After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 772119 - gegl-sampler sometimes crashes for absurd coordinates.
gegl-sampler sometimes crashes for absurd coordinates.
Status: RESOLVED OBSOLETE
Product: GEGL
Classification: Other
Component: GeglBuffer
git master
Other Linux
: Normal normal
: ---
Assigned To: Default Gegl Component Owner
Default Gegl Component Owner
Depends on:
Blocks:
 
 
Reported: 2016-09-28 13:12 UTC by Simon Budig
Modified: 2018-05-22 12:14 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Demo program provoking the crash on 64 bit machines. (2.95 KB, text/x-c)
2016-09-28 13:12 UTC, Simon Budig 		  Details
Patch for adding some debug output for the samplers. (1.44 KB, patch)
2016-09-28 13:18 UTC, Simon Budig 		needs-work Details | Review

Description Simon Budig 2016-09-28 13:12:45 UTC 
Created attachment 336440 [details]
Demo program provoking the crash on 64 bit machines.

Under some circumstances the range check in gegl/buffer/gegl-sampler.h fails to recognize, that it needs to fetch data.

This happens when x and y coordinate are close to 2^31 (at least on my 64 bit machine).

Attached is a test program. For me this crashes on the 3rd gegl_sampler_get().

I have added some debug output to gegl that prints out the ROIs around the range checks. This is the output from a run with this debug output enabled:


This is the output from a gdb run with a LINEAR sampler:

(gdb) run
Starting program: /home/simon/src/unstable/gegl/tests/simple/.libs/test-sampler 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
need (2147483647, 2147483647; 3, 3), have (0, 0; 0, 0)
0.000000,0.000000,0.000000,0.000000
need (2147483647, 85707687; 3, 3), have (0, 0; 0, 0)
fetching (2147483645, 85707685; 9, 9)
0.000000,0.000000,0.000000,0.000000
need (2147483647, 2147483647; 3, 3), have (2147483645, 85707685; 9, 9)

Program received signal SIGSEGV, Segmentation fault.
gegl_sampler_linear_get (self=0x6c20a0 [GeglSamplerLinear], 
    absolute_x=<optimized out>, absolute_y=<optimized out>, 
    scale=<optimized out>, output=0x7fffffffdf60, repeat_mode=GEGL_ABYSS_NONE)
    at gegl-sampler-linear.c:208
208         const gfloat bot_rite_3 = *in_bptr;
(gdb) bt

+ Trace 236707

  • #0 gegl_sampler_linear_get
    at gegl-sampler-linear.c line 208
  • #1 gegl_sampler_get
    at gegl-sampler.c line 178
  • #2 main
    at test-sampler.c line 64
  • #3 main
    at test-sampler.c line 94
  • #0 gegl_sampler_cubic_get
    at gegl-sampler-cubic.c line 266
  • #1 gegl_sampler_get
    at gegl-sampler.c line 178
  • #2 main
    at test-sampler.c line 64
  • #3 main
    at test-sampler.c line 94 


Note that for the 1st coordinate it does not recognize, that it doesn't have the necessary area available. It does recognize this for the 2nd coordinate (where y is in a managable range), but on the 3rd attept it again doesn't recognize the need to fetch data. This time however, it crashes, since it probably tries to read way outside of the area cached.
Comment 1 Simon Budig 2016-09-28 13:14:27 UTC 
Note that the bugzilla parser failed to properly parse the traces. there are actually two traces, one for the LINEAR, one for the CUBIC sampler.
Comment 2 Simon Budig 2016-09-28 13:18:50 UTC 
Created attachment 336443 [details] [review]
Patch for adding some debug output for the samplers.

This is the patch for the debug output seen in the output above.
Comment 3 GNOME Infrastructure Team 2018-05-22 12:14:45 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gegl/issues/38.