -0 plugins/tools/tool_crop/kis_tool_crop.h https://invent.kde.org/graphics/krita/commit/2eb56697e4646d34fe5f0b940ec0bc991d589a9b
*** Bug 438563 has been marked as a duplicate of this bug. ***