GNOME Bugzilla – Bug 544939
PSD Plugin crash (maybe only PSD files created by Paintshop Pro)
Last modified: 2008-10-08 06:46:46 UTC
If I try to open certain PSD files the PSD plugin crashes. I know all those files are created by Paintshop Pro 8. But I myself don't have this application. So I could not do any further tests. But if I open such a file, the psd plugin crashes. Afterwards I open another file (a file without problems) and close this file immediately the layer dialog contains now some of the layers of the file which caused the crash previously. If I click on such layers the image window remains empty though. Here is the stack trace
+ Trace 203894
I attach a file within the next comment because I don't how to do this directly here.
Created attachment 115364 [details] PSD which causes crash
I forgot to say my OS is Ubuntu 8.04.
I can confirm the crash with this file.
Program received signal SIGSEGV, Segmentation fault. 0x0804c57d in add_layers (image_id=1, img_a=0xbfb00e24, lyr_a=0x9084d98, f=0x9083c38, error=0xbfb00f14) at psd-load.c:1218 1218 pixels[(i * layer_channels) + cidx] = lyr_chn[channel_idx[cidx]]->data[i]; (gdb) bt
+ Trace 203930
(gdb) info locals comp_mode = 26 alpha_chn = 0 user_mask_chn = 65535 layer_channels = <value optimized out> channel_idx = {1, 2, 3, 0, 50408, 46972, 62296, 2312, 62332, 2312, 3400, 49072, 38230, 46965, 62296, 2312, 1, 0, 3416, 49072, 38230, 46965, 42788, 47060, 1, 0, 3432, 49072, 63389, 47059, 62296, 2312, 1, 0, 3464, 49072, 50552, 47064, 1, 0, 64, 0, 3464, 49072, 33572, 47062, 62296, 2312, 1, 0, 1, 0, 50552, 47064, 1, 0} l_x = 0 l_y = 712 l_w = 781 l_h = 312 lm_x = -1078981368 lm_y = -1210800348 lm_w = -1210800348 lm_h = -1078981308 layer_size = 243672 layer_id = 5 mask_id = <value optimized out> lidx = 4 cidx = 0 rowi = 151581528 coli = <value optimized out> i = 0 alpha = <value optimized out> user_mask = 0 empty = 0 empty_mask = 1 drawable = <value optimized out> pixel_rgn = {data = 0x0, drawable = 0x908f840, bpp = 4, rowstride = 0, x = 0, y = 0, w = 1028, h = 1023, dirty = 1, shadow = 0, process_count = 1} image_type = GIMP_RGBA_IMAGE layer_mode = <value optimized out>
Created attachment 115378 [details] debug output (plug-in compiled with PSD_DEBUG 3)
Adding John Marshall to Cc: in the hope that he can help us to debug and fix this problem.
Opens without problems in GIMP 2.4.6, so it's a problem in the new plug-in in 2.5.
The new psd-loader fails to read the compression method used for the first channel of the fifth layer. This commit makes the psd-loader handle these situations better: 2008-09-06 Martin Nordholts <martinn@svn.gnome.org> * plug-ins/file-psd/psd-load.c (add_layers): Also consider unknown compression methods unsupported. This gives an error message instead of a crash for bug #544939. The PSD loader still fails to read the correct compression method however.
Created attachment 118160 [details] [review] psd-emtpy-layer-load-fix-2008-09-06.patch I found two problems in the code. (The first problem doesn't manifest itself any longer due to a new code path but I fixed that anyway.) 1. The condition in the if-statement if (lyr_a[lidx]->chn_info[cidx].data_len - 2 > 0) should obviously evaluate to FALSE if data_len is 0. But data_len is an unsigned integer, so an underflow occurs and the expression evaluates to TRUE. 2. The new PSD loader attempts to load channel data for empty layers which results in garbage, contrary to the PSD loader in 2.4 which simply skipped reading channel data for empty layers. The patch brings back the 2.4 loader behavior and in turn makes the file load again.
Actually we *can* attempt to read channel data even for empty layers as long as we make sure that there is any data to read. The patch that used that approach looked clean enough for commiting, so I did that to trunk rev 26888: 2008-09-06 Martin Nordholts <martinn@svn.gnome.org> Bug 544939 – PSD Plugin crash (maybe only PSD files created by Paintshop Pro) * plug-ins/file-psd/psd-load.c (add_layers): Fix integer underflow and only attempt to read channel data if there is any channel data.