2.99.17: Gradient Flare plug-in crash on editing flare
Environment/Versions
- GIMP version: GIMP_2_99_16-406-g96b3302e, also present on GIMP_2_99_16-961-g06b638bd
- Package: Compiled from source
- Operating System: Linux
The Gradient flare plug-in crashes quite reliably on trying to edit a gradient flare in recent git master. Description of the bug
From testing it looks like GIMP_2_99_16-406-g96b3302e is the first commit with the problem, so likely to be some side effect of the API port.
Bisection results:
GIMP_2_99_16-405-g7da0db9e88 1 oct GOOD: Have not been able to get it to crash so far...
GIMP_2_99_16-406-g96b3302e65 1 oct BAD: Segfault present after some tries
Exiting the stack trace gives the plug-in crash message:
Plug-in crashed: "gradient-flare"
(/usr/local/lib/x86_64-linux-gnu/gimp/2.99/plug-ins/gradient-flare/gradient-flare)
Reproduction
Is the bug reproducible? Randomly, but at least 25% of the time.
Reproduction steps:
- Open image
- Choose Filters->Light and Shadow->Gradient Flare
- Open Selector tab, click Edit button
- Quite often crashes here, otherwise this can be repeated by choosing cancel and trying to edit another gradient flare until there is a crash.
…
Expected result: No crash
Actual result: The plug-in crashes
Additional information
Stacktrace from the crash on GIMP_2_99_16-961-g06b638bd:
/usr/local/lib/x86_64-linux-gnu/gimp/2.99/plug-ins/gradient-flare/gradient-flare: fatal error: Segmentation fault
/usr/local/lib/x86_64-linux-gnu/gimp/2.99/plug-ins/gradient-flare/gradient-flare (pid:10514): [E]xit, show [S]tack trace or [P]roceed: s
26 ../sysdeps/unix/sysv/linux/read.c: No such file or directory.
Python Exception <class 'gdb.MemoryError'>: Cannot access memory at address 0x1a62762e3225d4bb
# Stack traces obtained from PID 10514 - Thread 10514 #
[New LWP 10515]
[New LWP 10516]
[New LWP 10517]
[New LWP 10518]
[New LWP 10519]
[New LWP 10520]
[New LWP 10521]
[New LWP 10522]
[New LWP 10523]
[New LWP 10524]
[New LWP 10525]
[New LWP 10526]
[New LWP 10527]
[New LWP 10528]
[New LWP 10529]
[New LWP 10530]
[New LWP 10531]
[New LWP 10532]
[New LWP 10533]
[New LWP 10534]
[New LWP 10535]
[New LWP 10536]
[New LWP 10537]
[New LWP 10538]
[New LWP 10539]
[New LWP 10540]
[New LWP 10541]
[New LWP 10542]
[New LWP 10543]
[New LWP 10544]
[New LWP 10545]
[New LWP 10546]
[New LWP 10547]
[New LWP 10548]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
__GI___libc_read (nbytes=255, buf=0x7fff57d91c10, fd=14) at ../sysdeps/unix/sysv/linux/read.c:26
Id Target Id Frame
* 1 Thread 0x7ffb67636e80 (LWP 10514) "gradient-flare" __GI___libc_read (nbytes=255, buf=0x7fff57d91c10, fd=14) at ../sysdeps/unix/sysv/linux/read.c:26
2 Thread 0x7ffb672c46c0 (LWP 10515) "pool-spawner" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
3 Thread 0x7ffb66ac36c0 (LWP 10516) "gmain" 0x00007ffb68d3aa1f in __GI___poll (fds=0x562def20db50, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
4 Thread 0x7ffb662c26c0 (LWP 10517) "gdbus" 0x00007ffb68d3aa1f in __GI___poll (fds=0x7ffb5c000b90, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
5 Thread 0x7ffb657486c0 (LWP 10518) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
6 Thread 0x7ffb64f476c0 (LWP 10519) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
7 Thread 0x7ffb57fff6c0 (LWP 10520) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
8 Thread 0x7ffb577fe6c0 (LWP 10521) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
9 Thread 0x7ffb56ffd6c0 (LWP 10522) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
10 Thread 0x7ffb567fc6c0 (LWP 10523) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
11 Thread 0x7ffb55ffb6c0 (LWP 10524) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
12 Thread 0x7ffb557fa6c0 (LWP 10525) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
13 Thread 0x7ffb54ff96c0 (LWP 10526) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
14 Thread 0x7ffb3ffff6c0 (LWP 10527) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
15 Thread 0x7ffb3f7fe6c0 (LWP 10528) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
