Segfault when rendering preview in "Gradient Flare" filter editor
Environment/Versions
- GIMP version: git master at
69e4a581b4abd11ff81f3011ebbb90d993d83650 - Operating System: Fedora 41; Wayland
Reproduction
Is the bug reproducible?
Yes.
Reproduction steps:
- Open a JPEG image file
- Go to "Filters > Light and Shadow > Gradient Flare..."
- Choose "Selector" tab
- Select an entry from the list and click the "Edit" button (repeat this a few times as this crash is not deterministic)
Expected result:
Preview on the left renders; no crash.
Actual result:
Preview on the left does not render; crash.
Additional information
This looks very much the same as #10555 (closed) which is closed as resolved so I'm afraid that ddfb4d4f wasn't a complete fix.
(gdb) run
Starting program: /home/ak/coding/gimp299install/bin/gimp-2.99
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffe62006c0 (LWP 20467)]
[New Thread 0x7fffdd8006c0 (LWP 20468)]
[New Thread 0x7fffe58006c0 (LWP 20469)]
[New Thread 0x7fffe4e006c0 (LWP 20470)]
[New Thread 0x7fffdfe006c0 (LWP 20471)]
[New Thread 0x7fffdf4006c0 (LWP 20472)]
[New Thread 0x7fffdea006c0 (LWP 20473)]
[New Thread 0x7fffdce006c0 (LWP 20474)]
[New Thread 0x7fffd7e006c0 (LWP 20475)]
[New Thread 0x7fffd74006c0 (LWP 20476)]
[New Thread 0x7fffd58006c0 (LWP 20477)]
[New Thread 0x7fffd4e006c0 (LWP 20478)]
This is a development version of GIMP. Debug messages may appear here.
[New Thread 0x7fffc8a006c0 (LWP 20479)]
[New Thread 0x7fffbfe006c0 (LWP 20480)]
[New Thread 0x7fffbf4006c0 (LWP 20481)]
[Thread 0x7fffbf4006c0 (LWP 20481) exited]
[New Thread 0x7fffbf4006c0 (LWP 20482)]
[Thread 0x7fffbf4006c0 (LWP 20482) exited]
[New Thread 0x7fffbea006c0 (LWP 20483)]
gimp_font_factory_load_names: 100 unsupported fonts were ignored. Set the GIMP_DEBUG_FONTS environment variable for a listing.
set device 'Wayland Pointer' to mode: disabled
[Detaching after vfork from child process 20484]
[Detaching after vfork from child process 20485]
[Detaching after vfork from child process 20486]
[Detaching after vfork from child process 20488]
[Detaching after vfork from child process 20491]
[Detaching after vfork from child process 20495]
[Detaching after vfork from child process 20500]
[New Thread 0x7fffbf4006c0 (LWP 20507)]
[New Thread 0x7fffb14006c0 (LWP 20510)]
[Thread 0x7fffd58006c0 (LWP 20477) exited]
[Detaching after vfork from child process 20511]
[New Thread 0x7fffd58006c0 (LWP 20524)]
jpeg-load: found Photoshop block (19 bytes) Photoshop 3.0
jpeg-load: found Exif block (83 bytes)
[Detaching after vfork from child process 20525]
[Detaching after vfork from child process 20538]
** (gradient-flare:20538): WARNING **: 21:37:38.598: calc_deinit: not initialized
[Thread 0x7fffbf4006c0 (LWP 20507) exited]
** (gradient-flare:20538): WARNING **: 21:37:41.300: calc_deinit: not initialized
** (gradient-flare:20538): WARNING **: 21:37:44.151: calc_deinit: not initialized
/home/ak/coding/gimp299install/lib64/gimp/3.0/plug-ins/gradient-flare/gradient-flare: fatal error: Segmentation fault
/home/ak/coding/gimp299install/lib64/gimp/3.0/plug-ins/gradient-flare/gradient-flare (pid:20538): [E]xit, show [S]tack trace or [P]roceed: S
warning: 26 ../sysdeps/unix/sysv/linux/read.c: No such file or directory
# Stack traces obtained from PID 20538 - Thread 20538 #
[New LWP 20551]
[New LWP 20550]
[New LWP 20548]
[New LWP 20547]
[New LWP 20546]
[New LWP 20545]
[New LWP 20544]
[New LWP 20543]
[New LWP 20542]
[New LWP 20541]
[New LWP 20540]
[New LWP 20539]
This GDB supports auto-downloading debuginfo from the following URLs:
<https://debuginfod.fedoraproject.org/>
Enable debuginfod for this session? (y or [n]) [answered N; input not from terminal]
Debuginfod has been disabled.
