After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 312392 - repeatable crash copying in some images
repeatable crash copying in some images
Status: RESOLVED FIXED
Product: GIMP
Classification: Other
Component: General
git master
Other All
: High critical
: 2.4
Assigned To: GIMP Bugs
GIMP Bugs
Depends on:
Blocks:
 
 
Reported: 2005-08-02 17:01 UTC by Akkana Peck
Modified: 2005-08-09 21:57 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
image that triggers the bug (78.79 KB, image/gif)
2005-08-02 17:03 UTC, Akkana Peck 		Details

Description Akkana Peck 2005-08-02 17:01:18 UTC 
Distribution/Version: ubuntu hoary

Run gimp on the attached image. Copy (ctrl-C).

GIMP crashes.

Here's the top of the stack:

+ Trace 62151

  • #0 mallopt
    from /lib/tls/i686/cmov/libc.so.6
  • #1 malloc
    from /lib/tls/i686/cmov/libc.so.6
  • #2 g_malloc
    from /usr/lib/libglib-2.0.so.0
  • #3 tile_alloc
    at tile-private.h line 100
  • #4 tile_lock
    at tile.c line 147
  • #5 tile_manager_get
    at tile-manager.c line 272
  • #6 pixel_region_configure
    at pixel-region.c line 530
  • #7 pixel_regions_configure
    at pixel-region.c line 512
  • #8 extract_from_region
  • #9 gimp_selection_extract
    at gimpselection.c line 744
  • #10 gimp_edit_extract
    at gimp-edit.c line 415
  • #11 gimp_edit_copy
    at gimp-edit.c line 95
  • #12 edit_copy_cmd_callback
    at edit-commands.c line 179 

I have plenty of RAM on this machine and this is the only image loaded: I'm sure
I'm not out of memory.

I've seen this on one other image, but unfortunately I've forgotten which image
it was. I don't think the other one was indexed (i.e. I don't think this is
specific to indexed images).
Comment 1 Akkana Peck 2005-08-02 17:03:45 UTC 
Created attachment 50139 [details]
image that triggers the bug
Comment 2 Akkana Peck 2005-08-02 17:14:58 UTC 
Here's what the tile looks like ("up 3" in gdb -- gdb says it's in
tile-private.h but I think it's really line 221 of tile.c):

(gdb) p *tile
$2 = {ref_count = -24768, write_count = 18, share_count = 20480, dirty = 0, 
  valid = 1, bpp = 183 '', ewidth = 26400, eheight = 47103, 
  rowhint = 0xb780d3aa "h", data = 0xb780d3ba "h\b", swap_num = -1215892544, 
  swap_offset = -5188358230366956582, tlink = 0xb786f930, next = 0xb780d40a, 
  prev = 0xb7867a77, listhead = 0xb780d42a}
Comment 3 Michael Natterer 2005-08-02 18:01:13 UTC 
That tile is memory garbage.

It crashes in extract_from_indexed_pixels() because it doesn't
expect the destination tiles to have no alpha.

This crash happens when copying / cutting a whole (no selection)
indexed drawable without alpha.
Comment 4 Michael Natterer 2005-08-09 21:57:30 UTC 
Fixed in CVS:

2005-08-09  Michael Natterer  <mitch@gimp.org>

	* app/paint-funcs/paint-funcs.[ch] (extract_from_inten_pixels)
	(extract_from_indexed_pixels): pass src_bytes and dest_bytes to
	these functions instead of just the source's bytes and whether it
	has an alpha. Honor dest_bytes when extracting instead of crashing
	by always asuming that the destination has alpha.
	Fixes bug #312392.

	(extract_from_region): removed has_alpha paramater. pass
	src->bytes and dest->bytes to above functions.

	* app/core/gimpselection.c (gimp_selection_extract): changed
	accordingly.