GNOME Bugzilla – Bug 350760
GimpDrawablePreview accesses non-existant tiles and segfaults
Last modified: 2008-01-15 14:08:04 UTC
Please describe the problem: I select one layer. Then I try to use gauss plugin. See http://img50.imageshack.us/img50/7707/gimpcv5.jpg Steps to reproduce: 1. 2. 3. Actual results: Expected results: Does this happen every time? Yes Other information:
Created attachment 70656 [details] File I was working on.
Please provide a text that explains what went wrong. You didn't even tell us where the problem is. And no, I don't want to have to look at screenshots. Our error dialogs have text that can be copied and pasted.
1. As you can see on the screenshot you don't want to look at I made solid background. 2. I added layer with black rectangle and cut some of interior 3. I selected this rectangle 4. Used gauss and voila.
voila what? Please provide a detailed description of the problem and how to reproduce it.
There are many things that you did not explain: does the plug-in crash when you start it? Do you see the plug-in dialog before it crashes? Does the preview show something in that dialog? Do you change any of the default parameters? Does it crash when you press OK? Does it crash when you press Cancel? Do you get similar problems with other plug-ins? Do you have GAIM installed on your system (bug #314529)?
does the plug-in crash when you start it? Run the file I've uploaded Do you see the plug-in dialog before it crashes? Run the file I've uploaded Does the preview show something in that dialog? Run the file I've uploaded Do you change any of the default parameters? No Does it crash when you press OK? Run the file I've uploaded Do you get similar problems with other plug-ins? I've run several plugins and only 'motion blur' works fine When I click 'shift' plugin this is what I can see http://img156.imageshack.us/img156/4024/error2dd4.jpg Do you have GAIM installed on your system ? No
Please describe *exactly* what happens for you and answer all questions above. Answering "Run the file I've uploaded" is not an appropriate answer because it does not crash for me. The gaussian blur plug-in works for me on the file that you supplied and it blurs the selected area. It emits some warnings on the console but it doesn't crash, so I cannot reproduce your problem. If you cannot come up with a better description of the problem, I'm afraid that this bug report will have to be closed as INVALID. Thanks for reporting the bug, but without a better description there is nothing that we can do about it. Also, as Sven wrote above it would be nice to provide text descriptions of the error messages instead of relying on screenshots hosted at some external site (they may disappear in a few weeks or months, making it hard to work on this bug report). We made sure that the text can be copied from these error dialogs, so please copy that text when you report a crash or some other error.
does the plug-in crash when you start it? yes Do you see the plug-in dialog before it crashes? yes Does the preview show something in that dialog? Image looks a little bit blurred Does it crash when you press OK? No, before I start to do anything
There is no need for further explanations, invoking gauss on the attached xcf crashes the plug-in right after it shows its GUI.
There's one more thing. I made similar file but everything is OK.
It's pretty obvious what happens: have a layer that's partly off-screen, make some selection, run any plug-in that uses GimpDrawablePreview -> boom! GimpDrawablePreview is using coordinates from the drawable to access selection tiles, but without checking the drawable coordinates against image bounds, so it's trying to get selection tiles that don't exist. I have a half-done patch for this, will attach after some testing.
Created attachment 70832 [details] [review] Patch fixing the bug Attached patch fixes the bug, plus fixes gezillions of leaked GimpDrawable structs. Didn't commit right away because I copied gimp_rectangle_intersect() from the core. It should probably go to some public place in libgimpbase, but I'd like to see a comment from Sven first.
Please commit the patch. We can move the function to a public place later, if we ever find a second use for it.
Moving to the 2.2 milestone as this bug seems to be in GIMP 2.2 as well.
Fixed in both branches: 2006-08-14 Michael Natterer <mitch@gimp.org> * libgimp/gimpdrawablepreview.c (gimp_drawable_preview_draw_area): draw only within the intersection of the the passed coordinates and the selection to avoid access to non-existant (out-of-image) selction tiles. Fixes bug #350760.