Blinds: segmentation fault on number of segments set high (850+)
Environment/Versions
- GIMP version: 2.99.18, present in GIMP_2_99_18-247-g32c9a9a6
- Package: Flatpak and compiled from source
- Operating System: Linux
Description of the bug
I run into a segmentation fault in blinds when trying to set the number of segments too high (about 850 or so). The slider allows the interval 1 to 1024.
In 2.10 the highest allowed number of segments was 100, which also exists as a magic value MAX_FANS, so the easiest solution is probably to set max number of segments to 100 again.
Reproduction
Is the bug reproducible? Always
Reproduction steps:
- Open an image
- Filters->Distort->Blinds
- Set number of segments near 1000
…
Expected result: Not being able to crash the plug-in from the menu
Actual result: Segmentation fault
Additional information
/usr/local/lib/x86_64-linux-gnu/gimp/2.99/plug-ins/blinds/blinds: fatal error: Segmentation fault
/usr/local/lib/x86_64-linux-gnu/gimp/2.99/plug-ins/blinds/blinds (pid:39830): [E]xit, show [S]tack trace or [P]roceed: s
26 ../sysdeps/unix/sysv/linux/read.c: No such file or directory.
# Stack traces obtained from PID 39830 - Thread 39830 #
[New LWP 39831]
[New LWP 39832]
[New LWP 39833]
[New LWP 39834]
[New LWP 39835]
[New LWP 39836]
[New LWP 39837]
[New LWP 39838]
[New LWP 39839]
[New LWP 39840]
[New LWP 39841]
[New LWP 39842]
[New LWP 39843]
[New LWP 39844]
[New LWP 39845]
[New LWP 39846]
[New LWP 39847]
[New LWP 39848]
[New LWP 39849]
[New LWP 39850]
[New LWP 39851]
[New LWP 39852]
[New LWP 39853]
[New LWP 39854]
[New LWP 39855]
[New LWP 39856]
[New LWP 39857]
[New LWP 39858]
[New LWP 39859]
[New LWP 39860]
[New LWP 39861]
[New LWP 39862]
[New LWP 39863]
[New LWP 39864]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
__GI___libc_read (nbytes=255, buf=0x7ffef469add0, fd=14) at ../sysdeps/unix/sysv/linux/read.c:26
Id Target Id Frame
* 1 Thread 0x7f7fe8a4fe80 (LWP 39830) "blinds" __GI___libc_read (nbytes=255, buf=0x7ffef469add0, fd=14) at ../sysdeps/unix/sysv/linux/read.c:26
2 Thread 0x7f7fe85b46c0 (LWP 39831) "pool-spawner" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
3 Thread 0x7f7fe7db36c0 (LWP 39832) "gmain" 0x00007f7fea368abf in __GI___poll (fds=0x5611448d30b0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
4 Thread 0x7f7fe75b26c0 (LWP 39833) "gdbus" 0x00007f7fea368abf in __GI___poll (fds=0x7f7fdc000b90, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
5 Thread 0x7f7fe69c16c0 (LWP 39834) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
6 Thread 0x7f7fe61c06c0 (LWP 39835) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
7 Thread 0x7f7fe59bf6c0 (LWP 39836) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
8 Thread 0x7f7fe51be6c0 (LWP 39837) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
9 Thread 0x7f7fe49bd6c0 (LWP 39838) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
10 Thread 0x7f7fd7fff6c0 (LWP 39839) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
11 Thread 0x7f7fd77fe6c0 (LWP 39840) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
12 Thread 0x7f7fd6ffd6c0 (LWP 39841) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
13 Thread 0x7f7fd67fc6c0 (LWP 39842) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
14 Thread 0x7f7fd5ffb6c0 (LWP 39843) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
15 Thread 0x7f7fd57fa6c0 (LWP 39844) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
16 Thread 0x7f7fd4ff96c0 (LWP 39845) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
17 Thread 0x7f7fa7fff6c0 (LWP 39846) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
18 Thread 0x7f7fa77fe6c0 (LWP 39847) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
19 Thread 0x7f7fa6ffd6c0 (LWP 39848) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
20 Thread 0x7f7fa55ff6c0 (LWP 39849) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
21 Thread 0x7f7fa53fe6c0 (LWP 39850) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
22 Thread 0x7f7fa512b6c0 (LWP 39851) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
23 Thread 0x7f7fa4f2a6c0 (LWP 39852) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
24 Thread 0x7f7fa4d296c0 (LWP 39853) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
25 Thread 0x7f7fa4b286c0 (LWP 39854) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
