Package: gimp
Severity: grave

Platform: sparc-sun-solaris2.8
  SunOS piper 5.8 Generic sun4u sparc SUNW,Ultra-4


Running <Toolbox>/File/Acquire/Screenshot results in:

/local/scratch-2/and1000/gimp/install/lib/gimp/1.1/plug-ins/screenshot: fatal error: Bus Error
/local/scratch-2/and1000/gimp/install/lib/gimp/1.1/plug-ins/screenshot (pid:27866): [E]xit, [H]alt, show [S]tack trace or [P]roceed: s
#1:
#2:
#3:
#4:

+ Trace 3253

If I then kill the plugin, the main gimp process continues with the
correct screenshot info in the newly created image, so it really seems
to be a problem with the exit code making a non-aligned access.
People on Intel won't notice this, since non-aligned accesses aren't
fatal, they're just bad for performance.

Built using gcc 2.8.1, and Sun's make.

Connected to a remote XFree86 server:

name of display:    :0.0
version number:    11.0
vendor string:    The XFree86 Project, Inc
vendor release number:    4001
maximum request size:  4194300 bytes
motion buffer size:  256
bitmap unit, bit order, padding:    32, LSBFirst, 32
image byte order:    LSBFirst
number of supported pixmap formats:    6
supported pixmap formats:
    depth 1, bits_per_pixel 1, scanline_pad 32
    depth 4, bits_per_pixel 8, scanline_pad 32
    depth 8, bits_per_pixel 8, scanline_pad 32
    depth 15, bits_per_pixel 16, scanline_pad 32
    depth 16, bits_per_pixel 16, scanline_pad 32
    depth 24, bits_per_pixel 32, scanline_pad 32
keycode range:    minimum 8, maximum 134
focus:  window 0x180000e, revert to Parent
number of extensions:    29
    BIG-REQUESTS
    DOUBLE-BUFFER
    DPMS
    Extended-Visual-Information
    FontCache
    GLX
    LBX
    MIT-SCREEN-SAVER
    MIT-SHM
    MIT-SUNDRY-NONSTANDARD
    RECORD
    SECURITY
    SGI-GLX
    SHAPE
    SYNC
    TOG-CUP
    X3D-PEX
    XC-APPGROUP
    XC-MISC
    XFree86-Bigfont
    XFree86-DGA
    XFree86-DRI
    XFree86-Misc
    XFree86-VidModeExtension
    XIE
    XInputExtension
    XKEYBOARD
    XTEST
    XVideo
default screen number:    0
number of screens:    1

screen #0:
  dimensions:    1600x1200 pixels (402x302 millimeters)
  resolution:    101x101 dots per inch
  depths (1):    16
  root window id:    0x2b
  depth of root window:    16 planes
  number of colormaps:    minimum 1, maximum 1
  default colormap:    0x21
  default number of colormap cells:    64
  preallocated pixels:    black 0, white 65535
  options:    backing-store NO, save-unders NO
  largest cursor:    64x64
  current input event mask:    0x50003d
    KeyPressMask             ButtonPressMask          ButtonReleaseMask        
    EnterWindowMask          LeaveWindowMask          SubstructureRedirectMask 
    PropertyChangeMask       
  number of visuals:    4
  default visual id:  0x24
  visual:
    visual id:    0x24
    class:    TrueColor
    depth:    16 planes
    available colormap entries:    64 per subfield
    red, green, blue masks:    0xf800, 0x7e0, 0x1f
    significant bits in color specification:    6 bits
  visual:
    visual id:    0x25
    class:    TrueColor
    depth:    16 planes
    available colormap entries:    64 per subfield
    red, green, blue masks:    0xf800, 0x7e0, 0x1f
    significant bits in color specification:    6 bits
  visual:
    visual id:    0x26
    class:    DirectColor
    depth:    16 planes
    available colormap entries:    64 per subfield
    red, green, blue masks:    0xf800, 0x7e0, 0x1f
    significant bits in color specification:    6 bits
  visual:
    visual id:    0x27
    class:    DirectColor
    depth:    16 planes
    available colormap entries:    64 per subfield
    red, green, blue masks:    0xf800, 0x7e0, 0x1f
    significant bits in color specification:    6 bits




------- Additional Comments From austin@gimp.org 2000-10-12 12:54:02 ----

Subject: Re: screenshot plugin on Solaris takes bus error on exit
From: Austin Donnelly <austin@gimp.org>
To: 27786@bugs.gnome.org
Message-Id: <14821.60586.289016.751891@hornet.cl.cam.ac.uk>
Date: Thu, 12 Oct 2000 17:54:02 +0100

Further investigation shows that this only happens because of the:

  params = gimp_run_procedure ("file_xwd_load",
			       &retvals,
			       GIMP_PDB_INT32, 1,
			       GIMP_PDB_STRING, tmpname,
			       GIMP_PDB_STRING, tmpname,
			       GIMP_PDB_END);

call in the screenshot.c plugin.  If deliberately return before
this statement, the screenshot plugin exits cleanly.

