Created attachment 148533 [details] FullBackTrack and ScreenShot when crash occurs with Qt Debug view. SUMMARY If a Equirectangular Projection has been set. The crash occurs, when you try to pan the map in order to move it under or down the vertical center of the widget. *** NOTE: If you are reporting a crash, please try to attach a backtrace with debug symbols. See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports *** STEPS TO REPRODUCE 1. Set "Equirectangular Projection" 2. Pan down/Up the map until the limit OBSERVED RESULT The crash occurs EXPECTED RESULT As for other projection the crash does not occurs. SOFTWARE/OS VERSIONS Windows: Widnows 10 Linux/KDE Plasma: Centos 7 Qt Version: Qt 5.15.2 ADDITIONAL INFORMATION The crash is due a buffer overflow occurs in Marble code on method: void StackedTile::pixel(int x , int y) const; This method is called with y < 0 (when pan down) or y > buffer size (when pan up).
Yes, I can reproduce this: 1 Marble::StackedTile::pixel StackedTile.cpp 100 0x7ffff773532f 2 Marble::ScanlineTextureMapperContext::pixelValueApprox ScanlineTextureMapperContext.cpp 322 0x7ffff77207cb 3 Marble::EquirectScanlineTextureMapper::RenderJob::run EquirectScanlineTextureMapper.cpp 219 0x7ffff7722e5d 4 QThreadPoolThread::run() 0x7ffff51f766a 5 QThreadPrivate::start(void *) 0x7ffff51f3b35 6 start_thread pthread_create.c 463 0x7ffff34976db 7 clone clone.S 95 0x7ffff48cf61f Lokale Variablen this @0x7fff684782f0 Marble::StackedTile [Marble::Tile] @0x7fff684782f0 Marble::Tile jumpTable32 0x0 uint** jumpTable8 "########%%%%%%%%$$$$$$$$&&&&&&&&%%%%%%%%$$$$$$$$""""""""""""""""$$$$$$$$""""""""%%%%%%%%$$$$$$$$&&&&"... (unknown length) uchar* m_byteCount 912600 int m_depth 8 int m_isGrayscale true bool m_isUsed true bool m_resultImage (675x675) QImage m_tiles <ein Element> QVector<QSharedPointer<Marble::TextureTile> > x 15 int y 675 int Inspector Ausdrücke Rückgabewert Tooltip m_resultImage (675x675) QImage
Hm, I haven't been able to trigger this when choosing "HighQuality" rendering during Animations (See Settings) - this uses void ScanlineTextureMapperContext::pixelValueApproxF instead of void ScanlineTextureMapperContext::pixelValueApprox. So I guess that this happens due to a rounding error which calculates the position to be outside the "last/first" tile in a column. Since nextTile() will still "stay" on the same tile we will reach out of bounds. The safe and lazy solution would be to correct the Y value to be still within the bounds. I wonder whether this issue could also be triggered for the x-case
Git commit 2508968372c752daed3b120e482cb006c0e24e89 by Torsten Rahn. Committed on 22/04/2023 at 20:16. Pushed by rahn into branch 'master'. Fix Crash on Panning with Equirectangular Projection M +7 -0 src/lib/marble/ScanlineTextureMapperContext.cpp https://invent.kde.org/education/marble/commit/2508968372c752daed3b120e482cb006c0e24e89