Bug 482615 - Gwenview: segfault in FITSData::calculateMinMax
Summary: Gwenview: segfault in FITSData::calculateMinMax
Status: RESOLVED FIXED
Alias: None
Product: gwenview
Classification: Applications
Component: general (show other bugs)
Version: 24.02.0
Platform: Arch Linux Linux
: NOR normal
Target Milestone: ---
Assignee: Gwenview Bugs
URL:
Keywords: qt6
Depends on:
Blocks:
 
Reported: 2024-03-06 23:49 UTC by Adam Fontenot
Modified: 2024-03-08 02:53 UTC (History)
4 users (show)

See Also:
Latest Commit: https://invent.kde.org/graphics/gwenview/-/commit/28ca97c4e03382c06f9630c185c177a65697de72
Version Fixed In: 24.02.1

Attachments
file that will crash Gwenview when you try to open it (317.81 KB, application/fits)
2024-03-06 23:49 UTC, Adam Fontenot 		Details
backtrace for crash (6.86 KB, text/plain)
2024-03-06 23:49 UTC, Adam Fontenot 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Fontenot 2024-03-06 23:49:00 UTC 
Created attachment 166526 [details]
file that will crash Gwenview when you try to open it

SUMMARY

The file in question is probably corrupt, but this should not segfault Gwenview.

STEPS TO REPRODUCE
1. Open attached file in Gwenview. (Alternatively, if you have a valid PNG file and this file in the same directory, and no other image files, opening the PNG will also crash Gwenview, probably because it tries to pre-load the other file.)

OBSERVED RESULT

Segfault. See backtrace.

EXPECTED RESULT

No segfault.

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 6.0.1
KDE Frameworks Version: 6.0.0
Qt Version: 6.6.2
Kernel Version: 6.7.8-arch1-1 (64-bit)
Graphics Platform: Wayland
Comment 1 Adam Fontenot 2024-03-06 23:49:54 UTC 
Created attachment 166527 [details]
backtrace for crash

