Bug 455595 - Crash (buffer overflow) loading recent project
Summary: Crash (buffer overflow) loading recent project
Status: RESOLVED UPSTREAM
Alias: None
Product: kdenlive
Classification: Applications
Component: Setup & Installation (other bugs)
Version First Reported In: 22.04.2
Platform: openSUSE Linux
: NOR crash
Target Milestone: ---
Assignee: Vincent PINON
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-06-19 09:47 UTC by kailed
Modified: 2022-06-23 16:04 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
back trace with more debuginfo included (6.05 KB, text/plain)
2022-06-20 08:36 UTC, Freek de Kruijf 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description kailed 2022-06-19 09:47:08 UTC 
SUMMARY
crash loading recent project. opeSUSE rpm are build with "fortify source = 3"

STEPS TO REPRODUCE
1. open kdenlive
2. try open a recent project
3. 

OBSERVED RESULT
Crash !

qml: item not found
LOCALE: Document uses  "."  as decimal point and  "C"  as locale
Searching for locale: Found  QLocale(Italian, Latin, Switzerland)  with match type  0
==== FIXING PRODUCER WITH ID:  "26"
*** buffer overflow detected ***: terminated

EXPECTED RESULT
working kdenlive..

All software up to date(Plasma, Qt, kdeframework at latest stable release) 

ADDITIONAL INFORMATION
Comment 1 Christophe Marin 2022-06-20 06:15:56 UTC 
The openSUSE Tumbleweed packages are now built with -D_FORTIFY_SOURCE=3. We received a downstream report about a similar error:

After upgrading Tumbleweed lately, kdenlive crashes when loading the first clip.
DRKonqi does not produce crashinformation.
I started kdenlive with gdb and got the following:
/////////// found list (QUrl("file:///home/xxxxx/Videos/2012Suriname/20120719-083840.mp4"))
/////////// creatclipsfromlist (QUrl("file:///home/xxxxx/Videos/2012Suriname/20120719-083840.mp4")) true "-1"
/////////// createClipFromFile "/home/xxxxx/Videos/2012Suriname/20120719-083840.mp4" "-1"
=== GOT DROPPED MIME:  "video/mp4"
/////////// final xml "<producer>\n <property name=\"resource\">/home/xxxxx/Videos/2012Suriname/20120719-083840.mp4</property>\n</producer>\n"
[New Thread 0x7fff59a2b640 (LWP 25561)]
============STARTING LOAD TASK FOR:  "/home/xxxxx/Videos/2012Suriname/20120719-083840.mp4" 

:::::::::::::::::::
/////////// creatclipsfromlist return false
*** buffer overflow detected ***: terminated