To make this setting permanent, add 'set debuginfod enabled off' to .gdbinit.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
0x00007ffff6a0f00a in __GI___libc_read (fd=17, buf=0x7fffffffc090, nbytes=255) at ../sysdeps/unix/sysv/linux/read.c:26
Id Target Id Frame
* 1 Thread 0x7ffff5238340 (LWP 20538) "gradient-flare" 0x00007ffff6a0f00a in __GI___libc_read (fd=17, buf=0x7fffffffc090, nbytes=255) at ../sysdeps/unix/sysv/linux/read.c:26
2 Thread 0x7fffc64006c0 (LWP 20551) "gradient-flare" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
3 Thread 0x7fffc6e006c0 (LWP 20550) "dconf worker" 0x00007ffff6a0ef70 in __GI_ppoll (fds=fds@entry=0x7fff5c000b90, nfds=nfds@entry=1, timeout=<optimized out>, timeout@entry=0x0, sigmask=sigmask@entry=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:42
4 Thread 0x7fffdd6006c0 (LWP 20548) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
5 Thread 0x7fffde0006c0 (LWP 20547) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
6 Thread 0x7fffdea006c0 (LWP 20546) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
7 Thread 0x7fffdf4006c0 (LWP 20545) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
8 Thread 0x7fffdfe006c0 (LWP 20544) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
9 Thread 0x7fffe4a006c0 (LWP 20543) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
10 Thread 0x7fffe54006c0 (LWP 20542) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
11 Thread 0x7fffe5e006c0 (LWP 20541) "gdbus" 0x00007ffff6a0ef70 in __GI_ppoll (fds=fds@entry=0x7fffd4000b90, nfds=nfds@entry=3, timeout=<optimized out>, timeout@entry=0x0, sigmask=sigmask@entry=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:42
12 Thread 0x7fffe68006c0 (LWP 20540) "gmain" 0x00007ffff6a0ef70 in __GI_ppoll (fds=fds@entry=0x469f40, nfds=nfds@entry=2, timeout=<optimized out>, timeout@entry=0x0, sigmask=sigmask@entry=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:42
13 Thread 0x7fffe72006c0 (LWP 20539) "pool-spawner" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#0 0x00007ffff6a0f00a in __GI___libc_read (fd=17, buf=0x7fffffffc090, nbytes=255) at ../sysdeps/unix/sysv/linux/read.c:26
sc_ret = -512
sc_cancel_oldtype = 0
sc_ret = <optimized out>
sc_ret = <optimized out>
__arg2 = <optimized out>
_a3 = <optimized out>
_a1 = <optimized out>
resultvar = <optimized out>
__arg3 = <optimized out>
__arg1 = <optimized out>
_a2 = <optimized out>
#1 __GI___libc_read (fd=17, buf=0x7fffffffc090, nbytes=255) at ../sysdeps/unix/sysv/linux/read.c:24
#2 0x00007ffff7ec247f in gimp_stack_trace_print (prog_name=0x7fffffffd88f "/home/ak/coding/gimp299install/lib64/gimp/3.0/plug-ins/gradient-flare/gradient-flare", stream=0x7ffff6b115c0 <_IO_2_1_stdout_>, trace=0x0) at ../libgimpbase/gimputils.c:1394
status = 8592
stack_printed = 0
gtrace = 0x0
gimp_pid = "20538\000\000\000b\034\231\366\377\177\000"
buffer = '\000' <repeats 56 times>, "ͦ\371f\000\000\000\000e]\374\a", '\000' <repeats 28 times>, "flare/gr\000\361\a8@\232eFlare (pi\340\b\261\366\377\177\000\000\320\357\260\366\377\177\000\000\a\000\000\000\000\000\000\000P\301\377\377\377\177\000\000\036\360\240\366\377\177", '\000' <repeats 11 times>, "\004\000\000\000\000\000\000pS\000\001\000\000\000\000\002\000\000\000\000\000\000\000\220\301\377\377\377\177\000\000\023"...
