[Bug 299886] New: ShowFoto crash while saving PNG
Locked
12
12
 
|
https://bugs.kde.org/show_bug.cgi?id=299886
--- Comment #20 from nucleo <[hidden email]> --- $ valgrind showfoto ==1597== Memcheck, a memory error detector ==1597== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==1597== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==1597== Command: showfoto ==1597== libdc1394 error: Failed to initialize libdc1394 ==1597== Invalid read of size 8 ==1597== at 0x543666F: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x5633B5C: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563DFCB: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x55B73CF: QPainter::drawPixmap(QRectF const&, QPixmap const&, QRectF const&) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x577D5FE: QStyle::drawItemPixmap(QPainter*, QRect const&, int, QPixmap const&) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xF: ??? ==1597== Address 0x117c9f20 is 8 bytes before a block of size 1,024 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550E667: QImage::convertToFormat(QImage::Format, QFlags<Qt::ImageConversionFlag>) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x553793E: QRasterPixmapData::createPixmapForImage(QImage&, QFlags<Qt::ImageConversionFlag>, bool) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x1101: ??? ==1597== ==1597== Invalid read of size 8 ==1597== at 0x5436910: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x5633B5C: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563DFCB: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x55B73CF: QPainter::drawPixmap(QRectF const&, QPixmap const&, QRectF const&) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x577D5FE: QStyle::drawItemPixmap(QPainter*, QRect const&, int, QPixmap const&) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xF: ??? ==1597== Address 0x117ca328 is 0 bytes after a block of size 1,024 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550E667: QImage::convertToFormat(QImage::Format, QFlags<Qt::ImageConversionFlag>) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x553793E: QRasterPixmapData::createPixmapForImage(QImage&, QFlags<Qt::ImageConversionFlag>, bool) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x1101: ??? ==1597== ==1597== Invalid read of size 8 ==1597== at 0x54366D0: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563200F: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== Address 0x11069458 is 0 bytes after a block of size 1,024 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550E667: QImage::convertToFormat(QImage::Format, QFlags<Qt::ImageConversionFlag>) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x553793E: QRasterPixmapData::createPixmapForImage(QImage&, QFlags<Qt::ImageConversionFlag>, bool) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xBEC852BF: ??? ==1597== ==1597== Invalid read of size 8 ==1597== at 0x54366D0: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x5633B5C: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563DFCB: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x55B73CF: QPainter::drawPixmap(QRectF const&, QPixmap const&, QRectF const&) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x577D5FE: QStyle::drawItemPixmap(QPainter*, QRect const&, int, QPixmap const&) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xF: ??? ==1597== Address 0x118b78f8 is 0 bytes after a block of size 1,024 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550E667: QImage::convertToFormat(QImage::Format, QFlags<Qt::ImageConversionFlag>) const (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x553793E: QRasterPixmapData::createPixmapForImage(QImage&, QFlags<Qt::ImageConversionFlag>, bool) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x1101: ??? ==1597== Adding device "/org/freedesktop/UDisks2/Manager" Adding device "/org/freedesktop/UDisks2/block_devices/loop0" Adding device "/org/freedesktop/UDisks2/block_devices/loop1" Adding device "/org/freedesktop/UDisks2/block_devices/loop2" Adding device "/org/freedesktop/UDisks2/block_devices/loop3" Adding device "/org/freedesktop/UDisks2/block_devices/loop4" Adding device "/org/freedesktop/UDisks2/block_devices/loop5" Adding device "/org/freedesktop/UDisks2/block_devices/loop6" Adding device "/org/freedesktop/UDisks2/block_devices/loop7" Adding device "/org/freedesktop/UDisks2/block_devices/sda" Adding device "/org/freedesktop/UDisks2/block_devices/sda1" Adding device "/org/freedesktop/UDisks2/block_devices/sda2" Adding device "/org/freedesktop/UDisks2/block_devices/sr0" Adding device "/org/freedesktop/UDisks2/drives/VMware_Virtual_IDE_CDROM_Drive_10000000000000000001" Adding