Thread 31 "Thread (pooled)" received signal SIGABRT, Aborted.
Comment 2 Vincent PINON 2022-06-20 07:01:35 UTC 
Hello,
Can't you get a more detailed crash backtrace? It would help to debug...
In the meantime you may continue to work with AppImage or Flatpak.
Comment 3 Freek de Kruijf 2022-06-20 07:37:48 UTC 
At the location of the crash I followed like below:
(gdb) bt
#0  0x00007ffff44a96bc in __pthread_kill_implementation () at /lib64/libc.so.6
#1  0x00007ffff44566f6 in raise () at /lib64/libc.so.6
#2  0x00007ffff443f814 in abort () at /lib64/libc.so.6
#3  0x00007ffff449c79e in __libc_message () at /lib64/libc.so.6
#4  0x00007ffff454187a in __fortify_fail () at /lib64/libc.so.6
#5  0x00007ffff453fe36 in  () at /lib64/libc.so.6
#6  0x00007ffff4541158 in  () at /lib64/libc.so.6
#7  0x00007fffe01c8380 in  () at /usr/lib64/mlt-7/libmltavformat.so
#8  0x00007fffe01c92b5 in  () at /usr/lib64/mlt-7/libmltavformat.so
#9  0x00007fffe01d1b5f in producer_avformat_init () at /usr/lib64/mlt-7/libmltavformat.so
#10 0x00007ffff73caae2 in mlt_factory_producer () at /lib64/libmlt-7.so.7
#11 0x00007fffcbe909b2 in  () at /usr/lib64/mlt-7/libmltcore.so
#12 0x00007fffcbe90e44 in producer_loader_init () at /usr/lib64/mlt-7/libmltcore.so
#13 0x00007ffff73caae2 in mlt_factory_producer () at /lib64/libmlt-7.so.7
#14 0x00007ffff73a5830 in Mlt::Producer::Producer(mlt_profile_s*, char const*, char const*) () at /lib64/libmlt++-7.so.7
#15 0x000055555584a8a4 in std::_Construct<Mlt::Producer, Mlt::Profile&, decltype(nullptr), char const*>(Mlt::Producer*, Mlt::Profile&, decltype(nullptr)&&, char const*&&) (__p=0x7fff40002e10) at /usr/include/c++/12/bits/stl_construct.h:119
#16 std::allocator_traits<std::allocator<void> >::construct<Mlt::Producer, Mlt::Profile&, decltype(nullptr), char const*>(std::allocator<void>&, Mlt::Producer*, Mlt::Profile&, decltype(nullptr)&&, char const*&&) (__p=0x7fff40002e10)
    at /usr/include/c++/12/bits/alloc_traits.h:635
#17 std::_Sp_counted_ptr_inplace<Mlt::Producer, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<Mlt::Profile&, decltype(nullptr), char const*>(std::allocator<void>, Mlt::Profile&, decltype(nullptr)&&, char const*&&)
    (__a=..., this=0x7fff40002e00) at /usr/include/c++/12/bits/shared_ptr_base.h:604
#18 std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<Mlt::Producer, std::allocator<void>, Mlt::Profile&, decltype(nullptr), char const*>(Mlt::Producer*&, std::_Sp_alloc_shared_tag<std::allocator<void> >, Mlt::Profile&, decltype(nullptr)&&, char const*&&)
    (__a=..., __p=@0x7fff5a10fa70: 0x555555bfb300 <ClipLoadTask::run()::{lambda()#3}::operator()() const::qstring_literal>, this=0x7fff5a10fa78) at /usr/include/c++/12/bits/shared_ptr_base.h:971
#19 std::__shared_ptr<Mlt::Producer, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<void>, Mlt::Profile&, decltype(nullptr), char const*>(std::_Sp_alloc_shared_tag<std::allocator<void> >, Mlt::Profile&, decltype(nullptr)&&, char const*&&)
    (__tag=..., this=0x7fff5a10fa70) at /usr/include/c++/12/bits/shared_ptr_base.h:1712
#20 std::shared_ptr<Mlt::Producer>::shared_ptr<std::allocator<void>, Mlt::Profile&, decltype(nullptr), char const*>(std::_Sp_alloc_shared_tag<std::allocator<void> >, Mlt::Profile&, decltype(nullptr)&&, char const*&&) (__tag=..., this=0x7fff5a10fa70)
    at /usr/include/c++/12/bits/shared_ptr.h:464
#21 std::make_shared<Mlt::Producer, Mlt::Profile&, decltype(nullptr), char const*>(Mlt::Profile&, decltype(nullptr)&&, char const*&&) () at /usr/include/c++/12/bits/shared_ptr.h:1010
#22 ClipLoadTask::run() (this=0x55555c1a1e50) at /usr/src/debug/kdenlive-22.04.2-1.1.x86_64/src/jobs/cliploadtask.cpp:463
#23 0x00007ffff4cf92f1 in  () at /lib64/libQt5Core.so.5
#24 0x00007ffff4cf5d4d in  () at /lib64/libQt5Core.so.5
#25 0x00007ffff44a7777 in start_thread () at /lib64/libc.so.6
--Type <RET> for more, q to quit, c to continue without paging--
#26 0x00007ffff4531c10 in clone3 () at /lib64/libc.so.6
(gdb)   c
Continuing.
KCrash: Application 'kdenlive' crashing...
[Thread 0x7fffb01fc640 (LWP 4256) exited]
KCrash: Attempting to start /usr/libexec/drkonqi
[Thread 0x7fff5a911640 (LWP 4283) exited]
[Thread 0x7fff5b112640 (LWP 4282) exited]
[Thread 0x7fff5b913640 (LWP 4281) exited]
[Thread 0x7fff97fff640 (LWP 4267) exited]
[Detaching after fork from child process 4624]
[Thread 0x7fffacab0640 (LWP 4266) exited]
QSocketNotifier: Invalid socket 9 and type 'Read', disabling...
QSocketNotifier: Invalid socket 13 and type 'Read', disabling...
QSocketNotifier: Invalid socket 18 and type 'Read', disabling...
QSocketNotifier: Invalid socket 19 and type 'Exception', disabling...
QSocketNotifier: Invalid socket 21 and type 'Read', disabling...
QSocketNotifier: Invalid socket 36 and type 'Read', disabling...
radeon: Failed to allocate a buffer:
radeon:    size      : 4096 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 0
radeon: Failed to allocate a buffer:
radeon:    size      : 4096 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 0
radeon: The kernel rejected CS, see dmesg for more information (-9).
radeon: Failed to allocate a buffer:
radeon:    size      : 7258112 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 4
radeon: Failed to allocate a buffer:
radeon:    size      : 7258112 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 4
EE ../src/gallium/drivers/r600/r600_texture.c:1437 r600_texture_transfer_map - failed to create temporary texture to hold untiled copy
radeon: Failed to allocate a buffer:
radeon:    size      : 4096 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 0
radeon: Failed to allocate a buffer:
radeon:    size      : 4096 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 0
radeon: The kernel rejected CS, see dmesg for more information (-9).