16 Thread 0x7ffb3effd6c0 (LWP 10529) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
17 Thread 0x7ffb3e7fc6c0 (LWP 10530) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
18 Thread 0x7ffb3dffb6c0 (LWP 10531) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
19 Thread 0x7ffb3d7fa6c0 (LWP 10532) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
20 Thread 0x7ffb3c3ff6c0 (LWP 10533) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
21 Thread 0x7ffb161ff6c0 (LWP 10534) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
22 Thread 0x7ffb15ffe6c0 (LWP 10535) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
23 Thread 0x7ffb15dfd6c0 (LWP 10536) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
24 Thread 0x7ffb15bfc6c0 (LWP 10537) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
25 Thread 0x7ffb159fb6c0 (LWP 10538) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
26 Thread 0x7ffb157fa6c0 (LWP 10539) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
27 Thread 0x7ffb155f96c0 (LWP 10540) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
28 Thread 0x7ffb153f86c0 (LWP 10541) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
29 Thread 0x7ffb151f76c0 (LWP 10542) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
30 Thread 0x7ffb14ff66c0 (LWP 10543) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
31 Thread 0x7ffb14df56c0 (LWP 10544) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
32 Thread 0x7ffb14bf46c0 (LWP 10545) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
33 Thread 0x7ffb149f36c0 (LWP 10546) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
34 Thread 0x7ffb147f26c0 (LWP 10547) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
35 Thread 0x7ffb145f16c0 (LWP 10548) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#0 __GI___libc_read (nbytes=255, buf=0x7fff57d91c10, fd=14) at ../sysdeps/unix/sysv/linux/read.c:26
sc_ret = -512
sc_cancel_oldtype = 0
sc_ret = <optimized out>
#1 __GI___libc_read (fd=14, buf=buf@entry=0x7fff57d91c10, nbytes=nbytes@entry=255) at ../sysdeps/unix/sysv/linux/read.c:24
#2 0x00007ffb6a0f8b1b in gimp_stack_trace_print (prog_name=prog_name@entry=0x7fff57d94243 "/usr/local/lib/x86_64-linux-gnu/gimp/2.99/plug-ins/gradient-flare/gradient-flare", stream=0x7ffb68e13780 <_IO_2_1_stdout_>, trace=trace@entry=0x0) at ../libgimpbase/gimputils.c:1394
status = 1886218599
stack_printed = 0
gtrace = 0x0
gimp_pid = "10514\000\000\000 !\265\357-V\000"
buffer = "\0008P\357-V\000\000\3207P\357-V\000\000P\034\331W\377\177\000\000\200\034\331W\377\177\000\000\001\000\000\000\000\000\000\000\023\001\000\000\000\000\000\000", '\n' <repeats 32 times>, '\000' <repeats 32 times>, ": \000upper >= lower\000step || page |", '\000' <repeats 32 times>, "\037\005\000PUU@W\005\033\030\005IJR@W\000VQ@U\005YY"...
read_n = <optimized out>
sync_fd = {12, 13}
out_fd = {14, 15}
fork_pid = <optimized out>
pid = 10514
eintr_count = 0
tid = <optimized out>
#3 0x00007ffb6a0f91f0 in gimp_stack_trace_query (prog_name=0x7fff57d94243 "/usr/local/lib/x86_64-linux-gnu/gimp/2.99/plug-ins/gradient-flare/gradient-flare") at ../libgimpbase/gimputils.c:1557
buf = "s\n", '\000' <repeats 13 times>
#4 0x00007ffb6a130204 in gimp_plugin_sigfatal_handler (sig_num=<optimized out>) at ../libgimp/gimp.c:1039
sigset = {__val = {0, 140717777370768, 94755292474528, 1776019350, 0, 94755295208816, 94755295208768, 94755288669360, 94755292496496, 514, 34, 140717776312465, 0, 514, 34, 140717776337407}}
#5 0x00007ffb68c7b510 in <signal handler called> () at /lib/x86_64-linux-gnu/libc.so.6
#6 calc_sflare_pix (dest_pix=dest_pix@entry=0x7fff57d92e8c "", x=<optimized out>, y=<optimized out>, src_pix=0x7fff57d92e3c "") at ../plug-ins/gradient-flare/gradient-flare.c:2298
list = #7 0x0000562deebe9978 in calc_sflare_pix (src_pix=0x7fff57d92e3c "", y=<optimized out>, x=<optimized out>, dest_pix=0x7fff57d92e8c "") at ../plug-ins/gradient-flare/gradient-flare.c:2348
gflare = <optimized out>
glow_pix = "\377\357?"
