471359 – Crash on possibly malformed file

Bug 471359 - Crash on possibly malformed file

Summary: Crash on possibly malformed file

Status:	RESOLVED FIXED

Alias:	None

Product:	kdenlive
Classification:	Applications
Component:	Video Display & Export (show other bugs)
Version:	23.04.2
Platform:	Neon Linux

Importance:	HI crash
Target Milestone:	---
Assignee:	Jean-Baptiste Mardelle

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-06-23 01:21 UTC by mashkal2000@gmail.com
Modified:	2023-11-09 09:33 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:	https://invent.kde.org/multimedia/kdenlive/-/commit/fda32639b24c6e53250731ec65626f2f66500059
Version Fixed In:

Attachments
kdenlive project file (16.65 KB, text/plain) 2023-06-23 01:21 UTC, mashkal2000@gmail.com	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description mashkal2000@gmail.com 2023-06-23 01:21:26 UTC

Created attachment 159844 [details]
kdenlive project file

SUMMARY
***
Sorry, no backtrace
***


STEPS TO REPRODUCE
1. Open file
2. Crash (no "corrupted file" dialog or anything)
3. 

OBSERVED RESULT


EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION

Comment 1 mashkal2000@gmail.com 2023-06-23 01:25:05 UTC

```
 kdenlive gend.kdenlive 
Could not detect package type, probably default? App dir is "/usr/bin"
profilePath from KdenliveSetting::mltPath:  "/usr/share/mlt-7/profiles"
meltPath from KdenliveSetting::rendererPath:  "/usr/bin/melt-7"
Empty metadata for  "avcolour_space"
Empty metadata for  "avcolor_space"
Empty metadata for  "avdeinterlace"
Empty metadata for  "swscale"
Empty metadata for  "swresample"
Empty metadata for  "audiochannels"
Empty metadata for  "audioconvert"
Empty metadata for  "imageconvert"
Empty metadata for  "telecide"
Empty metadata for  "glsl.manager"
Empty metadata for  "movit.convert"
Empty metadata for  "movit.crop"
Empty metadata for  "movit.resample"
Empty metadata for  "movit.resize"
Empty metadata for  "deinterlace"
plugin not available: "avfilter.acompressor"
plugin not available: "avfilter.aecho"
plugin not available: "avfilter.agate"
plugin not available: "avfilter.atadenoise"
plugin not available: "avfilter.bwdif"
plugin not available: "avfilter.deblock"
plugin not available: "avfilter.dedot"
plugin not available: "avfilter.deflate"
plugin not available: "avfilter.derain"
plugin not available: "avfilter.doubleweave"
plugin not available: "avfilter.field"
plugin not available: "avfilter.framestep"
plugin not available: "avfilter.fspp"
plugin not available: "avfilter.graphmonitor"
plugin not available: "avfilter.hqdn3d"
plugin not available: "avfilter.inflate"
plugin not available: "avfilter.lagfun"
plugin not available: "avfilter.loudnorm"
plugin not available: "avfilter.random"
plugin not available: "avfilter.removegrain"
plugin not available: "avfilter.separatefields"
plugin not available: "avfilter.shuffleplanes"
plugin not available: "avfilter.sr"
plugin not available: "avfilter.tmix"
plugin not available: "avfilter.w3fdif"