26 Thread 0x7f7fa49276c0 (LWP 39855) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
27 Thread 0x7f7fa47266c0 (LWP 39856) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
28 Thread 0x7f7fa45256c0 (LWP 39857) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
29 Thread 0x7f7fa43246c0 (LWP 39858) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
30 Thread 0x7f7f9e1ff6c0 (LWP 39859) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
31 Thread 0x7f7f9dffe6c0 (LWP 39860) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
32 Thread 0x7f7f9ddfd6c0 (LWP 39861) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
33 Thread 0x7f7f9dbfc6c0 (LWP 39862) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
34 Thread 0x7f7f9d9fb6c0 (LWP 39863) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
35 Thread 0x7f7f9d7fa6c0 (LWP 39864) "blinds" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#0 __GI___libc_read (nbytes=255, buf=0x7ffef469add0, fd=14) at ../sysdeps/unix/sysv/linux/read.c:26
sc_ret = -512
sc_cancel_oldtype = 0
sc_ret = <optimized out>
#1 __GI___libc_read (fd=14, buf=buf@entry=0x7ffef469add0, nbytes=nbytes@entry=255) at ../sysdeps/unix/sysv/linux/read.c:24
#2 0x00007f7fea25322b in gimp_stack_trace_print (prog_name=prog_name@entry=0x7ffef469d22d "/usr/local/lib/x86_64-linux-gnu/gimp/2.99/plug-ins/blinds/blinds", stream=0x7f7fea441780 <_IO_2_1_stdout_>, trace=trace@entry=0x0) at ../libgimpbase/gimputils.c:1394
status = 1768710703
stack_printed = 0
gtrace = 0x0
gimp_pid = "39830\000\000\000\300\310\335D\021V\000"
buffer = "P&\302D\021V\000\000 &\302D\021V\000\000\020\256i\364\376\177\000\000\000\250Z\0202\217\201\020\001\000\000\000\021V\377\377\023\001\000\000\000\000\000\000", '\n' <repeats 32 times>, '\000' <repeats 32 times>, ": \000upper >= lower\000step || page |", '\000' <repeats 32 times>, "\037\005\000PUU@W\005\033\030\005IJR@W\000VQ@U\005YY"...
read_n = <optimized out>
sync_fd = {12, 13}
out_fd = {14, 15}
fork_pid = <optimized out>
pid = 39830
eintr_count = 0
tid = <optimized out>
#3 0x00007f7fea253900 in gimp_stack_trace_query (prog_name=0x7ffef469d22d "/usr/local/lib/x86_64-linux-gnu/gimp/2.99/plug-ins/blinds/blinds") at ../libgimpbase/gimputils.c:1557
buf = "s\n", '\000' <repeats 13 times>
#4 0x00007f7feb46b344 in gimp_plugin_sigfatal_handler (sig_num=<optimized out>) at ../libgimp/gimp.c:1036
sigset = {__val = {0, 140187364506324, 94632167184752, 140187365089525, 94632167184752, 94632169315376, 94632169482992, 1189389221788035072, 0, 140732998989680, 140187365656992, 94632169315376, 94632169482992, 140732998989760, 140732998990352, 140187364869424}}
#5 0x00007f7fea2a9510 in <signal handler called> () at /lib/x86_64-linux-gnu/libc.so.6
#6 0x000056114315383a in blindsapply (config=config@entry=0x56114497e4d0, srow=srow@entry=0x561144cbe110 "\001\002\003\004\005\006\a\b\t\n\v\f\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037 !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz", drow=drow@entry=0x561144ddfca0 "", width=<optimized out>, bpp=bpp@entry=1, bg=bg@entry=0x7ffef469c0ac "") at ../plug-ins/common/blinds.c:377
dst = <optimized out>
i = <optimized out>
j = <optimized out>
k = <optimized out>
ang = <optimized out>
available = 122
angledsp = 25
numsegs = 972
#7 0x0000561143153ce3 in dialog_update_preview (widget=0x561144be6790, config=0x56114497e4d0) at ../plug-ins/common/blinds.c:539
i = <optimized out>
sr = <optimized out>
dr = 0x561144ddfca0 ""
dummybg = "\000\000\000"
preview = 0x561144be6790
drawable = <optimized out>
y = <optimized out>
p = <optimized out>
buffer = <optimized out>
cache = 0x561144cba0b0
cache_start = <optimized out>
color = <optimized out>
bg = "\377\377\377\377"
width = 200
height = 122
bpp = 3
orientation = GIMP_ORIENTATION_HORIZONTAL
bg_trans = 0
#8 0x00007f7feb3b5749 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#9 0x00007f7feb3ca5bf in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#10 0x00007f7feb3d0186 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#11 0x00007f7feb3d0243 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#12 0x00007f7feb0427b3 in gimp_preview_invalidate_now (preview=0x561144be6790) at ../libgimpwidgets/gimppreview.c:501
priv = 0x561144be6600
toplevel = 0x561144c81560
class = 0x561144be6dd0