This looks very similar to the bugs we were seeing where (perl)
scripts that call other scripts get confused layer stacks.

In which case, it's likely this bug affects Intel too, but we're being
lucky for the time being.

My current best guess is non-reentrant code in the plugin handling
libraries.

Austin




------- Additional Comments From quinet@gamers.org 2000-11-07 04:52:05 ----

Subject: Re: screenshot plugin on Solaris takes bus error on exit (#27786)
From: quinet@gamers.org (Raphael Quinet)
To: 27786@bugs.gnome.org
Message-Id: <200011070952.KAA19139@chapelle.eed.ericsson.se>
Date: Tue, 7 Nov 2000 10:52:05 +0100 (MET)

I get a different problem under Solaris 2.6 (gimp-1.1.29): the
screenshot plug-in does not crash, but it reports the error
"screenshot: xwd didn't work".  But xwd does work, and it saves the
file in ~/.gimp-1.1/tmp as expected.  This file is not deleted when
the screenshot plug-in exits and it can be loaded by the xwd plug-in
without any problems.

I investigated this problem a bit, and came to two conclusions:
* The code in screenshot.c is not safe.  It should check the return
  value of waitpid() and it should also delete the temporary file
  before exiting.
* It looks like waitpid() is broken under Solaris 2.6 or something
  strange happens in recent versions of the Gimp.  The waitpid() call
  blocks until the child exits, and then returns -1 and sets errno to
  10 (ECHILD).  I do not understand why this happens, but I get the
  same strange behaviour if I replace waitpid() by wait3() or wait4().
  I suspect a problem with a SIGCHLD handler stealing the return code
  of the child before waitpid() has a chance to get it.

The first problem can be solved by applying the following patch to
the code in plug-ins/common/screenshot.c:

========== snip ==========
--- screenshot.c.orig	Mon Oct 30 02:33:57 2000
+++ screenshot.c	Tue Nov  7 10:45:22 2000
@@ -240,6 +240,7 @@
   gchar     *xwdargv[7];    /*  need a maximum of 7 arguments to xwd  */
   gdouble    xres, yres;
   gint       pid;
+  gint       wret;
   gint       status;
   gint       i = 0;
 
@@ -288,10 +289,14 @@
     }
 #endif
     {
-      waitpid (pid, &status, 0);
+      status = -1;
+      wret = waitpid (pid, &status, 0);
 	      
-      if (!WIFEXITED (status))
+      if ((wret < 0) || !WIFEXITED (status))
 	{
+	  /*  the tmpfile may have been created even if xwd failed  */
+	  unlink (tmpname);
+	  g_free (tmpname);
 	  g_message ("screenshot: xwd didn't work\n");
 	  return;
 	}
========== snip ==========

I don't know if the second problem is specific to Solaris or not.
Maybe it is related to #27786, maybe not.  I haven't checked if any
signal handlers are active when the plug-in is called, but this could
explain the strange effects that I see.

-Raphael
<quinet@gamers.org>




------- Additional Comments From quinet@gamers.org 2000-11-15 08:48:48 ----

Subject: Re: screenshot plugin on Solaris takes bus error on exit (#27786)
From: quinet@gamers.org (Raphael Quinet)
To: 27786@bugs.gnome.org
Message-Id: <200011151348.OAA12410@chapelle.eed.ericsson.se>
Date: Wed, 15 Nov 2000 14:48:48 +0100 (MET)

The two problems described in my previous message (related to
waitpid()) have been fixed in CVS and should be included in 1.1.30 or
1.2.0.  But these problems were different from the "bus error"
described in the original bug report.

Can anyone confirm that the bug is still present under Solaris?  I
haven't been able to reproduce this crash under Solaris 2.6, but I
suppose that the bug is still there.

-Raphael




------- Bug moved to this database by debbugs-export@bugzilla.gnome.org 2001-01-28 11:02 -------
This bug was previously known as bug 27786 at http://bugs.gnome.org/
http://bugs.gnome.org/show_bug.cgi?id=27786
Originally filed under the gimp product and general component.

The original reporter (austin@gimp.org) of this bug does not have an account here.
Reassigning to the exporter, debbugs-export@bugzilla.gnome.org.
Reassigning to the default owner of the component, egger@suse.de.