plugin not available: "avfilter.weave"
plugin not available: "avfilter.yadif"
plugin not available: "frei0r.baltan"
plugin not available: "frei0r.bgsubtract0r"
plugin not available: "frei0r.bigsh0t_eq_mask"
plugin not available: "frei0r.bigsh0t_eq_to_rect"
plugin not available: "frei0r.bigsh0t_eq_to_stereo"
plugin not available: "frei0r.bigsh0t_hemi_to_eq"
plugin not available: "frei0r.bigsh0t_rect_to_eq"
plugin not available: "frei0r.bigsh0t_stabilize_360"
plugin not available: "frei0r.bigsh0t_transform_360"
plugin not available: "frei0r.delay0r"
plugin not available: "frei0r.delaygrab"
plugin not available: "frei0r.facebl0r"
plugin not available: "frei0r.facedetect"
plugin not available: "frei0r.lightgraffiti"
plugin not available: "frei0r.lightgraffiti"
plugin not available: "frei0r.tehRoxx0r"
plugin not available: "ladspa"
plugin not available: "ladspa"
plugin not available: "ladspa"
plugin not available: "ladspa.9354877"
plugin not available: "ladspa"
plugin not available: "ladspa"
plugin not available: "ladspa"
plugin not available: "ladspa"
plugin not available: "ladspa"
plugin not available: "ladspa"
plugin not available: "ladspa"
plugin not available: "ladspa"
plugin not available: "movit.unsharp_mask"
plugin not available: "timewarp"
plugin not available: "frei0r.sleid0r_push-down"
plugin not available: "frei0r.sleid0r_push-left"
plugin not available: "frei0r.sleid0r_push-right"
plugin not available: "frei0r.sleid0r_push-up"
plugin not available: "frei0r.sleid0r_slide-down"
plugin not available: "frei0r.sleid0r_slide-left"
plugin not available: "frei0r.sleid0r_slide-up"
plugin not available: "frei0r.sleid0r_slide-right"
plugin not available: "frei0r.sleid0r_wipe-barn-door-h"
plugin not available: "frei0r.sleid0r_wipe-barn-door-v"
plugin not available: "frei0r.sleid0r_wipe-circle"
plugin not available: "frei0r.sleid0r_wipe-down"
plugin not available: "frei0r.sleid0r_wipe-left"
plugin not available: "frei0r.sleid0r_wipe-rect"
plugin not available: "frei0r.sleid0r_wipe-right"
plugin not available: "frei0r.sleid0r_wipe-up"
plugin not available: "region"
=== /// CANNOT ACCESS SPEECH DICTIONARIES FOLDER
QQmlEngine::setContextForObject(): Object already has a QQmlContext
Hspell: can't open /usr/share/hspell/hebrew.wgz.sizes.
kf.sonnet.clients.hspell: HSpellDict::HSpellDict: Init failed
QQmlEngine::setContextForObject(): Object already has a QQmlContext
QQmlEngine::setContextForObject(): Object already has a QQmlContext
QQmlEngine::setContextForObject(): Object already has a QQmlContext
LOCALE: Document uses  "."  as decimal point and  "C"  as locale
Searching for locale: Found  QLocale(English, Latin, United States)  with match type  0
FOUND MLT PROJECT VERSION:  7  /  14  /  0
qt.qpa.wayland: Wayland does not support QWindow::requestActivate()
==== FIXING PRODUCER WITH ID:  ""
==== FIXING PRODUCER WITH ID:  ""
==== FIXING PRODUCER WITH ID:  ""
==== FIXING PRODUCER WITH ID:  ""
Segmentation fault
```

