436283 – access violation in ZN22KisFrameDataSerializer23estimateFrameUniquenessERKNS_5FrameES2_d

Bug 436283 - access violation in ZN22KisFrameDataSerializer23estimateFrameUniquenessERKNS_5FrameES2_d

Summary: access violation in ZN22KisFrameDataSerializer23estimateFrameUniquenessERKNS_...

Status:	RESOLVED FIXED

Alias:	None

Product:	krita
Classification:	Applications
Component:	Animation (other bugs)
Version First Reported In:	4.4.3
Platform:	Microsoft Windows Microsoft Windows

Importance:	NOR crash
Target Milestone:	---
Assignee:	Krita Bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-04-27 22:45 UTC by William Cameron
Modified:	2023-07-07 15:29 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:	https://invent.kde.org/graphics/krita/commit/ae32cde0cd2f4dc97cf8538118bd36131829c434
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description William Cameron 2021-04-27 22:45:10 UTC

SUMMARY
submitting on behalf of partner who experienced this issue, i found crashdumps in by localappdata for krita due to a nullptr access violation in memcmp called by ZN22KisFrameDataSerializer23estimateFrameUniquenessERKNS_5FrameES2_d

(3320.1fe0): Access violation - code c0000005 (first/second chance not available)
// shows comparison was a nullptr
00007ffe`c349ce22 3a0411          cmp     al,byte ptr [rcx+rdx] ds:00000000`00000000=??

stack:
0b 00000000`005f35e8 00007ffe`43891942     msvcrt!memcmp+0x32
0c 00000000`005f35f0 00007ffe`43898460     libkritaui!ZN22KisFrameDataSerializer23estimateFrameUniquenessERKNS_5FrameES2_d+0x182
0d 00000000`005f3690 00007ffe`43898c15     libkritaui!ZN18KisFrameCacheStore9saveFrameEi12KisSharedPtrI19KisOpenGLUpdateInfoERK5QRect+0x8b0
0e 00000000`005f37a0 00007ffe`4387d4ee     libkritaui!ZN20KisFrameCacheSwapper9saveFrameEi12KisSharedPtrI19KisOpenGLUpdateInfoERK5QRect+0x25
0f 00000000`005f37e0 00007ffe`4387fe7b     libkritaui!ZN22KisAnimationFrameCache21addConvertedFrameDataE12KisSharedPtrI19KisOpenGLUpdateInfoEi+0x1ce
10 00000000`005f38c0 00007ffe`438a34ae     libkritaui!ZN29KisAsyncAnimationRendererBaseD0Ev+0x4ab

process dump attached.

STEPS TO REPRODUCE
reproduction is intermittent
1. create 50 odd unique frames
2. press play on the animation


OBSERVED RESULT
nullptr access violation in memcmp

EXPECTED RESULT
no exception, animation plays

Krita

 Version: 4.4.3
 Languages: en_US, en
 Hidpi: true

Qt

  Version (compiled): 5.12.9
  Version (loaded): 5.12.9

OS Information

  Build ABI: x86_64-little_endian-llp64
  Build CPU: x86_64
  CPU: x86_64
  Kernel Type: winnt
  Kernel Version: 10.0.19042
  Pretty Productname: Windows 10 (10.0)
  Product Type: windows
  Product Version: 10

OpenGL Info
 
  Vendor:  "Google Inc." 
  Renderer:  "ANGLE (Intel(R) UHD Graphics Direct3D11 vs_5_0 ps_5_0)" 
  Version:  "OpenGL ES 3.0 (ANGLE 2.1.0.57ea533f79a7)" 
  Shading language:  "OpenGL ES GLSL ES 3.00 (ANGLE 2.1.0.57ea533f79a7)" 
  Requested format:  QSurfaceFormat(version 3.0, options QFlags<QSurfaceFormat::FormatOption>(DeprecatedFunctions), depthBufferSize 24, redBufferSize 8, greenBufferSize 8, blueBufferSize 8, alphaBufferSize 8, stencilBufferSize 8, samples -1, swapBehavior QSurfaceFormat::DoubleBuffer, swapInterval 0, colorSpace QSurfaceFormat::DefaultColorSpace, profile  QSurfaceFormat::CompatibilityProfile) 
  Current format:    QSurfaceFormat(version 3.0, options QFlags<QSurfaceFormat::FormatOption>(), depthBufferSize 24, redBufferSize 8, greenBufferSize 8, blueBufferSize 8, alphaBufferSize 8, stencilBufferSize 8, samples 0, swapBehavior QSurfaceFormat::DefaultSwapBehavior, swapInterval 0, colorSpace QSurfaceFormat::DefaultColorSpace, profile  QSurfaceFormat::NoProfile) 
     Version: 3.0
     Supports deprecated functions false 
     is OpenGL ES: true 

QPA OpenGL Detection Info 
  supportsDesktopGL: true 
  supportsAngleD3D11: true 
  isQtPreferAngle: true 

Hardware Information

  GPU Acceleration: auto
  Memory: 16201 Mb
  Number of Cores: 12
  Swap Location: C:/Users/William/AppData/Local/Temp

Current Settings

  Current Swap Location: C:/Users/William/AppData/Local/Temp
  Current Swap Location writable: true
  Undo Enabled: true
  Undo Stack Limit: 30
  Use OpenGL: true
  Use OpenGL Texture Buffer: true
  Use AMD Vectorization Workaround: false
  Canvas State: TRY_OPENGL
  Autosave Interval: 900
  Use Backup Files: true
  Number of Backups Kept: 1
  Backup File Suffix: ~
  Backup Location: Same Folder as the File
  Backup Location writable: false
  Use Win8 Pointer Input: false
  Use RightMiddleTabletButton Workaround: false
  Levels of Detail Enabled: false
  Use Zip64: false


Display Information
Number of screens: 1
	Screen: 0
		Name: \\.\DISPLAY1
		Depth: 32
		Scale: 1
		Resolution in pixels: 1920x1080
		Manufacturer: 
		Model: 
		Refresh Rate: 240

Comment 1 Halla Rempt 2021-05-14 09:53:37 UTC

Git commit ae32cde0cd2f4dc97cf8538118bd36131829c434 by Halla Rempt.
Committed on 14/05/2021 at 09:53.
Pushed by rempt into branch 'master'.

Check pointers before use

M  +1    -1    libs/ui/KisFrameDataSerializer.cpp

https://invent.kde.org/graphics/krita/commit/ae32cde0cd2f4dc97cf8538118bd36131829c434

Comment 2 Dmitry Kazakov 2023-07-07 15:29:15 UTC

Git commit e887490cc30a89ef1811cebcf29549d0bdf98347 by Dmitry Kazakov.
Committed on 07/07/2023 at 15:15.
Pushed by dkazakov into branch 'master'.

Properly catch null pointers in KisFrameDataSerializer::estimateFrameUniqueness

M  +5    -1    libs/ui/KisFrameDataSerializer.cpp

https://invent.kde.org/graphics/krita/-/commit/e887490cc30a89ef1811cebcf29549d0bdf98347