read_n = 140737330557526
sync_fd = {15, 16}
out_fd = {17, 18}
fork_pid = 20555
pid = 20538
eintr_count = 0
tid = 20538
#3 0x00007ffff7ec29e1 in gimp_stack_trace_query (prog_name=0x7fffffffd88f "/home/ak/coding/gimp299install/lib64/gimp/3.0/plug-ins/gradient-flare/gradient-flare") at ../libgimpbase/gimputils.c:1565
buf = "S\n\000\000\000\000\000\000\000\361\a8@\232eF"
eof = 0
#4 0x00007ffff7ef531f in gimp_plugin_sigfatal_handler (sig_num=11) at ../libgimp/gimp.c:1029
sigset = {__val = {0, 4599605760551469986, 140737488339696, 140737346955082, 0, 0, 8589934594, 6529248, 140737488339760, 140737346955140, 4600103985876295979, 1587772002, 8589934592, 6529248, 4600226434485540079, 10807904}}
#5 0x00007ffff6941dc0 in <signal handler called> () at /lib64/libc.so.6
#6 0x00000000004058e7 in calc_get_gradient (pix=0x7fffffffca24 "", gradient=0x21c <error: Cannot access memory at address 0x21c>, pos=135.3024399424321) at ../plug-ins/gradient-flare/gradient-flare.c:2157
ipos = 135
frac = 0.30243994243210182
i = 0
#7 0x0000000000405b0b in calc_glow_pix (dest_pix=0x7fffffffca94 "", x=-128, y=-125) at ../plug-ins/gradient-flare/gradient-flare.c:2197
radius = 1.3977390015329221
angle = 0.37688712432073684
angular_size = 5.247728138615717e-317
radial_pix = "\000\000\000"
angular_pix = "\177\300@"
size_pix = "\000\000\000"
i = 32767
#8 0x0000000000406270 in calc_gflare_pix (dest_pix=0x7fffffffcae0 "o\215\277\377o\215\277\377 \022a", x=0, y=3, src_pix=0x7fffffffcae4 "o\215\277\377 \022a") at ../plug-ins/gradient-flare/gradient-flare.c:2339
gflare = 0xf87fb0
glow_pix = "\000\000\000"
rays_pix = "\360\000j"
tmp_pix = "o\215\277\377"
#9 0x00000000004077db in dlg_preview_render_func (preview=0x61fd80, dest=0x61bab0 "o\215\277m\213\275l\212\274l\212\274m\213\275m\213\275l\212\274m\213\275m\213\275m\213\275m\213\275m\213\275m\213\275m\213\275n\214\300n\214\300n\214\300n\214\300n\214\300n\214\300n\214\300o\215\301o\215\301n\214\300n\214\300n\214\300n\214\300n\214\300p\216\300o\215\277o\215\277o\215\277p\216\300q\217\301q\217\301o\215\277p\216\300p\216\300p\216\300o\215\277o\215\277q\217\301q\217\301q\217\301q\217\301q\217\301q\217\301q\217\301p\216\300q\217\301q\217\301r\220\302r\220\302r\220\302r\220\302q\217\301q\217\301q\217\301q\217\301r\220\302r\220\302r\220\302r\220\302r\220\302q\217\301q\217\301r\220"..., y=3, data=0x6a00f0) at ../plug-ins/gradient-flare/gradient-flare.c:2856
src_buffer = 0x6a00f0 [GeglBuffer]
width = 300
height = 300
x = 0
dx = 0
dy = 3
src_row = 0x611220 "o\215\277m\213\275l\212\274l\212\274m\213\275m\213\275m\213\275l\212\274m\213\275m\213\275m\213\275m\213\275m\213\275m\213\275m\213\275m\213\275n\214\300n\214\300n\214\300n\214\300n\214\300n\214\300n\214\300n\214\300p\216\302p\216\302p\216\302p\216\302p\216\302p\216\302p\216\302p\216\302o\215\277o\215\277n\214\276n\214\276n\214\276o\215\277p\216\300p\216\300q\217\301q\217\301q\217\301q\217\301q\217\301q\217\301p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300q\217\301q\217\301q\217\301r\220\302r\220\302r\220\302r\220\302r\220\302r\220\302r\220"...