Comment 2 emohr 2023-10-01 11:45:52 UTC

Thank you for the report. Yes, I can confirm the crash, loading the project file with placeholders. The GDB log is too long to attach.

Comment 3 farid 2023-11-08 04:16:15 UTC

Confirm on latest master:

Thread 1 "kdenlive" received signal SIGSEGV, Segmentation fault.
__printf_buffer (buf=buf@entry=0x7fffff7ff500, format=0x7ffff7d196f2 "list:%s", ap=0x7fffff7ff540, mode_flags=6) at vfprintf-internal.c:649
Downloading source file /usr/src/debug/glibc/glibc/stdio-common/vfprintf-internal.c
649       f = lead_str_end = __find_specmb ((const UCHAR_T *) format);                                                                                                

The backtrace is more than 58 thousand lines but here is something that might be helpful:
...
#58142 0x00007ffff7d0c0c8 in mlt_properties_set_position () at /usr/lib/libmlt-7.so.7
#58143 0x00007ffff7cf4b55 in mlt_events_fire () at /usr/lib/libmlt-7.so.7
#58144 0x00007ffff7cf4b55 in mlt_events_fire () at /usr/lib/libmlt-7.so.7
#58145 0x00007ffff7d0c0c8 in mlt_properties_set_position () at /usr/lib/libmlt-7.so.7
#58146 0x00007ffff7cf4b55 in mlt_events_fire () at /usr/lib/libmlt-7.so.7
#58147 0x00007ffff7cf4b55 in mlt_events_fire () at /usr/lib/libmlt-7.so.7
#58148 0x00007ffff7d0c0c8 in mlt_properties_set_position () at /usr/lib/libmlt-7.so.7
#58149 0x00007ffff7cf4b55 in mlt_events_fire () at /usr/lib/libmlt-7.so.7
#58150 0x00007ffff7cf4b55 in mlt_events_fire () at /usr/lib/libmlt-7.so.7
#58151 0x00007ffff7d0c0c8 in mlt_properties_set_position () at /usr/lib/libmlt-7.so.7
#58152 0x00007ffff7cf4b55 in mlt_events_fire () at /usr/lib/libmlt-7.so.7
#58153 0x00007ffff7cf4b55 in mlt_events_fire () at /usr/lib/libmlt-7.so.7
#58154 0x00007ffff7d0c0c8 in mlt_properties_set_position () at /usr/lib/libmlt-7.so.7
#58155 0x00007ffff7cf4b55 in mlt_events_fire () at /usr/lib/libmlt-7.so.7
#58156 0x00007ffff7cf4b55 in mlt_events_fire () at /usr/lib/libmlt-7.so.7
#58157 0x00007ffff7d0c0c8 in mlt_properties_set_position () at /usr/lib/libmlt-7.so.7
#58158 0x00007ffff7cfd316 in mlt_multitrack_connect () at /usr/lib/libmlt-7.so.7
#58159 0x00007fff9d712031 in  () at /usr/lib/mlt-7/libmltxml.so
#58160 0x00007fffec7df872 in xmlParseElementStart (ctxt=ctxt@entry=0x555566e2ce60) at /usr/src/debug/libxml2/libxml2/parser.c:10053
#58161 0x00007fffec7dfaf6 in xmlParseContentInternal (ctxt=ctxt@entry=0x555566e2ce60) at /usr/src/debug/libxml2/libxml2/parser.c:9883
#58162 0x00007fffec7dfc10 in xmlParseElement (ctxt=0x555566e2ce60) at /usr/src/debug/libxml2/libxml2/parser.c:9953
#58163 0x00007fffec7e3783 in xmlParseDocument (ctxt=0x555566e2ce60) at /usr/src/debug/libxml2/libxml2/parser.c:10807
#58164 0x00007fff9d713b05 in producer_xml_init () at /usr/lib/mlt-7/libmltxml.so
#58165 0x00007ffff7cf5713 in mlt_factory_producer () at /usr/lib/libmlt-7.so.7
#58166 0x00007ffff7ccdac7 in Mlt::Producer::Producer(mlt_profile_s*, char const*, char const*) () at /usr/lib/libmlt++-7.so.7
#58167 0x0000555555bcd516 in ProjectManager::updateTimeline(bool, QString const&, QString const&, QDateTime const&, bool)
    (this=0x555556b380e0, createNewTab=true, chunks=..., dirty=..., documentDate=..., enablePreview=false)
    at /home/farid/git/kdenlive/src/project/projectmanager.cpp:1324
#58168 0x0000555555bc8993 in ProjectManager::doOpenFile(QUrl const&, KAutoSaveFile*, bool) (this=0x555556b380e0, url=..., stale=0x7fffe0008340, isBackup=false)
    at /home/farid/git/kdenlive/src/project/projectmanager.cpp:851
#58169 0x0000555555bc7183 in ProjectManager::openFile(QUrl const&) (this=0x555556b380e0, url=...) at /home/farid/git/kdenlive/src/project/projectmanager.cpp:735
#58170 0x0000555555bc6275 in ProjectManager::openFile() (this=0x555556b380e0) at /home/farid/git/kdenlive/src/project/projectmanager.cpp:633
#58171 0x000055555566f775 in ProjectManager::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)
    (_o=0x555556b380e0, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0x7fffffffc850)
    at /home/farid/git/kdenlive/build/src/kdenliveLib_autogen/QV7S676PVK/moc_projectmanager.cpp:247
#58172 0x00007ffff4ed1253 in doActivate<false>(QObject*, int, void**) (sender=0x555556b526c0, signal_index=4, argv=0x7fffffffc850) at kernel/qobject.cpp:3937
#58173 0x00007ffff616bbb7 in QAction::triggered(bool) (this=this@entry=0x555556b526c0, _t1=<optimized out>) at .moc/moc_qaction.cpp:376
#58174 0x00007ffff617160b in QAction::activate(QAction::ActionEvent) (this=0x555556b526c0, event=<optimized out>) at kernel/qaction.cpp:1161
#58175 0x00007ffff62f42cb in QMenuPrivate::activateCausedStack(QVector<QPointer<QWidget> > const&, QAction*, QAction::ActionEvent, bool)
