After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 600112 - blur-gauss-selective.exe crashes
blur-gauss-selective.exe crashes
Status: RESOLVED FIXED
Product: GIMP
Classification: Other
Component: Plugins
2.6.7
Other Windows
: Normal major
: 2.6
Assigned To: GIMP Bugs
GIMP Bugs
Depends on:
Blocks:
 
 
Reported: 2009-10-30 10:31 UTC by Othmar Marti
Modified: 2010-03-12 20:03 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Proposed patch (883 bytes, patch)
2010-03-10 16:27 UTC, Massimo 		needs-work Details | Review
Commented patch (1.43 KB, patch)
2010-03-12 17:29 UTC, Massimo 		none Details | Review

Description Othmar Marti 2009-10-30 10:31:45 UTC 
System: Windows XP, SP3
gimp 2.6.7 installed with the windows installer from win-gimp.sourceforge.net

To produce the bug:
new image with 1680 (horizontal) by 1050 (vertical) pixels, filled with white, RGB, 72 dpi

Call filters -> blur-selective gaussian blur with the standard parameters (radius 5, threshold 50)

The progressbar runs until the 2 last units. Then blur-gauss-selective.exe crashes.

If you use an image of 1679x1050 pixels everything is ok
If you use an image of 1681x1050 pixels everything is ok
If you use an image of 1680x1051 pixels everything is ok
If you use an image of 1680x1049 pixels everything is ok
If you use an image of 1050x1680 pixels, blur-gauss-selective.exe crashes
If you use an image of 1050x1679 pixels everything is ok
If you use an image of 1050x1681 pixels everything is ok
If you use an image of 1051x1680 pixels everything is ok
If you use an image of 1049x1680 pixels everything is ok
If you use an image of 840x2100 pixels, blur-gauss-selective.exe crashes

blur-gauss-selective.exe seems to crash whenever width times height is 1680x1050=1764000. It crashes also if jpg-files of the same size are opened.

Sincerely yours,

Othmar Marti
Comment 1 Michael Schumacher 2009-10-30 11:46:14 UTC 
Confirming on Windows XP with GIMP 2.6.7.
Comment 2 Massimo 2010-03-10 16:27:05 UTC 
Created attachment 155759 [details] [review]
Proposed patch

On linux valgrind reports invalid reads when this plug-in 
is executed with an image without alpha channel.

The problem is that in function 'matrixmult_mmx' to load a 
rgb triple an asm "movd" is used (this instruction reads 4 
bytes), so to read the last triple it accesses a byte past 
the end of the allocated memory. 

Slightly oversizing the source buffer solves the problem.
Comment 3 Martin Nordholts 2010-03-10 17:08:11 UTC 
Great work as usual, but still refusing to work with git. Why?
Comment 4 Sven Neumann 2010-03-11 07:47:56 UTC 
Review of attachment 155759 [details] [review]:

A comment in the source code would be desirable that explains why the buffer is over-sized. Otherwise we risk that this change is reverted with the next code cleanup.
Comment 5 Massimo 2010-03-12 17:29:01 UTC 
Created attachment 155987 [details] [review]
Commented patch

Feel free to choose better comments.
I studied french at school.
Comment 6 Sven Neumann 2010-03-12 20:03:18 UTC 
Thanks. Committed and pushed to both branches with slightly changes comments:

commit cbb815c20303c94fcfea221a55d528ba93ac7d90
Author: Massimo Valentini <sixtysix@inwind.it>
Date:   Fri Mar 12 20:58:45 2010 +0100

    Bug 600112 - blur-gauss-selective.exe crashes
    
    Allocate buffers with some extra padding as the MMX instructions
    used in matrixmult_mmx() may read more than strictly necessary.