GNOME Bugzilla – Bug 572865
Parasite handling had problems and can cause crashing
Last modified: 2010-10-03 20:18:19 UTC
Please describe the problem: gimp-parasite-attach sometimes does not work, occasionally script-fu crashes completely. Also appears to be a problem with gimp-image-parasite-attach as well (probably all the parasite attach commands). Steps to reproduce: In the scheme console paste the following: (let * ( (a 1) (b 1) ) (while (< a 20) (gimp-parasite-attach (list "test" 1 (number->string a))) (while (not (string=? (caddr (car (gimp-parasite-find "test"))) (number->string a) )) (gimp-parasite-attach (list "test" 1 (number->string a))) (set! b (+ b 1)) ) (print b) (set! b 1) (set! a (+ a 1)) )) Actual results: It will set and test then reset if not equal 20 times. Every time I run it I get a different result: 1 3 1 1 1 1 1 1 2 1 1 1 1 1 1 1 1 1 1 Though sometimes it will always get it on the first time. Note that I have also had this (rarely) crash script-fu.exe when trying it. Expected results: It should attach the parasite in one try every time. Does this happen every time? Inconsistent, hence the test script using a loop. Other information: I attempted to work around this by using a loop to check if it was correctly attached and re-attach until OK, but this would cause script-fu.exe to crash on windows. To bug also is apparent in linux (tested on Ubuntu) and independently verified by Saul Goode (on the mailing list). This does NOT seem to exist in python, as I have tested it with a small python script with no problems, even attaching/detaching 10000 times in a tight loop, so I assume it is in the Tinyscheme code.
Confirming. In order to reproduce it manually, you can run (gimp-parasite-attach (list "test" 1 (number->string 2))) (gimp-parasite-find "test") repeatedly in the console.
Created attachment 168559 [details] [review] Proposed patch There's a bug in file 'plug-ins/script-fu/scheme-wrapper.c' that could explain the behaviour described here. In function 'script_fu_marshal_procedure_call' the 'data' member of the parasite received is passed to 'mk_counted_string' which expects a nul terminated utf8 valid sequence. But, when this same function marshals a parasite to the core, the nul terminator is not appended, and so it is not received. mk_counted_string requires also, as third parameter, the number of characters, not the number of bytes. For backward compatibility and because parasites are not limited to nul terminated utf8 valid sequences, rather than appending the nul terminator to the data sent, it is better to always pad the data received with a nul terminator. With the attached patch 'script_fu_marshal_procedure_call' appends a nul terminator to the parasite data received, and passes the number of characters to mk_counted_string. Btw in file 'plug-ins/script-fu/tinyscheme/scheme.c' the accessor 'strlength ()' of a cell pointer is inconsistent, sometimes stores the number of character (see mk_counted_string) and sometimes the number of bytes (see line 3535 where newlen is the value passed to malloc). For example 'string-append' doesn't work always with non-ASCII strings. From the script-fu console I save: Welcome to TinyScheme Copyright (c) Dimitrios Souflis Script-Fu Console - Interactive Scheme Development > (define a (make-string 4 (integer->char 931))) a > a "ΣΣΣΣ" > (string-length a) 4 > (string-append a a) "ΣΣΣΣ" > (string-length (string-append a a)) 4
I'm moving this bug into the GIMP product.
*** Bug 624555 has been marked as a duplicate of this bug. ***
*** Bug 624567 has been marked as a duplicate of this bug. ***
Thank you for the report and patch. There does appear to be an error in mk_counted_string() re: bytes vs. characters. strlength() should always return a character count. The value passed to malloc() needs to be in bytes. I will look over string operations to check for any other places where bytes and character counts may have been mixed. I will test/review your proposed patch at the same time.
This report is a combination of two problems. The first was a problem with garbage collection. The other was in the handling of UTF-8 coded strings. The GC issue and the handling of UTF-8 strings have been fixed in TinyScheme in the 2.6 and master branches of GIMP. Fixed in the 2.6 branch of GIMP: commit 136bfb61cc655d51b0ee7066f5126ceb33cf56c5 First part of fixes for handling UTF-8 coded strings (Bugs 572865 & 628893) commit c00dfc97d7bf8f47e4bb888079d6675f3e791e1e Last part of fixes for handling UTF-8 coded strings (Bugs 572865 & 628893) Fixed in the master branch of GIMP. commit 68552674702653abde0bfc5d4b0cd84d045b5d92 First part of fixes for handling UTF-8 coded strings (Bugs 572865 & 628893) commit ae6670ba8b20f03a7d12d5eba57c5be3b9dcb1db Last part of fixes for handling UTF-8 coded strings (Bugs 572865 & 628893)
Comment on attachment 168559 [details] [review] Proposed patch I commited a slightly modified version of this patch.
The gimp-parasite-* functions should be working properly as of the commits listed below. I will leave this report open for a little while for final testing. If no further problems are noted I will close this report. Fixed in the 2.6 branch of GIMP: commit d2986674793f39d3582a5f983c7a1b719db5edad Additional fixes for handling UTF-8 coded strings (Bugs 572865 & 628893) Fixed in the master branch of GIMP. commit b0d8ba5ffddd46798a7480d75f5de3c8d808b9ad Additional fixes for handling UTF-8 coded strings (Bugs 572865 & 628893)
Closing as FIXED. Can be reopened in case that problems show up.