SUMMARY Krita crashes on startup, right after moving the mouse within the window. STEPS TO REPRODUCE 1. Start program 2. Move the mouse to click "new file" 3. Program crashes before even clicking anything OBSERVED RESULT Segfault EXPECTED RESULT Usability SOFTWARE/OS VERSIONS Arch Linux ADDITIONAL INFORMATION (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007ffff54a0953 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007ffff5451ea8 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007ffff543b53d in __GI_abort () at abort.c:79 #4 0x00007ffff543c29e in __libc_message (fmt=fmt@entry=0x7ffff55b377e "%s\n") at ../sysdeps/posix/libc_fatal.c:150 #5 0x00007ffff54aa657 in malloc_printerr (str=str@entry=0x7ffff55b11d9 "corrupted size vs. prev_size") at malloc.c:5651 #6 0x00007ffff54ab15e in unlink_chunk (p=p@entry=0x7fff4c066c40, av=0x7fff4c000030) at malloc.c:1605 #7 0x00007ffff54ac66b in _int_free (av=0x7fff4c000030, p=0x7fff4c065eb0, have_lock=<optimized out>, have_lock@entry=0) at malloc.c:4602 #8 0x00007ffff54aee63 in __GI___libc_free (mem=<optimized out>) at malloc.c:3367 #9 0x00007fffe04c86c5 in _TIFFfreeExt (tif=0x7fff4c064050, p=<optimized out>) at /usr/src/debug/libtiff/tiff-4.5.0/libtiff/tif_open.c:162 #10 TIFFFreeDirectory (tif=0x7fff4c064050) at /usr/src/debug/libtiff/tiff-4.5.0/libtiff/tif_dir.c:1647 #11 0x00007fffe04c8758 in TIFFCleanup (tif=0x7fff4c064050) at /usr/src/debug/libtiff/tiff-4.5.0/libtiff/tif_close.c:52 #12 0x00007fffc0ae97c4 in std::__uniq_ptr_impl<tiff, void (*)(tiff*)>::reset(tiff*) (__p=0x0, this=<synthetic pointer>) at /usr/include/c++/12.2.1/bits/unique_ptr.h:198 #13 std::unique_ptr<tiff, void (*)(tiff*)>::reset(tiff*) (__p=0x0, this=<synthetic pointer>) at /usr/include/c++/12.2.1/bits/unique_ptr.h:501 #14 KisTIFFImport::convert(KisDocument*, QIODevice*, KisPinnedSharedPtr<KisPropertiesConfiguration>) (this=0x7fff4c063ad0, document=0x7fff4c0018a0) at /usr/src/debug/krita/krita-5.1.5/plugins/impex/tiff/kis_tiff_import.cc:1834 #15 0x00007ffff7c46ac4 in KisImportExportManager::doImport(QString const&, QSharedPointer<KisImportExportFilter>) (this=this@entry=0x7fff4c002ce0, location=..., filter=...) at /usr/src/debug/krita/krita-5.1.5/libs/ui/KisImportExportManager.cpp:667 #16 0x00007ffff7c48afd in KisImportExportManager::convert(KisImportExportManager::Direction, QString const&, QString const&, QString const&, bool, KisPinnedSharedPtr<KisPropertiesConfiguration>, bool, bool) (this=0x7fff4c002ce0, direction=direction@entry=KisImportExportManager::Import, location=<optimized out>, realLocation=<optimized out>, mimeType=<optimized out>, showWarnings=<optimized out>, exportConfiguration=..., isAsync=<optimized out>, isAdvancedExporting=<optimized out>) at /usr/src/debug/krita/krita-5.1.5/libs/ui/KisImportExportManager.cpp:376 #17 0x00007ffff7c49bef in KisImportExportManager::importDocument(QString const&, QString const&) (this=<optimized out>, location=<optimized out>, mimeType=<optimized out>) at /usr/src/debug/krita/krita-5.1.5/libs/global/kis_shared_ptr.h:206 #18 0x00007ffff7c30112 in KisDocument::openFile() (this=0x7fff4c0018a0) at /usr/src/debug/krita/krita-5.1.5/libs/ui/KisDocument.cpp:1874 #19 0x00007ffff7c3dd78 in KisDocument::openPathInternal(QString const&) (this=0x7fff4c0018a0, path=<optimized out>) at /usr/src/debug/krita/krita-5.1.5/libs/ui/KisDocument.cpp:2414 #20 0x00007ffff7c3688d in KisDocument::openPath(QString const&, QFlags<KisDocument::OpenFlag>) (this=0x7fff4c0018a0, _path=..., flags=...) at /usr/src/debug/krita/krita-5.1.5/libs/ui/KisDocument.cpp:1810 #21 0x00007ffff7baaffe in KisFileIconCreator::createFileIcon(QString, QIcon&, double, QSize) (this=this@entry=0x7fff8e294bf8, path=..., icon=..., devicePixelRatioF=devicePixelRatioF@entry=1, iconSize=...) at /usr/include/qt/QtCore/qflags.h:121 #22 0x00007ffff7bab444 in (anonymous namespace)::getFileIcon((anonymous namespace)::GetFileIconParameters) (gfip=...) at /usr/src/debug/krita/krita-5.1.5/libs/ui/utils/KisRecentFileIconCache.cpp:51 #23 0x00007ffff7ba4f46 in QtConcurrent::StoredFunctorCall1<(anonymous namespace)::IconFetchResult, (anonymous namespace)::IconFetchResult (*)((anonymous namespace)::GetFileIconParameters), (anonymous namespace)::GetFileIconParameters>::runFunctor (this=0x55555cd2b640) at /usr/include/qt/QtConcurrent/qtconcurrentstoredfunctioncall.h:422 #24 QtConcurrent::RunFunctionTask<(anonymous namespace)::IconFetchResult>::run() (this=0x55555cd2b640) at /usr/include/qt/QtConcurrent/qtconcurrentrunbase.h:108 #25 0x00007ffff5ae8711 in QThreadPoolThread::run() (this=0x55555a32a9a0) at thread/qthreadpool.cpp:100 #26 0x00007ffff5ae424a in operator() (__closure=<optimized out>) at thread/qthread_unix.cpp:350 #27 (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > (t=<optimized out>) at thread/qthread_unix.cpp:287 #28 QThreadPrivate::start(void*) (arg=0x55555a32a9a0) at thread/qthread_unix.cpp:310 #29 0x00007ffff549ebb5 in start_thread (arg=<optimized out>) at pthread_create.c:444 #30 0x00007ffff5520d90 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Hi, Kim! Could you please try the official AppImage from krita.org? https://krita.org/en/download/krita-desktop/ From the backtrace it seems like the problem is related to the custom build of Arch Linux package...
(In reply to Dmitry Kazakov from comment #1) > From the backtrace it seems like the problem is related to the custom build > of Arch Linux package... Hi Dmitry, Reporting to the Arch Linux community revealed that Krita had a TIFF file in the recent history that was causing trouble. I have identified the file in question, it is a 56MB file from NASA's infrared camera satellite. What would you like me to do?
Thanks for your comment! Automatically switching the status of this bug to REPORTED so that the KDE team knows that the bug is ready to get confirmed. In the future you may also do this yourself when providing needed information.
Hi, Kim! Could you please test if the same crash happens with the official AppImage version of Krita: https://krita.org/en/download/krita-desktop/ And, of course, it would be helpful if you shared the link to that NASA image.
Hello Dmitry, (In reply to Dmitry Kazakov from comment #4) > Could you please test if the same crash happens with the official AppImage > version of Krita: I'm unable to reproduce the crash with the official AppImage. > And, of course, it would be helpful if you shared the link to that NASA > image. It took some searching around, but I finally found the links: https://webbtelescope.org/contents/media/images/2022/031/01G780WF1VRADDSD5MDNDRKAGY?news=true https://stsci-opo.org/STScI-01G8GY7CZNNQH69BJG1ZGQ4D5B.tif
I've got a copy of the image, building Krita 5.1.5 now to have a look at the stacktrace.
I've been able to reproduce but only with libtiff 4.5. This matches my expectations, as it has several changes involving memory management. I'll try and debug if there's a shortcoming that was addressed post-release.
Git commit bbee5eff34e7a17c4a1c7b59abe4823ccff7f58c by L. E. Segovia. Committed on 30/04/2023 at 02:21. Pushed by lsegovia into branch 'krita/5.1'. tiff: Fix heap-buffer-overflow when endian swapping big-endian IPTC metadata TIFFSwabArrayOfLong treats the array as N uint32_t, not N bytes (which is what TIFFGetField returns). Related: bug 413970 M +4 -3 plugins/impex/tiff/kis_tiff_import.cc https://invent.kde.org/graphics/krita/commit/bbee5eff34e7a17c4a1c7b59abe4823ccff7f58c
Git commit 0122d3461034d651ae7016db338857ddd11061c9 by L. E. Segovia. Committed on 30/04/2023 at 02:22. Pushed by lsegovia into branch 'master'. tiff: Fix heap-buffer-overflow when endian swapping big-endian IPTC metadata TIFFSwabArrayOfLong treats the array as N uint32_t, not N bytes (which is what TIFFGetField returns). Related: bug 413970 (cherry picked from commit bbee5eff34e7a17c4a1c7b59abe4823ccff7f58c) M +4 -3 plugins/impex/tiff/kis_tiff_import.cc https://invent.kde.org/graphics/krita/commit/0122d3461034d651ae7016db338857ddd11061c9