IFS Fractal crash on repeated clicks in sliders
Environment/Versions
- GIMP version: GIMP_2_99_18-474-gb31a465a9e, present in current master GIMP_2_99_18-832-gfcdddad2a7
- Package: Flatpak and installed from source
- Operating System: Linux
Description of the bug
Originally discussed in !1500 (merged), but opening an issue so it's not forgotten. Still present on git master.
After commit b31a465a it is possible to make IFS Fractal segfault by clicking around in its sliders. Can take some clicks to run into it (the number varies, 30 clicks on my last try), so low priority since most users hopefully will be done with their settings before the crash is triggered.
Have not been able to reproduce before b31a465a, so looks like it started on that commit.
In !1500 (merged) Alx Sa wrote:
I feel like we're accidentally clearing the color values too many times (or there's a race condition of some sort).
Reproduction
Is the bug reproducible? Always, but can take some clicking before it occurs
Reproduction steps:
- Open an image
- Filters->Render->Fractals -> IFS Fractal
- Click around in the various sliders in IFS Fractal
- The plug-in segfaults
…
Expected result: No segmentation fault
Actual result: Segmentation fault in IFS Fractal plug-in
Additional information
If you have a backtrace for a crash or a warning, paste it here.
/usr/local/lib/x86_64-linux-gnu/gimp/3.0/plug-ins/ifs-compose/ifs-compose: fatal error: Segmentation fault
/usr/local/lib/x86_64-linux-gnu/gimp/3.0/plug-ins/ifs-compose/ifs-compose (pid:59034): [E]xit, show [S]tack trace or [P]roceed: s
26 ../sysdeps/unix/sysv/linux/read.c: No such file or directory.
# Stack traces obtained from PID 59034 - Thread 59034 #
[New LWP 59035]
[New LWP 59036]
[New LWP 59037]
[New LWP 59038]
[New LWP 59039]
[New LWP 59040]
[New LWP 59041]
[New LWP 59042]
[New LWP 59043]
[New LWP 59044]
[New LWP 59045]
[New LWP 59046]
[New LWP 59047]
[New LWP 59048]
[New LWP 59049]
[New LWP 59050]
[New LWP 59051]
[New LWP 59052]
[New LWP 59053]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
__GI___libc_read (nbytes=255, buf=0x7ffd95a2f810, fd=14) at ../sysdeps/unix/sysv/linux/read.c:26
Id Target Id Frame
* 1 Thread 0x7f3922852e80 (LWP 59034) "ifs-compose" __GI___libc_read (nbytes=255, buf=0x7ffd95a2f810, fd=14) at ../sysdeps/unix/sysv/linux/read.c:26
2 Thread 0x7f39223b46c0 (LWP 59035) "pool-spawner" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
3 Thread 0x7f3921bb36c0 (LWP 59036) "gmain" 0x00007f3923c3aabf in __GI___poll (fds=0x557b26bbada0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
4 Thread 0x7f39213b26c0 (LWP 59037) "gdbus" 0x00007f3923c3aabf in __GI___poll (fds=0x7f3918000b90, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
5 Thread 0x7f3913fff6c0 (LWP 59038) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
6 Thread 0x7f39137fe6c0 (LWP 59039) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
7 Thread 0x7f3912ffd6c0 (LWP 59040) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
8 Thread 0x7f39127fc6c0 (LWP 59041) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
9 Thread 0x7f3909ffb6c0 (LWP 59042) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
10 Thread 0x7f3911ffb6c0 (LWP 59043) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
11 Thread 0x7f39117fa6c0 (LWP 59044) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
12 Thread 0x7f3910ff96c0 (LWP 59045) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
