After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 555777 - Export to MNG animation fails
Export to MNG animation fails
Status: RESOLVED FIXED
Product: GIMP
Classification: Other
Component: Plugins
2.6.1
Other Windows
: Normal normal
: 2.8
Assigned To: GIMP Bugs
GIMP Bugs
: 604972 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2008-10-10 10:10 UTC by Larsen
Modified: 2017-06-07 19:34 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
File that causes the plugin to crash (282.18 KB, application/octet-stream)
2008-10-10 10:20 UTC, Larsen
  Details
Save it as MNG crash GIMP (1.02 KB, application/octet-stream)
2009-02-09 12:11 UTC, Cédric OCHS
  Details
proposed patch (4.47 KB, patch)
2009-07-20 11:02 UTC, Massimo
committed Details | Review
Patch to fix MNG plug-in crash due to corrupted stack on 32-bit Windows (2.97 KB, patch)
2017-06-04 05:14 UTC, Edward E.
none Details | Review

Description Larsen 2008-10-10 10:10:14 UTC
Steps to reproduce:
1. Save file as mng (I hope I can attach 4mb)
2. Choose "Save as animation"
3. Click on "Export"
4. Use default options
5. Click on "Save"
6. Crash =)


Stack trace:
As this is Windows the instructions for installing the debugging symbols didn´t fit. I also couldn´t figure out where to get Bug Buddy.

If there´s anything I can do, please tell me.


Other information:
After the windows error dialogs shows up, a GIMP error dialog shows up:

GIMP Message
Plug-in crashed: "file-mng.exe"
(C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\file-mng.exe)

The dying plug-in may have messed up GIMP's internal state. You may want to save your images and restart GIMP to be on the safe side.

GIMP Message
Saving 'C:\1temp\anim.mng' failed:

Procedure 'file-mng-save' returned no return values
Comment 1 Larsen 2008-10-10 10:20:16 UTC
Created attachment 120331 [details]
File that causes the plugin to crash

reduced to only two layers, error still shows up
Comment 2 Martin Nordholts 2008-10-10 19:54:49 UTC
Hi and thanks for the bug report! I'm not able to reproduce this on Linux.
Comment 3 Sven Neumann 2008-10-13 07:11:16 UTC
Works fine here as well. Could be a problem with the version of libmng bundled with the installer.
Comment 4 phanyx 2009-01-28 21:14:14 UTC
I and one of my buddies can confirm that bug. We both use Gimp PL 2.6.4 for Windows and we get such error while trying to save animation (or static image) to mng format. Crash occur after specifing export parameters and clicking 'Save' button, just like Lars Monsees mentioned.
It sometimes gives me that error:

'GLib-ERROR **:gmem.c:136: failed to allocate 1615249527 bytes, aborting...'

and crash.
Comment 5 Jernej Simončič 2009-01-28 22:25:21 UTC
Confirmed with 32bit Windows version. I'll look into it.
Comment 6 Cédric OCHS 2009-02-09 12:09:31 UTC
I also have the same problem under Windows. I would like to save a paletted (2 unique colors) image with 2 layers in MNG, but it crash when saving.
Comment 7 Cédric OCHS 2009-02-09 12:11:31 UTC
Created attachment 128287 [details]
Save it as MNG crash GIMP
Comment 8 Michael Schumacher 2009-02-09 13:22:21 UTC
IIRC there has never been any version of libmng that has been usable on Windows.
Comment 9 Massimo 2009-07-20 11:02:48 UTC
Created attachment 138800 [details] [review]
proposed patch

When saving the file attached to comment #7 on linux,
valgrind reports a number of invalid read, though the 
operation is completed successfully.

Looking at the code of libmng-1.0.10 it is evident that 
'mng_putchunk_plte' and 'mng_putchunk_trns' both copy 
the array passed in as if it was full size even when
it is only partly used. The attached patch wraps their 
calls passing the arrays dimensioned correctly.