Thread 1 "kdenlive" received signal SIGSTOP, Stopped (signal).
[Switching to Thread 0x7ffff2860940 (LWP 4238)]
0x00007ffff45245ef in poll () from /lib64/libc.so.6
(gdb) c
Continuing.
KCrash: Application 'kdenlive' crashing...
[Thread 0x7fffb01fc640 (LWP 4256) exited]
KCrash: Attempting to start /usr/libexec/drkonqi
[Thread 0x7fff5a911640 (LWP 4283) exited]
[Thread 0x7fff5b112640 (LWP 4282) exited]
[Thread 0x7fff5b913640 (LWP 4281) exited]
[Thread 0x7fff97fff640 (LWP 4267) exited]
[Detaching after fork from child process 4624]
[Thread 0x7fffacab0640 (LWP 4266) exited]
QSocketNotifier: Invalid socket 9 and type 'Read', disabling...
QSocketNotifier: Invalid socket 13 and type 'Read', disabling...
QSocketNotifier: Invalid socket 18 and type 'Read', disabling...
QSocketNotifier: Invalid socket 19 and type 'Exception', disabling...
QSocketNotifier: Invalid socket 21 and type 'Read', disabling...
QSocketNotifier: Invalid socket 36 and type 'Read', disabling...
radeon: Failed to allocate a buffer:
radeon:    size      : 4096 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 0
radeon: Failed to allocate a buffer:
radeon:    size      : 4096 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 0
radeon: The kernel rejected CS, see dmesg for more information (-9).
radeon: Failed to allocate a buffer:
radeon:    size      : 7258112 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 4
radeon: Failed to allocate a buffer:
radeon:    size      : 7258112 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 4
EE ../src/gallium/drivers/r600/r600_texture.c:1437 r600_texture_transfer_map - failed to create temporary texture to hold untiled copy
radeon: Failed to allocate a buffer:
radeon:    size      : 4096 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 0
radeon: Failed to allocate a buffer:
radeon:    size      : 4096 bytes
radeon:    alignment : 4096 bytes
radeon:    domains   : 2
radeon:    flags     : 0
radeon: The kernel rejected CS, see dmesg for more information (-9).

Thread 1 "kdenlive" received signal SIGSTOP, Stopped (signal).
[Switching to Thread 0x7ffff2860940 (LWP 4238)]
0x00007ffff45245ef in poll () from /lib64/libc.so.6
(gdb) Unable to find file for pid 4238 expected at "kcrash-metadata/4238.ini"
quit
A debugging session is active.

        Inferior 1 [process 4238] will be killed.

Quit anyway? (y or n) y
Comment 4 Vincent PINON 2022-06-20 08:17:25 UTC 
Thanks Freek!
So it seems to come from MLT in producer_avformat_init...
Is it difficult to get debug symbols so that we get the line?
Then maybe forward to MLT...
Comment 5 Freek de Kruijf 2022-06-20 08:36:23 UTC 
Created attachment 149943 [details]
back trace with more debuginfo included

Is this what you are looking for?
Comment 6 Fabian Vogt 2022-06-22 09:31:56 UTC 
Looks like this is a bug in glibc, fixed with https://github.com/bminor/glibc/commit/9bcd12d223a8990254b65e2dada54faa5d2742f3 (confirmed locally).
Comment 7 Hans-Peter Jansen 2022-06-23 16:04:18 UTC 
If you cannot wait for the glibc fix, either build mlt with _FORTIFY_SOURCE=2, or switch to libmlt 7.8.0, that contains a fix for this crash.

openSUSE TW users can use my libmlt build from here: https://build.opensuse.org/package/show/home:frispete:blender/libmlt until this is accepted for multimedia:libs. If you do so, provide feedback, please!