13 Thread 0x7f390bfff6c0 (LWP 59046) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
14 Thread 0x7f390b7fe6c0 (LWP 59047) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
15 Thread 0x7f390affd6c0 (LWP 59048) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
16 Thread 0x7f390a7fc6c0 (LWP 59049) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
17 Thread 0x7f39097fa6c0 (LWP 59050) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
18 Thread 0x7f3908ff96c0 (LWP 59051) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
19 Thread 0x7f3903fff6c0 (LWP 59052) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
20 Thread 0x7f3900dff6c0 (LWP 59053) "ifs-compose" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#0 __GI___libc_read (nbytes=255, buf=0x7ffd95a2f810, fd=14) at ../sysdeps/unix/sysv/linux/read.c:26
sc_ret = -512
sc_cancel_oldtype = 0
sc_ret = <optimized out>
#1 __GI___libc_read (fd=14, buf=buf@entry=0x7ffd95a2f810, nbytes=nbytes@entry=255) at ../sysdeps/unix/sysv/linux/read.c:24
#2 0x00007f39251c8dfb in gimp_stack_trace_print (prog_name=prog_name@entry=0x7ffd95a3221b "/usr/local/lib/x86_64-linux-gnu/gimp/3.0/plug-ins/ifs-compose/ifs-compose", stream=0x7f3923d13780 <_IO_2_1_stdout_>, trace=trace@entry=0x0) at ../libgimpbase/gimputils.c:1394
status = 1731033205
stack_printed = 0
gtrace = 0x0
gimp_pid = "59034\000\000\000\000n\354&{U\000"
buffer = "\300\215\006'{U\000\000\220\215\006'{U\000\000P\370\242\225\375\177\000\000\003\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\023\001\000\000\000\000\000\000", '\n' <repeats 32 times>, '\000' <repeats 32 times>, ": \000upper >= lower\000step || page |", '\000' <repeats 32 times>, "\037\005\000PUU@W\005\033\030\005IJR@W\000VQ@U\005YY"...
read_n = <optimized out>
sync_fd = {12, 13}
out_fd = {14, 15}
fork_pid = <optimized out>
pid = 59034
eintr_count = 0
tid = <optimized out>
#3 0x00007f39251c94d0 in gimp_stack_trace_query (prog_name=0x7ffd95a3221b "/usr/local/lib/x86_64-linux-gnu/gimp/3.0/plug-ins/ifs-compose/ifs-compose") at ../libgimpbase/gimputils.c:1557
buf = "s\n", '\000' <repeats 13 times>
#4 0x00007f3925204474 in gimp_plugin_sigfatal_handler (sig_num=<optimized out>) at ../libgimp/gimp.c:1035
sigset = {__val = {0, 140727113940288, 140727113940280, 93987424394864, 93987424394864, 139883407364195, 186, 93987421918848, 93987421918848, 186, 0, 139883407758769, 93987424394864, 0, 93987421918848, 139883400456053}}
#5 0x00007f3923b7b510 in <signal handler called> () at /lib/x86_64-linux-gnu/libc.so.6
#6 0x00007f392516ec01 in g_type_check_instance_is_fundamentally_a () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#7 0x00007f392514f87d in g_object_unref () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#8 0x0000557b2679a86f in aff_element_free (elem=0x557b27292d70) at ../plug-ins/ifs-compose/ifs-compose-utils.c:819
_pp = 0x557b27292da8
_ptr = <optimized out>
#9 0x0000557b2679b90e in undo_begin () at ../plug-ins/ifs-compose/ifs-compose.c:1866
i = 0
j = 0
to_delete = 1
new_index = 0
#10 0x0000557b2679cc55 in val_changed_update () at ../plug-ins/ifs-compose/ifs-compose.c:2007
allocation = {x = 16, y = 66, width = 300, height = 184}
cur = 0x557b26ca5d30
#11 0x0000557b2679ce60 in val_changed_update () at ../plug-ins/ifs-compose/ifs-compose.c:2000
value_pair = 0x557b26fc0590
changed = 1
#12 value_pair_scale_callback_real (data=0x557b26fc0590) at ../plug-ins/ifs-compose/ifs-compose.c:2257
value_pair = 0x557b26fc0590