device "/org/freedesktop/UDisks2/drives/VMware_Virtual_IDE_Hard_Drive_00000000000000000001" ==1597== Thread 5: ==1597== Conditional jump or move depends on uninitialised value(s) ==1597== at 0x10D40E0E: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x10D42601: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x5517880: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xFD0C9BF: ??? ==1597== ==1597== Thread 1: ==1597== Invalid read of size 8 ==1597== at 0x543666F: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563200F: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== Address 0x110e20a0 is 8 bytes before a block of size 1,764 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x1194FFFF: ??? ==1597== ==1597== Invalid read of size 8 ==1597== at 0x5436910: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x562BA84: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x563200F: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== Address 0x110e2788 is 1,760 bytes inside a block of size 1,764 alloc'd ==1597== at 0x402A059: malloc (vg_replace_malloc.c:263) ==1597== by 0x550A57E: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x550A9CD: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x1194FFFF: ??? ==1597== ==1597== Thread 5: ==1597== Conditional jump or move depends on uninitialised value(s) ==1597== at 0x10D40E0E: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x10D42601: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x5517880: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xDC96407: ??? ==1597== ==1597== Conditional jump or move depends on uninitialised value(s) ==1597== at 0x10D40E0E: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x10D42601: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x5517880: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xF5E709F: ??? ==1597== ==1597== Thread 6: ==1597== Conditional jump or move depends on uninitialised value(s) ==1597== at 0x10D40E0E: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x10D42601: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x5517880: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0x108F1E6F: ??? ==1597== ==1597== Thread 1: ==1597== Invalid write of size 4 ==1597== at 0x402CD64: memmove (mc_replace_strmem.c:981) ==1597== by 0x4A3AEEE: cmsGetHeaderProfileID (string3.h:58) ==1597== by 0xBEC847F7: ??? ==1597== Address 0x133b2864 is 11 bytes after a block of size 1 alloc'd ==1597== at 0x4029B55: operator new(unsigned int) (vg_replace_malloc.c:282) ==1597== by 0x41A0A02: dkCmsTakeProfileID(void*) (digikam-lcms.cpp:494) ==1597== by 0xBEC847F7: ??? ==1597== ==1597== Thread 5: ==1597== Conditional jump or move depends on uninitialised value(s) ==1597== at 0x10D40E0E: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x10D42601: ??? (in /usr/lib/kde4/plugins/imageformats/kimg_pic.so) ==1597== by 0x5517880: ??? (in /usr/lib/libQtGui.so.4.8.1) ==1597== by 0xFDB5F3F: ??? ==1597== ==1597== ==1597== HEAP SUMMARY: ==1597== in use at exit: 1,184,325 bytes in 10,228 blocks ==1597== total heap usage: 1,709,690 allocs, 1,699,462 frees, 246,538,858 bytes allocated ==1597== ==1597== LEAK SUMMARY: ==1597== definitely lost: 14,535 bytes in 107 blocks ==1597== indirectly lost: 544,654 bytes in 3,284 blocks ==1597== possibly lost: 252,436 bytes in 905 blocks ==1597== still reachable: 372,700 bytes in 5,932 blocks ==1597== suppressed: 0 bytes in 0 blocks ==1597== Rerun with --leak-check=full to see details of leaked memory ==1597== ==1597== For counts of detected and suppressed errors, rerun with: -v ==1597== Use --track-origins=yes to see where uninitialised values come from ==1597== ERROR SUMMARY: 434 errors from 12 contexts (suppressed: 2 from 1) -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Digikam-devel mailing list [hidden email] https://mail.kde.org/mailman/listinfo/digikam-devel |
|
|
In reply to this post by Bugzilla from dilnix@gmail.com
https://bugs.kde.org/show_bug.cgi?id=299886
--- Comment #21 from nucleo <[hidden email]> --- Note that we switched to lcms2. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Digikam-devel mailing list [hidden email] https://mail.kde.org/mailman/listinfo/digikam-devel |
[Bug 299886] ShowFoto crash while saving PNG
|
|
In reply to this post by Bugzilla from dilnix@gmail.com
https://bugs.kde.org/show_bug.cgi?id=299886
Kevin Kofler <[hidden email]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[hidden email] --- Comment #22 from Kevin Kofler <[hidden email]> --- digikam-lcms.cpp:494 is probably the line around which to look for the error. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Digikam-devel mailing list [hidden email] https://mail.kde.org/mailman/listinfo/digikam-devel |