rays_pix = "\000\000\000"
tmp_pix = "\000\000\000\377"
#8 0x0000562deebe9eaa in ed_preview_render_general (y=<optimized out>, buffer=0x562defb2d700 "") at ../plug-ins/gradient-flare/gradient-flare.c:4252
x = 0
i = <optimized out>
gflare_pix = "\000\000\000\377"
gflare_a = <optimized out>
src_pix = "\000\000\000\377"
#9 ed_preview_render_func (preview=<optimized out>, buffer=<optimized out>, y=<optimized out>, data=<optimized out>) at ../plug-ins/gradient-flare/gradient-flare.c:4225
#10 0x0000562deebe87d1 in preview_handle_idle (preview=0x562defae8840) at ../plug-ins/gradient-flare/gradient-flare.c:4424
done = 0
#11 0x00007ffb69c950d9 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007ffb69c98317 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x00007ffb69c98c1f in g_main_loop_run () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007ffb69e30b53 in gimp_dialog_run (dialog=dialog@entry=0x562def4f7610) at ../libgimpwidgets/gimpdialog.c:695
ri = {dialog = 0x0, response_id = -1, loop = 0x562def7176e0, destroyed = 0}
response_handler = 1148
unmap_handler = 1149
destroy_handler = 1151
delete_handler = 1150
__func__ = "gimp_dialog_run"
#15 0x0000562deebeda0f in dlg_run (config=0x562def22c130, procedure=0x562def227830) at ../plug-ins/gradient-flare/gradient-flare.c:2572
frame = <optimized out>
button = <optimized out>
run = 0
gflare_name = 0x562def3ae860 "\030"
src_buffer = 0x562def37c350
shell = 0x562def4f7610
hbox = <optimized out>
vbox = <optimized out>
notebook = 0x562def3d9c90
__func__ = "dlg_run"
path = <optimized out>
#16 gflare_run (procedure=0x562def227830, run_mode=GIMP_RUN_INTERACTIVE, _image=<optimized out>, n_drawables=<optimized out>, drawables=<optimized out>, config=0x562def22c130, run_data=0x0) at ../plug-ins/gradient-flare/gradient-flare.c:1001
path = <optimized out>
#17 0x00007ffb6a1364c2 in gimp_image_procedure_run (procedure=0x562def227830, args=0x562def22be40) at ../libgimp/gimpimageprocedure.c:180
plug_in = <optimized out>
image_proc = 0x562def227830
status = GIMP_PDB_EXECUTION_ERROR
config = 0x562def22c130
remaining = 0x562def22c0a0
return_values = <optimized out>
run_mode = GIMP_RUN_INTERACTIVE
image = 0x562def1daff0
drawables = 0x562def22c0c0
n_drawables = 1
i = <optimized out>
__func__ = "gimp_image_procedure_run"
#18 0x00007ffb6a13ff56 in _gimp_procedure_run_array (procedure=procedure@entry=0x562def227830, args=args@entry=0x562def2287a0) at ../libgimp/gimpprocedure.c:2040
config = 0x0
config_class = 0x0
complete = 0x562def22be40
return_vals = <optimized out>
error = 0x0
i = <optimized out>
__func__ = "_gimp_procedure_run_array"
#19 0x00007ffb6a13c46e in gimp_plug_in_proc_run_internal (plug_in=plug_in@entry=0x562def203540, proc_run=proc_run@entry=0x562def226ae0, procedure=procedure@entry=0x562def227830, proc_return=proc_return@entry=0x7fff57d932b0) at ../libgimp/gimpplugin.c:1413
arguments = 0x562def2287a0
return_values = 0x0
gettext_domain = 0x562def2287a0 "\004"
catalog_dir = 0x562def2287c0 "0x\"\357-V"
#20 0x00007ffb6a13cb16 in gimp_plug_in_proc_run (proc_run=0x562def226ae0, plug_in=0x562def203540) at ../libgimp/gimpplugin.c:1345
proc_return = {name = 0x0, n_params = 0, params = 0x7ffb6a169d34}
procedure = 0x562def227830
msg = {type = 5, data = 0x562def226ae0}
__func__ = "_gimp_plug_in_run"
#21 gimp_plug_in_loop (plug_in=0x562def203540) at ../libgimp/gimpplugin.c:1253
msg = {type = 5, data = 0x562def226ae0}
__func__ = "_gimp_plug_in_run"
#22 _gimp_plug_in_run (plug_in=0x562def203540) at ../libgimp/gimpplugin.c:844
__func__ = "_gimp_plug_in_run"
#23 0x00007ffb6a130941 in gimp_main (plug_in_type=<optimized out>, argc=<optimized out>, argv=<optimized out>) at ../libgimp/gimp.c:536
read_channel = 0x562def1d9580
write_channel = 0x562def1f2da0
basename = <optimized out>
protocol_version = <optimized out>
__func__ = "gimp_main"
#24 0x00007ffb68c666ca in __libc_start_call_main (main=main@entry=0x562deebe5eb0 <main>, argc=argc@entry=7, argv=argv@entry=0x7fff57d935f8) at ../sysdeps/nptl/libc_start_call_main.h:58
self = <optimized out>
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140734667240952, 2179433995576558597, 0, 140734667241016, 94755279022904, 140717794095104, -2179662944949877755, -2177430877883448315}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fff57d935f8, 0x7fff57d935f8}, data = {prev = 0x0, cleanup = 0x0, canceltype = 1473852920}}}
not_first_call = <optimized out>
#25 0x00007ffb68c66785 in __libc_start_main_impl (main=0x562deebe5eb0 <main>, argc=7, argv=0x7fff57d935f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff57d935e8) at ../csu/libc-start.c:360
#26 0x0000562deebe5f01 in _start ()
[Inferior 1 (process 10514) detached]