changed = 1
#13 0x00007f3924bd002e in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007f3924bcc0d9 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x00007f3924bcf317 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007f3924bcf930 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007f3924954b7d in g_application_run () at /lib/x86_64-linux-gnu/libgio-2.0.so.0
#18 0x0000557b2679f6d0 in ifs_run (procedure=0x557b26bb07b0, run_mode=GIMP_RUN_INTERACTIVE, image=0x557b26b880f0, n_drawables=<optimized out>, drawables=<optimized out>, config=0x557b26c10c60, run_data=0x0) at ../plug-ins/ifs-compose/ifs-compose.c:542
drawable = 0x557b26b885e0
parasite = 0x0
found_parasite = <optimized out>
#19 0x00007f392520aab2 in gimp_image_procedure_run (procedure=0x557b26bb07b0, args=0x557b26c0e2d0) at ../libgimp/gimpimageprocedure.c:180
plug_in = <optimized out>
image_proc = 0x557b26bb07b0
status = GIMP_PDB_EXECUTION_ERROR
config = 0x557b26c10c60
remaining = 0x557b26b87e90
return_values = <optimized out>
run_mode = GIMP_RUN_INTERACTIVE
image = 0x557b26b880f0
drawables = 0x557b26b886d0
n_drawables = 1
i = <optimized out>
__func__ = "gimp_image_procedure_run"
#20 0x00007f3925214028 in _gimp_procedure_run_array (procedure=procedure@entry=0x557b26bb07b0, args=args@entry=0x557b26c0e2d0) at ../libgimp/gimpprocedure.c:2111
return_vals = <optimized out>
error = 0x0
i = <optimized out>
__func__ = "_gimp_procedure_run_array"
#21 0x00007f3925210a2e in gimp_plug_in_proc_run_internal (plug_in=plug_in@entry=0x557b26bafad0, proc_run=proc_run@entry=0x557b26bb0f00, procedure=procedure@entry=0x557b26bb07b0, proc_return=proc_return@entry=0x7ffd95a30e50) at ../libgimp/gimpplugin.c:1413
arguments = 0x557b26c0e2d0
return_values = 0x0
gettext_domain = 0x557b26c0e2d0 "\004"
catalog_dir = 0x557b26c0e2f0 "\260\a\273&{U"
#22 0x00007f39252110d6 in gimp_plug_in_proc_run (proc_run=0x557b26bb0f00, plug_in=0x557b26bafad0) at ../libgimp/gimpplugin.c:1345
proc_return = {name = 0x0, n_params = 0, params = 0x0}
procedure = 0x557b26bb07b0
msg = {type = 5, data = 0x557b26bb0f00}
__func__ = "_gimp_plug_in_run"
#23 gimp_plug_in_loop (plug_in=0x557b26bafad0) at ../libgimp/gimpplugin.c:1253
msg = {type = 5, data = 0x557b26bb0f00}
__func__ = "_gimp_plug_in_run"
#24 _gimp_plug_in_run (plug_in=0x557b26bafad0) at ../libgimp/gimpplugin.c:844
__func__ = "_gimp_plug_in_run"
#25 0x00007f3925204b99 in gimp_main (plug_in_type=<optimized out>, argc=<optimized out>, argv=<optimized out>) at ../libgimp/gimp.c:530
read_channel = 0x557b26b86580
write_channel = 0x557b26b9f560
basename = <optimized out>
protocol_version = <optimized out>
__func__ = "gimp_main"
#26 0x00007f3923b666ca in __libc_start_call_main (main=main@entry=0x557b26797e60 <main>, argc=argc@entry=7, argv=argv@entry=0x7ffd95a31188) at ../sysdeps/nptl/libc_start_call_main.h:58
self = <optimized out>
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140727113945480, -6720551308903638518, 0, 140727113945544, 93987414890768, 139883413725184, 6719622944022927882, 6686026157672438282}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x7ffd95a31188}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
#27 0x00007f3923b66785 in __libc_start_main_impl (main=0x557b26797e60 <main>, argc=7, argv=0x7ffd95a31188, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd95a31178) at ../csu/libc-start.c:360
#28 0x0000557b26797eb1 in _start ()
[Inferior 1 (process 59034) detached]