GNOME Bugzilla – Bug 555777
Export to MNG animation fails
Last modified: 2017-06-07 19:34:32 UTC
Steps to reproduce: 1. Save file as mng (I hope I can attach 4mb) 2. Choose "Save as animation" 3. Click on "Export" 4. Use default options 5. Click on "Save" 6. Crash =) Stack trace: As this is Windows the instructions for installing the debugging symbols didn´t fit. I also couldn´t figure out where to get Bug Buddy. If there´s anything I can do, please tell me. Other information: After the windows error dialogs shows up, a GIMP error dialog shows up: GIMP Message Plug-in crashed: "file-mng.exe" (C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-mng.exe) The dying plug-in may have messed up GIMP's internal state. You may want to save your images and restart GIMP to be on the safe side. GIMP Message Saving 'C:\1temp\anim.mng' failed: Procedure 'file-mng-save' returned no return values
Created attachment 120331 [details] File that causes the plugin to crash reduced to only two layers, error still shows up
Hi and thanks for the bug report! I'm not able to reproduce this on Linux.
Works fine here as well. Could be a problem with the version of libmng bundled with the installer.
I and one of my buddies can confirm that bug. We both use Gimp PL 2.6.4 for Windows and we get such error while trying to save animation (or static image) to mng format. Crash occur after specifing export parameters and clicking 'Save' button, just like Lars Monsees mentioned. It sometimes gives me that error: 'GLib-ERROR **:gmem.c:136: failed to allocate 1615249527 bytes, aborting...' and crash.
Confirmed with 32bit Windows version. I'll look into it.
I also have the same problem under Windows. I would like to save a paletted (2 unique colors) image with 2 layers in MNG, but it crash when saving.
Created attachment 128287 [details] Save it as MNG crash GIMP
IIRC there has never been any version of libmng that has been usable on Windows.
Created attachment 138800 [details] [review] proposed patch When saving the file attached to comment #7 on linux, valgrind reports a number of invalid read, though the operation is completed successfully. Looking at the code of libmng-1.0.10 it is evident that 'mng_putchunk_plte' and 'mng_putchunk_trns' both copy the array passed in as if it was full size even when it is only partly used. The attached patch wraps their calls passing the arrays dimensioned correctly. In function 'respin_cmap': when 'find_unused_ia_colour' returns as an index suitable for transparency the number of colors in the colormap, the following loop accesses three values beyond the end of the array 'before'. Finally there's a typo in a call to mng_putchunk_text. The attached patch is against file 'plug-ins/common/file-mng.c' of release 2.6.6.
You are working faster than we apply patches, we'll never get GIMP 2.6.7 out! :)
Applied to both branches and pushed. Thanks for the fix. commit e0f21468d4f6d887a8f0f26baee6da59abe59618 Author: Massimo Valentini <sixtysix@inwind.it> Date: Mon Jul 20 22:55:43 2009 +0200 Bug 555777 – Export to MNG animation fails 'mng_putchunk_plte' and 'mng_putchunk_trns' both copy the array passed in as if it was full size even when it is only partly used. This commit wraps their calls passing the arrays dimensioned correctly. In function 'respin_cmap', when 'find_unused_ia_colour' returns an index suitable for transparency the number of colors in the colormap, the following loop used to access three values beyond the end of the array 'before'. Finally fix a typo in a call to mng_putchunk_text(). plug-ins/common/file-mng.c | 61 +++++++++++++++++++++++++++++++++---------- 1 files changed, 47 insertions(+), 14 deletions(-)
Crash occurs again with version 2.6.9 on Windows XP SP3. I tested with the image from comment 7.
Larsen, can you reproduce this with 2.6.11?
Still crashes with 2.6.11. Tested with images from comment 1 and comment 7
I tried at work, and I also get a crash, but it is not a normal crash. Before the normal crash dialog box, I get Data Execution Prevention To help protect your computer, Windows has closed this program Name: file-mng Looking at the stack with DrMinGW, it looks corrupt. Do you get the same kind of crash as me?