#13 0x00007f7fea71502e in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007f7fea7110d9 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x00007f7fea714317 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007f7fea714c1f in g_main_loop_run () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007f7feb031373 in gimp_dialog_run (dialog=dialog@entry=0x561144c81560) at ../libgimpwidgets/gimpdialog.c:695
ri = {dialog = 0x0, response_id = -1, loop = 0x561144a8fc50, destroyed = 0}
response_handler = 586
unmap_handler = 587
destroy_handler = 589
delete_handler = 588
__func__ = "gimp_dialog_run"
#18 0x00007f7feb41f5ed in gimp_procedure_dialog_run (dialog=dialog@entry=0x561144c81560) at ../libgimp/gimpproceduredialog.c:2512
response = <optimized out>
__func__ = "gimp_procedure_dialog_run"
#19 0x000056114315406d in blinds_dialog (drawable=0x56114497d370, config=0x56114497e4d0, procedure=0x5611448c8520) at ../plug-ins/common/blinds.c:322
dialog = 0x561144c81560
preview = 0x561144be6790
vbox = <optimized out>
hbox = <optimized out>
scale = <optimized out>
store = <optimized out>
run = <optimized out>
drawable = 0x56114497d370
#20 blinds_run (procedure=0x5611448c8520, run_mode=GIMP_RUN_INTERACTIVE, image=<optimized out>, n_drawables=<optimized out>, drawables=<optimized out>, config=0x56114497e4d0, run_data=0x0) at ../plug-ins/common/blinds.c:213
drawable = 0x56114497d370
#21 0x00007f7feb471842 in gimp_image_procedure_run (procedure=0x5611448c8520, args=0x56114497dfa0) at ../libgimp/gimpimageprocedure.c:180
plug_in = <optimized out>
image_proc = 0x5611448c8520
status = GIMP_PDB_EXECUTION_ERROR
config = 0x56114497e4d0
remaining = 0x56114497e460
return_values = <optimized out>
run_mode = GIMP_RUN_INTERACTIVE
image = 0x5611448a02a0
drawables = 0x56114497e480
n_drawables = 1
i = <optimized out>
__func__ = "gimp_image_procedure_run"
#22 0x00007f7feb47b2f6 in _gimp_procedure_run_array (procedure=procedure@entry=0x5611448c8520, args=args@entry=0x56114497b130) at ../libgimp/gimpprocedure.c:2052
config = 0x0
config_class = 0x0
complete = 0x56114497dfa0
return_vals = <optimized out>
error = 0x0
i = <optimized out>
__func__ = "_gimp_procedure_run_array"
#23 0x00007f7feb47780e in gimp_plug_in_proc_run_internal (plug_in=plug_in@entry=0x5611448c7d00, proc_run=proc_run@entry=0x5611448c9110, procedure=procedure@entry=0x5611448c8520, proc_return=proc_return@entry=0x7ffef469c890) at ../libgimp/gimpplugin.c:1413
arguments = 0x56114497b130
return_values = 0x0
gettext_domain = 0x56114497b130 "\004"
catalog_dir = 0x56114497b150 " \205\214D\021V"
#24 0x00007f7feb477eb6 in gimp_plug_in_proc_run (proc_run=0x5611448c9110, plug_in=0x5611448c7d00) at ../libgimp/gimpplugin.c:1345
proc_return = {name = 0x0, n_params = 0, params = 0x0}
procedure = 0x5611448c8520
msg = {type = 5, data = 0x5611448c9110}
__func__ = "_gimp_plug_in_run"
#25 gimp_plug_in_loop (plug_in=0x5611448c7d00) at ../libgimp/gimpplugin.c:1253
msg = {type = 5, data = 0x5611448c9110}
__func__ = "_gimp_plug_in_run"
#26 _gimp_plug_in_run (plug_in=0x5611448c7d00) at ../libgimp/gimpplugin.c:844
__func__ = "_gimp_plug_in_run"
#27 0x00007f7feb46ba81 in gimp_main (plug_in_type=<optimized out>, argc=<optimized out>, argv=<optimized out>) at ../libgimp/gimp.c:531
read_channel = 0x56114489e580
write_channel = 0x5611448b7560
basename = <optimized out>
protocol_version = <optimized out>
__func__ = "gimp_main"
#28 0x00007f7fea2946ca in __libc_start_call_main (main=main@entry=0x561143153580 <main>, argc=argc@entry=7, argv=argv@entry=0x7ffef469cbd8) at ../sysdeps/nptl/libc_start_call_main.h:58
self = <optimized out>
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140732998994904, -7029227949774886294, 0, 140732998994968, 94632139910432, 140187385626624, 7029770196210788970, 6957215069262424682}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7ffef469cbd8, 0x7ffef469cbd8}, data = {prev = 0x0, cleanup = 0x0, canceltype = -194393128}}}
not_first_call = <optimized out>
#29 0x00007f7fea294785 in __libc_start_main_impl (main=0x561143153580 <main>, argc=7, argv=0x7ffef469cbd8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffef469cbc8) at ../csu/libc-start.c:360
#30 0x00005611431535d1 in _start ()
[Inferior 1 (process 39830) detached]
/usr/local/lib/x86_64-linux-gnu/gimp/2.99/plug-ins/blinds/blinds (pid:39830): [E]xit, show [S]tack trace or [P]roceed: