Segmentation fault from opening specific file from Recent images in Welcome dialog
Environment/Versions
- GIMP version: GIMP_2_99_18-346-gadb479a6
- Package: Flatpak and installed from source
- Operating System: Linux
Description of the bug
On git master I ran Sparkle with some values and exported to dds. Interesting thing is that now GIMP segfaults on trying to open that dds file from Recent images
in the Welcome dialog.
taj_orig_sparkle.dds
Terminal messages:
(dds:14807): LibGimpUI-CRITICAL **: 21:48:14.712: gimp_window_transient_on_mapped: assertion 'handle_size == sizeof (Window)' failed
gimp-2.99: fatal error: Segmentation fault
26 ../sysdeps/unix/sysv/linux/read.c: No such file or directory.
(script-fu:14778): LibGimpBase-WARNING **: 21:48:18.353: script-fu: gimp_wire_read(): unexpected EOF
If I instead open the file with File->Open or through the Open button in the Welcome dialog, it just shows a message in the error console:
GIMP Error
Opening '/home/anders/Bilder/GIMP-playground/File samples/taj_orig_sparkle.dds' failed:
Requested data exceeds size of file.
Does Recent images
in the Welcome dialog open images differently since the file can crash GIMP?
Reproduction
Is the bug reproducible? Always for me that have the image in the Recent files in the Welcome dialog. For others it might be hard to reproduce.
Reproduction steps:
- Have taj_orig_sparkle.dds in Recent images in Welcome dialog
- Open it from there
- Segmentation fault
…
Expected result: No difference between ways to open file
Actual result: Segmentation fault when opening through Recent images in Welcome dialog
Additional information
Backtrace from the segfault:
GNU Image Manipulation Program version 2.99.19
git-describe: GIMP_2_99_18-346-gadb479a63e
Build: unknown rev 0 for linux
# C compiler #
Using built-in specs.
COLLECT_GCC=/usr/bin/cc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-linux-gnu/13/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 13.2.0-13' --with-bugurl=file:///usr/share/doc/gcc-13/README.Bugs --enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-13 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/libexec --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-libstdcxx-backtrace --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --enable-libphobos-checking=release --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none=/build/reproducible-path/gcc-13-13.2.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/reproducible-path/gcc-13-13.2.0/debian/tmp-gcn/usr --enable-offload-defaulted --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 13.2.0 (Debian 13.2.0-13)
# Libraries #
using babl version 0.1.109 (compiled against version 0.1.109)
using GEGL version 0.4.49 (compiled against version 0.4.49)
using GLib version 2.78.4 (compiled against version 2.78.4)
using GdkPixbuf version 2.42.10 (compiled against version 2.42.10)
using GTK+ version 3.24.41 (compiled against version 3.24.41)
using Pango version 1.52.0 (compiled against version 1.52.0)
using Fontconfig version 2.15.0 (compiled against version 2.15.0)
using Cairo version 1.18.0 (compiled against version 1.18.0)
fatal error: Segmentation fault
Stack trace:
# Stack traces obtained from PID 14109 - Thread 14109 #
[New LWP 14110]
[New LWP 14111]
[New LWP 14112]
[New LWP 14113]
[New LWP 14114]
[New LWP 14115]
[New LWP 14116]
[New LWP 14117]
[New LWP 14118]
[New LWP 14119]
[New LWP 14120]
[New LWP 14121]
[New LWP 14122]
[New LWP 14123]
[New LWP 14124]
[New LWP 14125]
[New LWP 14126]
[New LWP 14127]
[New LWP 14128]
[New LWP 14130]
[New LWP 14133]
[New LWP 14786]
[New LWP 14789]
[New LWP 14859]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
__GI___libc_read (nbytes=255, buf=0x7fffe2393730, fd=24) at ../sysdeps/unix/sysv/linux/read.c:26
Id Target Id Frame
* 1 Thread 0x7f51d98091c0 (LWP 14109) "gimp-2.99" __GI___libc_read (nbytes=255, buf=0x7fffe2393730, fd=24) at ../sysdeps/unix/sysv/linux/read.c:26
2 Thread 0x7f51d6d5c6c0 (LWP 14110) "pool-spawner" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
3 Thread 0x7f51d655b6c0 (LWP 14111) "gmain" 0x00007f51db571abf in __GI___poll (fds=0x55dc945fd140, nfds=2, timeout=6997) at ../sysdeps/unix/sysv/linux/poll.c:29
4 Thread 0x7f51d5d5a6c0 (LWP 14112) "gdbus" 0x00007f51db571abf in __GI___poll (fds=0x7f51cc012500, nfds=8, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
5 Thread 0x7f51d52086c0 (LWP 14113) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
6 Thread 0x7f51d4a076c0 (LWP 14114) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
7 Thread 0x7f51c7fff6c0 (LWP 14115) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
8 Thread 0x7f51c77fe6c0 (LWP 14116) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
9 Thread 0x7f51c6ffd6c0 (LWP 14117) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
10 Thread 0x7f51c67fc6c0 (LWP 14118) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
11 Thread 0x7f51c5ffb6c0 (LWP 14119) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
12 Thread 0x7f51c57fa6c0 (LWP 14120) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
13 Thread 0x7f51c4ff96c0 (LWP 14121) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
14 Thread 0x7f51a7fff6c0 (LWP 14122) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
15 Thread 0x7f51a77fe6c0 (LWP 14123) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
16 Thread 0x7f51a6ffd6c0 (LWP 14124) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
17 Thread 0x7f51a67fc6c0 (LWP 14125) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
18 Thread 0x7f51a5ffb6c0 (LWP 14126) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
19 Thread 0x7f51a57fa6c0 (LWP 14127) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
20 Thread 0x7f517b5ff6c0 (LWP 14128) "async" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
21 Thread 0x7f517a5fd6c0 (LWP 14130) "gimp-2.99" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
22 Thread 0x7f516b7fe6c0 (LWP 14133) "gimp-2.99" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
23 Thread 0x7f516a7fc6c0 (LWP 14786) "pool-gimp-2.99" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
24 Thread 0x7f5168ff96c0 (LWP 14789) "dconf worker" 0x00007f51db571abf in __GI___poll (fds=0x7f5144000b90, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
25 Thread 0x7f516bfff6c0 (LWP 14859) "swap writer" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#0 __GI___libc_read (nbytes=255, buf=0x7fffe2393730, fd=24) at ../sysdeps/unix/sysv/linux/read.c:26
sc_ret = -512
sc_cancel_oldtype = 0
sc_ret = <optimized out>
#1 __GI___libc_read (fd=24, buf=buf@entry=0x7fffe2393730, nbytes=nbytes@entry=255) at ../sysdeps/unix/sysv/linux/read.c:24
#2 0x00007f51dcfd11ab in gimp_stack_trace_print (prog_name=<optimized out>, stream=stream@entry=0x55dc98b6f740, trace=trace@entry=0x0) at ../libgimpbase/gimputils.c:1394
status = 0
stack_printed = 0
gtrace = 0x0
gimp_pid = "14109\000\000\000\000\000\000\000\351\231\200i"
buffer = "\000\000\000\000\000\000\000\000\354\023\336\231\334U\000\000", ',' <repeats 32 times>, '\000' <repeats 33 times>, "Thaw the image's undo stack.\000th", '\000' <repeats 33 times>, "TDM[\fXDI\fEAMKI\v_\fYBHC\f_XMOG\002\000XD", '\000' <repeats 79 times>
read_n = <optimized out>
sync_fd = {22, 23}
out_fd = {24, 25}
fork_pid = <optimized out>
pid = 14109
eintr_count = 0
tid = <optimized out>
#3 0x000055dc934705b0 in gimp_eek (reason=reason@entry=0x55dc936ebd1b "fatal error", message=<optimized out>, use_handler=use_handler@entry=1) at ../app/errors.c:355
fd = 0x55dc98b6f740
has_backtrace = 1
pid = "14109\000\000\000\205.\000\000\000\000\000"
gimpdebug = 0x55dc93767968 "/usr/local/libexec/gimp-debug-tool-2.99"
args = {0x55dc93767968 "/usr/local/libexec/gimp-debug-tool-2.99", 0x55dc947f77b0 "gimp-2.99", 0x7fffe2393bc0 "14109", 0x55dc936ebd1b "fatal error", 0x55dc99d12d04 "Segmentation fault", 0x55dc947f5130 "/home/anders/.config/GIMP/2.99/CrashLog/gimp-crash-1712605686.txt", 0x0, 0x7fffe2393bd0 "0", 0x0}
timestamp = "0\000^\224\334U\000\000\004-\321\231\334U\000"
config = <optimized out>
eek_handled = 0
debug_policy = GIMP_DEBUG_POLICY_WARNING
iter = <optimized out>
num_idx = <optimized out>
i = 0
#4 0x000055dc93470ba8 in gimp_fatal_error (message=<optimized out>) at ../app/errors.c:206
#5 0x000055dc934734f9 in gimp_sigfatal_handler (sig_num=11) at ../app/signals.c:196
#6 0x00007f51db4b2510 in <signal handler called> () at /lib/x86_64-linux-gnu/libc.so.6
#7 0x000055dc934b3108 in welcome_open_images_callback (button=<optimized out>, listbox=<optimized out>) at ../app/dialogs/welcome-dialog.c:1246
file = 0x55dc96b3ce90
image = <optimized out>
name = <optimized out>
status = GIMP_PDB_EXECUTION_ERROR
iter = 0x55dc99a90b90 = {0x55dc98989f50}
rows = 0x55dc99a90b90 = {0x55dc98989f50}
gimp = 0x55dc9475ff90
error = 0x0
opened = <optimized out>
parent = 0x0
#8 0x00007f51dceea749 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#9 0x00007f51dceff5bf in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#10 0x00007f51dcf05186 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#11 0x00007f51dcf05243 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#12 0x00007f51db8dad20 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#13 0x00007f51dceea749 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#14 0x00007f51dceff5bf in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#15 0x00007f51dcf05186 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#16 0x00007f51dcf05243 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#17 0x00007f51db8d8f24 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#18 0x00007f51db897085 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#19 0x00007f51dceea749 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#20 0x00007f51dceff5bf in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#21 0x00007f51dcf05186 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#22 0x00007f51dcf05243 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#23 0x00007f51db9b317e in () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#24 0x00007f51dceed986 in g_cclosure_marshal_VOID__BOXEDv () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#25 0x00007f51dceea749 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#26 0x00007f51dceff5bf in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#27 0x00007f51dcf05186 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#28 0x00007f51dcf05243 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#29 0x00007f51db9b0213 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#30 0x00007f51db9b1803 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#31 0x00007f51db9b4a42 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#32 0x00007f51db979361 in gtk_event_controller_handle_event () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#33 0x00007f51dbb488bd in () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#34 0x00007f51db890db8 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#35 0x00007f51dceea749 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#36 0x00007f51dcefe913 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#37 0x00007f51dcf05186 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#38 0x00007f51dcf05243 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#39 0x00007f51dbb4a314 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#40 0x00007f51db9fc84e in () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#41 0x00007f51db9fe4be in gtk_main_do_event () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#42 0x00007f51dc0eaa79 in () at /lib/x86_64-linux-gnu/libgdk-3.so.0
#43 0x00007f51dc1405c6 in () at /lib/x86_64-linux-gnu/libgdk-3.so.0
#44 0x00007f51dc9cc1f4 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#45 0x00007f51dc9cf317 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#46 0x00007f51dc9cf930 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#47 0x00007f51dc754b7d in g_application_run () at /lib/x86_64-linux-gnu/libgio-2.0.so.0
#48 0x000055dc934700da in app_run (full_prog_name=0x55dc945c9420 "gimp-2.99", filenames=<optimized out>, alternate_system_gimprc=alternate_system_gimprc@entry=0x0, alternate_gimprc=alternate_gimprc@entry=0x0, session_name=<optimized out>, batch_interpreter=<optimized out>, batch_commands=0x0, quit=0, as_new=0, no_interface=0, no_data=<optimized out>, no_fonts=<optimized out>, no_splash=0, be_verbose=0, use_shm=1, use_cpu_accel=1, console_messages=0, use_debug_handler=0, show_playground=1, show_debug_menu=1, stack_trace_mode=GIMP_STACK_TRACE_QUERY, pdb_compat_mode=<optimized out>, backtrace_file=0x55dc945e52a0 "/home/anders/.config/GIMP/2.99/CrashLog/gimp-crash-1712605686.txt") at ../app/app.c:317
gimp = 0x55dc9475ff90
app = 0x55dc947d9ae0
default_folder = 0x0
gimpdir = 0x55dc947db870
abort_message = <optimized out>
retval = 0
__func__ = "app_run"
#49 0x000055dc932b0d37 in main (argc=<optimized out>, argv=<optimized out>) at ../app/main.c:786
context = 0x55dc945ee6e0
error = 0x0
abort_message = <optimized out>
basename = <optimized out>
system_gimprc_file = 0x0
user_gimprc_file = 0x0
gimp_group = <optimized out>
backtrace_file = 0x55dc945e52a0 "/home/anders/.config/GIMP/2.99/CrashLog/gimp-crash-1712605686.txt"
retval = <optimized out>
i = <optimized out>
[Inferior 1 (process 14109) detached]