src = 0x611220 "o\215\277m\213\275l\212\274l\212\274m\213\275m\213\275m\213\275l\212\274m\213\275m\213\275m\213\275m\213\275m\213\275m\213\275m\213\275m\213\275n\214\300n\214\300n\214\300n\214\300n\214\300n\214\300n\214\300n\214\300p\216\302p\216\302p\216\302p\216\302p\216\302p\216\302p\216\302p\216\302o\215\277o\215\277n\214\276n\214\276n\214\276o\215\277p\216\300p\216\300q\217\301q\217\301q\217\301q\217\301q\217\301q\217\301p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300p\216\300q\217\301q\217\301q\217\301r\220\302r\220\302r\220\302r\220\302r\220\302r\220\302r\220"...
src_pix = "o\215\277\377"
dest_pix = "o\215\277\377"
b = 3
#10 0x000000000040c11c in preview_handle_idle (preview=0x61fd80) at ../plug-ins/gradient-flare/gradient-flare.c:4431
done = 0
#11 0x00007ffff7a3cadd in g_idle_dispatch (source=0xa21250, callback=0x40c07f <preview_handle_idle>, user_data=0x61fd80) at ../glib/gmain.c:6243
idle_source = 0xa21250
again = <optimized out>
#12 0x00007ffff7a3628c in g_main_dispatch (context=0x45d340) at ../glib/gmain.c:3357
dispatch = 0x7ffff7a3cab0 <g_idle_dispatch>
prev_source = 0x0
begin_time_nsec = 2247659931028
was_in_call = 0
user_data = 0x61fd80
callback = 0x40c07f <preview_handle_idle>
cb_funcs = 0x7ffff7b43280 <g_source_callback_funcs>
cb_data = 0xd995c0
need_destroy = <optimized out>
source = 0xa21250
current = 0x47aaa0
i = 0
__func__ = {<optimized out> <repeats 16 times>}
#13 g_main_context_dispatch_unlocked (context=0x45d340) at ../glib/gmain.c:4208
#14 0x00007ffff7a967f8 in g_main_context_iterate_unlocked.isra.0 (context=0x45d340, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4273
max_priority = 200
timeout_usec = 0
some_ready = 1
nfds = <optimized out>
allocated_nfds = <optimized out>
fds = 0x946360
begin_time_nsec = 2247659925142
#15 0x00007ffff7a3c377 in g_main_loop_run (loop=0x951ad0) at ../glib/gmain.c:4475
self = <optimized out>
__func__ = "g_main_loop_run"
#16 0x00007ffff7c1ff74 in gimp_dialog_run (dialog=0x73d750 [GimpProcedureDialog]) at ../libgimpwidgets/gimpdialog.c:696
ri = {dialog = 0x0, response_id = -1, loop = 0x951ad0, destroyed = 0}
response_handler = 1174
unmap_handler = 1175
destroy_handler = 1177
delete_handler = 1176
__func__ = "gimp_dialog_run"
#17 0x0000000000406d5f in dlg_run (procedure=0x4b9270 [GimpImageProcedure], config=0x4bd090 [GimpProcedureConfigRun-plug-in-gflare]) at ../plug-ins/gradient-flare/gradient-flare.c:2579
src_buffer = 0x6a00f0 [GeglBuffer]
shell = 0x73d750 [GimpProcedureDialog]
hbox = 0x6c3340 [GtkBox]
vbox = 0x6c2f90 [GtkBox]
frame = 0x797f10 [GtkFrame]
button = 0x710450 [GtkCheckButton]
notebook = 0x79dc40 [GtkNotebook]
run = 0
gflare_name = 0x6da160 "\030"