In function 'respin_cmap': when 'find_unused_ia_colour' 
returns as an index suitable for transparency the number
of colors in the colormap, the following loop accesses
three values beyond the end of the array 'before'.

Finally there's a typo in a call to mng_putchunk_text.

The attached patch is against file 
'plug-ins/common/file-mng.c' of release 2.6.6.
Comment 10 Martin Nordholts 2009-07-20 11:15:08 UTC
You are working faster than we apply patches, we'll never get GIMP 2.6.7 out! :)
Comment 11 Sven Neumann 2009-07-20 21:00:02 UTC
Applied to both branches and pushed. Thanks for the fix.

commit e0f21468d4f6d887a8f0f26baee6da59abe59618
Author: Massimo Valentini <sixtysix@inwind.it>
Date:   Mon Jul 20 22:55:43 2009 +0200

    Bug 555777 – Export to MNG animation fails
    
    'mng_putchunk_plte' and 'mng_putchunk_trns' both copy  the array passed in
    as if it was full size even when it is only partly used. This commit wraps
    their calls passing the arrays dimensioned correctly.
    
    In function 'respin_cmap', when 'find_unused_ia_colour' returns an index
    suitable for transparency the number of colors in the colormap, the
    following loop used to access three values beyond the end of the array
    'before'.
    
    Finally fix a typo in a call to mng_putchunk_text().

 plug-ins/common/file-mng.c |   61 +++++++++++++++++++++++++++++++++----------
 1 files changed, 47 insertions(+), 14 deletions(-)
Comment 12 Larsen 2010-07-02 09:12:37 UTC
Crash occurs again with version 2.6.9 on Windows XP SP3. I tested with the image from comment 7.
Comment 13 Martin Nordholts 2011-03-15 06:21:35 UTC
Larsen, can you reproduce this with 2.6.11?
Comment 14 Larsen 2011-03-15 08:06:41 UTC
Still crashes with 2.6.11. Tested with images from comment 1 and comment 7
Comment 15 Martin Nordholts 2011-03-15 17:12:24 UTC
I tried at work, and I also get a crash, but it is not a normal crash. Before the normal crash dialog box, I get

Data Execution Prevention

To help protect your computer, Windows has closed this program

Name: file-mng

Looking at the stack with DrMinGW, it looks corrupt.

Do you get the same kind of crash as me?
Comment 16 Larsen 2011-03-15 18:17:21 UTC
No, I don´t get a DEP error message. As I have MS Visual Studio installed, I get a message about an unhandled exception in file-mng.exe.
Comment 17 Mukund Sivaraman 2011-05-07 01:55:15 UTC
*** Bug 604972 has been marked as a duplicate of this bug. ***
Comment 18 Michael Natterer 2012-01-08 21:23:15 UTC
Please try GIMP 2.7.4 and report back, we won't fix 2.6 bugs any longer.
Comment 19 Cédric OCHS 2012-01-08 22:38:17 UTC
That's working as expected for me with GIMP 2.7.4 under Windows :) So it doesn't crash anymore with my test case. Thanks and good job !
Comment 20 Michael Natterer 2012-01-08 23:08:50 UTC
Thanks for checking -> FIXED :)
Comment 21 Larsen 2012-01-09 08:00:56 UTC
Still crashing for me with the example attachment:
"plug-in 'file-mng.exe' aborted before sending its procedure return values"

GIMP 2.7.4 Windows XP SP3
Installer from gimp-win.sf.net
Comment 22 Cédric OCHS 2012-01-09 08:11:20 UTC
I tried to export to MNG with file from comment #1 and it works too under Windows 7 x64 using GIMP 2.7.4 from http://freefr.dl.sourceforge.net/project/gimp-win/GIMP%20%2B%20GTK%2B%20(development%20rel.)/GIMP%202.7.4/gimp-2.7.4-setup.exe