#0  0x00007ffff7e855a2 in FITSData::calculateMinMax<float> (this=0x7fffcbdff7c0)
    at /usr/src/debug/gwenview/gwenview-24.02.0/lib/imageformats/fitsformat/fitsdata.cpp:327
Comment 2 Nicolas Fella 2024-03-07 16:30:46 UTC 
#0  0x00007ffff7e855a2 in FITSData::calculateMinMax<float> (this=0x7fffcbdff7c0)
    at /usr/src/debug/gwenview/gwenview-24.02.0/lib/imageformats/fitsformat/fitsdata.cpp:327
#1  FITSData::calculateMinMax (refresh=false, this=0x7fffcbdff7c0)
    at /usr/src/debug/gwenview/gwenview-24.02.0/lib/imageformats/fitsformat/fitsdata.cpp:278
#2  FITSData::calculateStats (refresh=false, this=0x7fffcbdff7c0)
    at /usr/src/debug/gwenview/gwenview-24.02.0/lib/imageformats/fitsformat/fitsdata.cpp:183
#3  FITSData::loadFITS (this=0x7fffcbdff7c0, buffer=<optimized out>)
    at /usr/src/debug/gwenview/gwenview-24.02.0/lib/imageformats/fitsformat/fitsdata.cpp:164
#4  0x00007ffff7e7ffed in Gwenview::FitsHandler::option (this=<optimized out>, option=<optimized out>)
    at /usr/src/debug/gwenview/gwenview-24.02.0/lib/imageformats/fitshandler.cpp:73
#5  0x00007ffff5d3a9c5 in QImageReader::size (this=<optimized out>)
    at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/gui/image/qimagereader.cpp:855
#6  QImageReader::size (this=this@entry=0x7fffcbdff978)
    at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/gui/image/qimagereader.cpp:849
#7  0x00007ffff7de73aa in Gwenview::LoadingDocumentImplPrivate::loadMetaInfo (this=0x555555f5b020)
    at /usr/src/debug/gwenview/gwenview-24.02.0/lib/document/loadingdocumentimpl.cpp:233
#8  0x00007ffff7de0a8f in std::__invoke_impl<bool, bool (Gwenview::LoadingDocumentImplPrivate::*&)(), Gwenview::LoadingDocumentImplPrivate*&> (__f=<synthetic pointer>: <optimized out>, __t=<synthetic pointer>: <optimized out>) at /usr/include/c++/13.2.1/bits/invoke.h:71
#9  std::__invoke<bool (Gwenview::LoadingDocumentImplPrivate::*&)(), Gwenview::LoadingDocumentImplPrivate*&>
    (__fn=<synthetic pointer>: <optimized out>) at /usr/include/c++/13.2.1/bits/invoke.h:96
#10 std::invoke<bool (Gwenview::LoadingDocumentImplPrivate::*&)(), Gwenview::LoadingDocumentImplPrivate*&>
    (__fn=<synthetic pointer>: <optimized out>) at /usr/include/c++/13.2.1/functional:113
#11 QtConcurrent::StoredFunctionCall<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>::runFunctor()::{lambda(bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*)#1}::operator()(bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*) const
    (args#0=<optimized out>, function=<optimized out>, __closure=<synthetic pointer>)
    at /usr/include/qt6/QtConcurrent/qtconcurrentstoredfunctioncall.h:116
#12 std::__invoke_impl<bool, QtConcurrent::StoredFunctionCall<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>::runFunctor()::{lambda(bool (Gwenview::LoadingDocumentImplPrivate::* const&)(), Gwenview::LoadingDocumentImplPrivate*)#1}, bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>(std::__invoke_other, QtConcurrent::StoredFunctionCall<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>::runFunctor()::{lambda(bool (Gwenview::LoadingDocumentImplPrivate::* const&)(), Gwenview::LoadingDocumentImplPrivate*)#1}, bool (Gwenview::LoadingDocumentImplPrivate::*&&)(), Gwenview::LoadingDocumentImplPrivate*&&) (__f=<synthetic pointer>...) at /usr/include/c++/13.2.1/bits/invoke.h:61
#13 std::__invoke<QtConcurrent::StoredFunctionCall<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>::runFunctor()::{lambda(bool (Gwenview::LoadingDocumentImplPrivate::* const&)(), Gwenview::LoadingDocumentImplPrivate*)#1}, bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>(QtConcurrent::StoredFunctionCall<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>::runFunctor()::{lambda(bool (Gwenview::LoadingDocumentImplPrivate::* const&)(), Gwenview::LoadingDocumentImplPrivate*)#1}, bool (Gwenview::LoadingDocumentImplPrivate::*&&)(), Gwenview::LoadingDocumentImplPrivate*&&) (__fn=<synthetic pointer>...) at /usr/include/c++/13.2.1/bits/invoke.h:96
#14 std::__apply_impl<QtConcurrent::StoredFunctionCall<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>::runFunctor()::{lambda(bool (Gwenview::LoadingDocumentImplPrivate::* const&)(), Gwenview::LoadingDocumentImplPrivate*)#1}, std::tuple<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>, 0ul, 1ul>(QtConcurrent::StoredFunctionCall<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>::runFunctor()::{lambda(bool (Gwenview::LoadingDocumentImplPrivate::* const&)(), Gwenview::LoadingDocumentImplPrivate*)#1}, std::tuple<bool (Gwenview::LoadingDocumentImplPrivate::*)(), G--Type <RET> for more, q to quit, c to continue without paging--c
wenview::LoadingDocumentImplPrivate*>&&, std::integer_sequence<unsigned long, 0ul, 1ul>) (__t=..., __f=<synthetic pointer>...)
    at /usr/include/c++/13.2.1/tuple:2288
#15 std::apply<QtConcurrent::StoredFunctionCall<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>::runFunctor()::{lambda(bool (Gwenview::LoadingDocumentImplPrivate::* const&)(), Gwenview::LoadingDocumentImplPrivate*)#1}, std::tuple<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*> >(QtConcurrent::StoredFunctionCall<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>::runFunctor()::{lambda(bool (Gwenview::LoadingDocumentImplPrivate::* const&)(), Gwenview::LoadingDocumentImplPrivate*)#1}, std::tuple<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>&&) (__t=..., __f=<synthetic pointer>...) at /usr/include/c++/13.2.1/tuple:2299
#16 QtConcurrent::StoredFunctionCall<bool (Gwenview::LoadingDocumentImplPrivate::*)(), Gwenview::LoadingDocumentImplPrivate*>::runFunctor (this=0x555555f5a040) at /usr/include/qt6/QtConcurrent/qtconcurrentstoredfunctioncall.h:122
#17 0x00007ffff7de59d9 in QtConcurrent::RunFunctionTaskBase<bool>::run (this=0x555555f5a040)
    at /usr/include/qt6/QtConcurrent/qtconcurrentrunbase.h:83
#18 0x00007ffff58a66e5 in QThreadPoolThread::run (this=0x555555f50e00)
    at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/thread/qthreadpool.cpp:66
#19 0x00007ffff58a0bd3 in operator() (__closure=<optimized out>)
    at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/thread/qthread_unix.cpp:324
#20 (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > (t=<optimized out>)
    at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/thread/qthread_unix.cpp:260
#21 QThreadPrivate::start (arg=0x555555f50e00)
    at /usr/src/debug/qt6-base/qtbase-everywhere-src-6.6.2/src/corelib/thread/qthread_unix.cpp:283
#22 0x00007ffff50a955a in start_thread (arg=<optimized out>) at pthread_create.c:447
#23 0x00007ffff5126a3c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
Comment 3 Bug Janitor Service 2024-03-07 21:59:25 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/graphics/gwenview/-/merge_requests/259
Comment 4 Albert Astals Cid 2024-03-07 22:00:48 UTC 
The file is fine fitstopnm will create valid images out of it, sadly we don't understand it
Comment 5 Albert Astals Cid 2024-03-07 22:05:20 UTC 
Git commit 1159b35f31b330c701ff23cd5856317e2bf8f43f by Albert Astals Cid.
Committed on 07/03/2024 at 21:58.
Pushed by aacid into branch 'master'.

Don't crash on unsupported fits images

M  +8    -0    lib/imageformats/fitsformat/fitsdata.cpp

https://invent.kde.org/graphics/gwenview/-/commit/1159b35f31b330c701ff23cd5856317e2bf8f43f
Comment 6 Albert Astals Cid 2024-03-07 22:05:57 UTC 
Git commit 28ca97c4e03382c06f9630c185c177a65697de72 by Albert Astals Cid.
Committed on 07/03/2024 at 22:05.
Pushed by aacid into branch 'release/24.02'.

Don't crash on unsupported fits images
(cherry picked from commit 1159b35f31b330c701ff23cd5856317e2bf8f43f)

M  +8    -0    lib/imageformats/fitsformat/fitsdata.cpp

https://invent.kde.org/graphics/gwenview/-/commit/28ca97c4e03382c06f9630c185c177a65697de72