    (this=this@entry=0x555565ee3b30, causedStack=..., action=action@entry=0x555556b526c0, action_e=action_e@entry=QAction::Trigger, self=self@entry=true)
    at widgets/qmenu.cpp:1384
#58176 0x00007ffff62f43ed in QMenuPrivate::activateAction(QAction*, QAction::ActionEvent, bool)
    (this=0x555565ee3b30, action=0x555556b526c0, action_e=QAction::Trigger, self=true) at widgets/qmenu.cpp:1461
#58177 0x00007ffff61af1a1 in QWidget::event(QEvent*) (this=0x555565ee3a30, event=0x7fffffffce50) at kernel/qwidget.cpp:8671
#58178 0x00007ffff61788ff in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    (this=this@entry=0x5555565303f0, receiver=receiver@entry=0x555565ee3a30, e=e@entry=0x7fffffffce50) at kernel/qapplication.cpp:3640
#58179 0x00007ffff617ddaf in QApplication::notify(QObject*, QEvent*) (this=<optimized out>, receiver=0x555565ee3a30, e=0x7fffffffce50)
    at kernel/qapplication.cpp:3084
#58180 0x00007ffff4e9c168 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x555565ee3a30, event=0x7fffffffce50) at kernel/qcoreapplication.cpp:1064
#58181 0x00007ffff4e9c1f3 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>)
    at kernel/qcoreapplication.cpp:1474
#58182 0x00007ffff617c0ea in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool)
    (receiver=0x555565ee3a30, event=0x7fffffffce50, alienWidget=<optimized out>, nativeWidget=0x555565ee3a30, buttonDown=<optimized out>, lastMouseReceiver=..., spontaneous=true, onlyDispatchEnterLeave=false) at kernel/qapplication.cpp:2622
#58183 0x00007ffff61cd984 in QWidgetWindow::handleMouseEvent(QMouseEvent*) (this=this@entry=0x5555655feb70, event=event@entry=0x7fffffffd1b0)
    at kernel/qwidgetwindow.cpp:580
#58184 0x00007ffff61cebd7 in QWidgetWindow::event(QEvent*) (this=0x5555655feb70, event=0x7fffffffd1b0) at kernel/qwidgetwindow.cpp:300
#58185 0x00007ffff61788ff in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x5555655feb70, e=0x7fffffffd1b0)
    at kernel/qapplication.cpp:3640
#58186 0x00007ffff4e9c168 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x5555655feb70, event=0x7fffffffd1b0) at kernel/qcoreapplication.cpp:1064
#58187 0x00007ffff4e9c1f3 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>)
    at kernel/qcoreapplication.cpp:1474
#58188 0x00007ffff534194c in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (e=0x555568aa2e40)
    at kernel/qguiapplication.cpp:2285
#58189 0x00007ffff532a6e5 in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=flags@entry=...)
    at kernel/qwindowsysteminterface.cpp:1169
#58190 0x00007fffefd2f5e0 in xcbSourceDispatch(GSource*, GSourceFunc, gpointer) (source=<optimized out>)
    at /usr/src/debug/qt5-base/qtbase/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:105
#58191 0x00007ffff330df69 in g_main_dispatch (context=0x7fffe8000ec0) at ../glib/glib/gmain.c:3476
#58192 0x00007ffff336c327 in g_main_context_dispatch_unlocked (context=0x7fffe8000ec0) at ../glib/glib/gmain.c:4284
#58193 g_main_context_iterate_unlocked.isra.0 (context=context@entry=0x7fffe8000ec0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at ../glib/glib/gmain.c:4349
#58194 0x00007ffff330c162 in g_main_context_iteration (context=0x7fffe8000ec0, may_block=1) at ../glib/glib/gmain.c:4414
#58195 0x00007ffff4eeaf7c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x555556605560, flags=...)
    at kernel/qeventdispatcher_glib.cpp:423
#58196 0x00007ffff4e9ae74 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fffffffd550, flags=..., flags@entry=...)
    at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#58197 0x00007ffff4e9c313 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#58198 0x0000555555636cb9 in main(int, char**) (argc=1, argv=0x7fffffffd958) at /home/farid/git/kdenlive/src/main.cpp:472
(gdb)

Comment 4 Jean-Baptiste Mardelle 2023-11-09 07:46:14 UTC

Just had a closer look at the project file, and the problem is that the main timeline sequence (called "tractor4" in the xml) is embeded into itself as a track. Kdenlive 23.04 .x release had major stability issues after introducing the nested sequence and sometimes produced corrupted files. I will see if we can detect such circular dependencies on project load

Comment 5 Jean-Baptiste Mardelle 2023-11-09 09:33:00 UTC

Git commit fda32639b24c6e53250731ec65626f2f66500059 by Jean-Baptiste Mardelle.
Committed on 09/11/2023 at 10:32.
Pushed by mardelle into branch 'master'.

Check and remove circular dependencies in tractors

M  +36   -0    src/doc/documentchecker.cpp
M  +1    -1    src/doc/documentchecker.h

https://invent.kde.org/multimedia/kdenlive/-/commit/fda32639b24c6e53250731ec65626f2f66500059