__func__ = "dlg_run"
#18 0x0000000000402c04 in gflare_run (procedure=0x4b9270 [GimpImageProcedure], run_mode=GIMP_RUN_INTERACTIVE, _image=0x4bacb0 [GimpImage], n_drawables=1, drawables=0x4bcf30, config=0x4bd090 [GimpProcedureConfigRun-plug-in-gflare], run_data=0x0) at ../plug-ins/gradient-flare/gradient-flare.c:1001
path = 0x54c250 ""
#19 0x00007ffff7efedfe in gimp_image_procedure_run (procedure=0x4b9270 [GimpImageProcedure], args=0x4bcef0) at ../libgimp/gimpimageprocedure.c:180
plug_in = 0x7ffff7ffd000
image_proc = 0x4b9270 [GimpImageProcedure]
status = GIMP_PDB_EXECUTION_ERROR
config = 0x4bd090 [GimpProcedureConfigRun-plug-in-gflare]
remaining = 0x4bcf10
return_values = 0x7fffffffcf30
run_mode = GIMP_RUN_INTERACTIVE
image = 0x4bacb0 [GimpImage]
drawables = 0x4bcf30
n_drawables = 1
i = 15
__func__ = "gimp_image_procedure_run"
#20 0x00007ffff7f0cbe9 in _gimp_procedure_run_array (procedure=0x4b9270 [GimpImageProcedure], args=0x4ba7f0) at ../libgimp/gimpprocedure.c:2142
config = 0x0
config_class = 0x0
complete = 0x4bcef0
priv = 0x4b91b0
return_vals = 0x44cb20
error = 0x0
i = 15
__func__ = "_gimp_procedure_run_array"
#21 0x00007ffff7f0753f in gimp_plug_in_proc_run (proc_run=0x45e2e0, procedure=0x4b9270 [GimpImageProcedure], proc_return=0x7fffffffd060) at ../libgimp/gimpplugin.c:1503
arguments = 0x4ba7f0
return_values = 0x0
#22 0x00007ffff7f07660 in gimp_plug_in_proc_run_internal (plug_in=0x45ce80 [Gflare], proc_run=0x45e2e0, procedure=0x4b9270 [GimpImageProcedure], proc_return=0x7fffffffd060) at ../libgimp/gimpplugin.c:1543
gettext_domain = 0x4ba790 "p\222K"
catalog_dir = 0x4ba7b0 "Vector length for second flares (percentage of Radius)"
#23 0x00007ffff7f073ec in gimp_plug_in_main_proc_run (plug_in=0x45ce80 [Gflare], proc_run=0x45e2e0) at ../libgimp/gimpplugin.c:1447
priv = 0x45c9f0
proc_return = {name = 0x7fffffffd090 "\320\320\377\377\377\177", n_params = 0, params = 0x7fffffffd0b0}
procedure = 0x4b9270 [GimpImageProcedure]
#24 0x00007ffff7f070f3 in gimp_plug_in_loop (plug_in=0x45ce80 [Gflare]) at ../libgimp/gimpplugin.c:1350
msg = {type = 5, data = 0x45e2e0}
priv = 0x45c9f0
#25 0x00007ffff7f0616b in _gimp_plug_in_run (plug_in=0x45ce80 [Gflare]) at ../libgimp/gimpplugin.c:909
priv = 0x45c9f0
__func__ = "_gimp_plug_in_run"
#26 0x00007ffff7ef4f7c in gimp_main (plug_in_type=0x445b80 [Gflare/GimpPlugIn], argc=7, argv=0x7fffffffd478) at ../libgimp/gimp.c:522
read_channel = 0x433350
write_channel = 0x43ecf0
basename = 0x445b20 "\001"
protocol_version = 275
__func__ = "gimp_main"
#27 0x000000000040247a in main (argc=7, argv=0x7fffffffd478) at ../plug-ins/gradient-flare/gradient-flare.c:679
[Inferior 1 (process 20538) detached]