Moving floating canvas when copy-pasting makes GIMP 2.8.16 crash
Submitted by Nils Philippsen
Link to original bug (#766181)
Description
This bug was filed against the Fedora 22 package of GIMP 2.8.16, I'm filing it because the tile code is largely mysterious to me ;):
https://bugzilla.redhat.com/show_bug.cgi?id=1332207 Description of problem: I was using gimp doing a big copy-paste between 2 files (BMP 3480x1680 pixels RVB) and moving the floating canvas to align pictures lead to this SEGV
Version-Release number of selected component:
gimp-2.8.16-1.fc22
Additional info:
reporter: libreport-2.6.4
backtrace_rating: 4
cmdline: gimp-2.8 /home/teddy/brscan/brscan_2016-05-02-15-12-02.pnm
crash_function: tile_idle_preswap_run
executable: /usr/bin/gimp-2.8
global_pid: 5966
kernel: 4.4.6-201.fc22.x86_64
runlevel: N 5
type: CCpp
uid: 1000
Truncated backtrace:
Thread no. 1 (2 frames)
#0 tile_idle_preswap_run at tile-cache.c:379
#6 app_run at app.c:263There are backtraces and various other automatically collected data on the original bug report which I won't copy here wholesale, unless you request it ;).
Here's the affected code:
app/base/tile-cache.c: 379
while (tile)
{
if (PENDING_WRITE (tile)) <-- SIGSEGV
{
idle_scan_last = tile->next;"tile" is not NULL, and PENDING_WRITE() accesses its dirty and swap_offset members, so it seems like a previously freed tile object is used.
Version: 2.8.16