It seems like this package provides both x86 and x64 builds and the version I tested is the x64 version.
Comment 23 Alexia Death 2012-01-09 11:14:34 UTC
It crashes for me on 32 bit Windows XP with 2.7.4.
Comment 24 Michael Natterer 2012-02-12 20:29:53 UTC
2.6 -> 2.8
Comment 25 cmos 2013-01-27 17:32:31 UTC
Still crashes with Gimp 2.8.2 and Windows Vista 32 bit with error in description
Comment 26 franzrogar 2015-10-29 09:20:31 UTC
Update bug status

Windows Version: 8.1 x64 up-to-date
GIMP Version: 2.8.14-x64 current
Commands: File > Export as > MNG (default options)
Result: correct file creation, no crashes

Status: can't not reproduce
Comment 27 Larsen 2015-10-29 09:28:32 UTC
No crash with GIMP 2.8.8, Windows 7 64-bit.

Would be interesting to see if this also applies to 32-bit Windows.
Comment 28 nm 2016-05-29 16:27:49 UTC
I have tested this on win 10 with 64bit also. Can't reproduce.
Comment 29 nm 2016-05-29 17:33:09 UTC
Using a test image for windows 7 I can reproduce this on 32bit. This seems however just related to 32bit.
Comment 30 Jehan 2016-12-07 21:16:40 UTC
Has anyone tested with GIMP master (2.9.x) on Windows 32 bit?
Comment 31 Michael Schumacher 2017-03-12 10:44:38 UTC
Elevating to blocker for a 2.8.22 installer package.
Comment 32 Michael Schumacher 2017-05-19 07:53:09 UTC
We solved this for the 64-bit versions of GIMP 2.8.22, but couldn't find why the 32-bit versions kept crashing. So for now, 32-bit GIMP releases ship without MNG support.
Comment 33 Edward E. 2017-06-04 05:14:36 UTC
Created attachment 353134 [details] [review]
Patch to fix MNG plug-in crash due to corrupted stack on 32-bit Windows

file-mng.exe on 32-bit GIMP 2.8.22 crashes due to a corrupted stack. Disassembly shows that the calling conventions of the callbacks and imported functions in file-mng.exe and libmng-1.dll don't match. Same goes for my recent build of master.

The cause: for some reason, libmng's function definitions use stdcall, but only on Windows platform (see https://github.com/LuaDist/libmng/blob/master/libmng_types.h#L242-L243), while file-mng assumes default calling convention. Windows x64 ABI calling conventions are equivalent, so no stack corruption occurs on 64-bit.

This patch may be all that's needed to get MNG working in the official installer, which IIRC is cross-compiled from Linux. However, due to other issues with stdcall in libmng's exports, a native build can't even find libmng, so some modification to configure.ac is needed.

Once GIMP was successfully compiled with the present patch, the plug-in worked; the MNG files exported from the xcf files attached to this report look good in an image viewer. I tested this on the latest gimp-2-8 and master (both built with mingw64_i686).

On IRC mitch asked that this be patched against master; gimp-2-8 looks similar enough for this to cherry-pick easily.
Comment 34 Michael Natterer 2017-06-04 10:39:07 UTC
Thanks, pushed to master and gimp-2-8:

commit c486cb3c36ad91d25c9b71354337644bb3f24ef8
Author: Edward E <develinthedetail@gmail.com>
Date:   Sun Jun 4 00:09:27 2017 -0500

    Bug 555777 - Export to MNG animation fails
    
    Fix calling convention for libmng functions in file-mng plug-in.
    
    (cherry picked from commit d2de5a0c30cc172d9a788401b61ee01914966445)

 configure.ac               |  3 +++
 plug-ins/common/file-mng.c | 28 ++++++++++++++--------------
 2 files changed, 17 insertions(+), 14 deletions(-)
Comment 35 Larsen 2017-06-07 19:34:32 UTC
Thanks everybody for fixing this! =)