No, I don´t get a DEP error message. As I have MS Visual Studio installed, I get a message about an unhandled exception in file-mng.exe.
*** Bug 604972 has been marked as a duplicate of this bug. ***
Please try GIMP 2.7.4 and report back, we won't fix 2.6 bugs any longer.
That's working as expected for me with GIMP 2.7.4 under Windows :) So it doesn't crash anymore with my test case. Thanks and good job !
Thanks for checking -> FIXED :)
Still crashing for me with the example attachment: "plug-in 'file-mng.exe' aborted before sending its procedure return values" GIMP 2.7.4 Windows XP SP3 Installer from gimp-win.sf.net
I tried to export to MNG with file from comment #1 and it works too under Windows 7 x64 using GIMP 2.7.4 from http://freefr.dl.sourceforge.net/project/gimp-win/GIMP%20%2B%20GTK%2B%20(development%20rel.)/GIMP%202.7.4/gimp-2.7.4-setup.exe It seems like this package provides both x86 and x64 builds and the version I tested is the x64 version.
It crashes for me on 32 bit Windows XP with 2.7.4.
2.6 -> 2.8
Still crashes with Gimp 2.8.2 and Windows Vista 32 bit with error in description
Update bug status Windows Version: 8.1 x64 up-to-date GIMP Version: 2.8.14-x64 current Commands: File > Export as > MNG (default options) Result: correct file creation, no crashes Status: can't not reproduce
No crash with GIMP 2.8.8, Windows 7 64-bit. Would be interesting to see if this also applies to 32-bit Windows.
I have tested this on win 10 with 64bit also. Can't reproduce.
Using a test image for windows 7 I can reproduce this on 32bit. This seems however just related to 32bit.
Has anyone tested with GIMP master (2.9.x) on Windows 32 bit?
Elevating to blocker for a 2.8.22 installer package.
We solved this for the 64-bit versions of GIMP 2.8.22, but couldn't find why the 32-bit versions kept crashing. So for now, 32-bit GIMP releases ship without MNG support.
Created attachment 353134 [details] [review] Patch to fix MNG plug-in crash due to corrupted stack on 32-bit Windows file-mng.exe on 32-bit GIMP 2.8.22 crashes due to a corrupted stack. Disassembly shows that the calling conventions of the callbacks and imported functions in file-mng.exe and libmng-1.dll don't match. Same goes for my recent build of master. The cause: for some reason, libmng's function definitions use stdcall, but only on Windows platform (see https://github.com/LuaDist/libmng/blob/master/libmng_types.h#L242-L243), while file-mng assumes default calling convention. Windows x64 ABI calling conventions are equivalent, so no stack corruption occurs on 64-bit. This patch may be all that's needed to get MNG working in the official installer, which IIRC is cross-compiled from Linux. However, due to other issues with stdcall in libmng's exports, a native build can't even find libmng, so some modification to configure.ac is needed. Once GIMP was successfully compiled with the present patch, the plug-in worked; the MNG files exported from the xcf files attached to this report look good in an image viewer. I tested this on the latest gimp-2-8 and master (both built with mingw64_i686). On IRC mitch asked that this be patched against master; gimp-2-8 looks similar enough for this to cherry-pick easily.
Thanks, pushed to master and gimp-2-8: commit c486cb3c36ad91d25c9b71354337644bb3f24ef8 Author: Edward E <develinthedetail@gmail.com> Date: Sun Jun 4 00:09:27 2017 -0500 Bug 555777 - Export to MNG animation fails Fix calling convention for libmng functions in file-mng plug-in. (cherry picked from commit d2de5a0c30cc172d9a788401b61ee01914966445) configure.ac | 3 +++ plug-ins/common/file-mng.c | 28 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 14 deletions(-)
Thanks everybody for fixing this! =)