[Bug 299886] ShowFoto crash while saving PNG
|
|
In reply to this post by Bugzilla from dilnix@gmail.com
https://bugs.kde.org/show_bug.cgi?id=299886
--- Comment #23 from Gilles Caulier <[hidden email]> --- Not sure that lcms2 can be the problem : ==1597== Thread 1: ==1597== Invalid write of size 4 ==1597== at 0x402CD64: memmove (mc_replace_strmem.c:981) ==1597== by 0x4A3AEEE: cmsGetHeaderProfileID (string3.h:58) ==1597== by 0xBEC847F7: ??? ==1597== Address 0x133b2864 is 11 bytes after a block of size 1 alloc'd ==1597== at 0x4029B55: operator new(unsigned int) (vg_replace_malloc.c:282) ==1597== by 0x41A0A02: dkCmsTakeProfileID(void*) (digikam-lcms.cpp:494) ==1597== by 0xBEC847F7: ??? https://projects.kde.org/projects/extragear/graphics/digikam/repository/revisions/master/entry/libs/dklcms/digikam-lcms.cpp#L494 but as you can see in the code, it just a memory allocation through new operator... Other parts from your trace show a KDELibs corruption into kimg_pic.so and other from QImage... Just to test, can you switch to lcms1 ? Gilles Caulier -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Digikam-devel mailing list [hidden email] https://mail.kde.org/mailman/listinfo/digikam-devel |
[Bug 299886] ShowFoto crash while saving PNG
|
|
In reply to this post by Bugzilla from dilnix@gmail.com
https://bugs.kde.org/show_bug.cgi?id=299886
--- Comment #24 from Kevin Kofler <[hidden email]> --- The linked location is exactly the source of the error. You're allocating a single cmsUInt8Number (a single byte!) with new, then you're passing it to cmsGetHeaderProfileID, which clearly expects a whole array of cmsUInt8Number (it's writing to byte 12, i.e. the thirteenth byte, of what it thinks is an array of cmsUInt8Number). So this needs at least a cmsUInt8Number[13], please check the documentation for how big the array really needs to be. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Digikam-devel mailing list [hidden email] https://mail.kde.org/mailman/listinfo/digikam-devel |
[Bug 299886] ShowFoto crash while saving PNG
|
|
In reply to this post by Bugzilla from dilnix@gmail.com
https://bugs.kde.org/show_bug.cgi?id=299886
--- Comment #25 from Kevin Kofler <[hidden email]> --- So, the profile ID is an MD5, it also says "7.2.18 Profile ID field (Bytes 84 to 99)". This means you need to allocate a cmsUInt8Number[16], which is also what e.g. http://mail.gnome.org/archives/commits-list/2011-April/msg04234.html does. (And the Valgrind log also says that, because the write at byte 12 is of size 4, and there are no further offending writes.) -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Digikam-devel mailing list [hidden email] https://mail.kde.org/mailman/listinfo/digikam-devel |
[Bug 299886] ShowFoto crash while saving PNG
|
|
In reply to this post by Bugzilla from dilnix@gmail.com
https://bugs.kde.org/show_bug.cgi?id=299886
Rex Dieter <[hidden email]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |[hidden email] Ever confirmed|0 |1 --- Comment #26 from Rex Dieter <[hidden email]> --- confirmed that's what the lcms2 api docs say (in essence): cmsProfileID (union): cmsUInt8Number ID8[16]; cmsUInt16Number ID16[8]; cmsUInt32Number ID32[4]; -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Digikam-devel mailing list [hidden email] https://mail.kde.org/mailman/listinfo/digikam-devel |
[Bug 299886] ShowFoto crash while saving PNG
|
|
In reply to this post by Bugzilla from dilnix@gmail.com
https://bugs.kde.org/show_bug.cgi?id=299886
Francesco Riosa <[hidden email]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[hidden email] Assignee|[hidden email] |[hidden email] --- Comment #27 from Francesco Riosa <[hidden email]> --- mine -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Digikam-devel mailing list [hidden email] https://mail.kde.org/mailman/listinfo/digikam-devel |
[digikam] [Bug 299886] ShowFoto crash while saving PNG
|
|
In reply to this post by Bugzilla from dilnix@gmail.com
https://bugs.kde.org/show_bug.cgi?id=299886
[hidden email] changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|[hidden email] |[hidden email] -- You are receiving this mail because: You are the assignee for the bug. |
[digikam] [Bug 299886] ShowFoto crash while saving PNG
|
|
In reply to this post by Bugzilla from dilnix@gmail.com
https://bugs.kde.org/show_bug.cgi?id=299886
[hidden email] changed: What |Removed |Added ---------------------------------------------------------------------------- Component|showfoto |FilesIO-PNG -- You are receiving this mail because: You are the assignee for the bug. |
«
Return to digikam-devel
|
1 view|%1 views
| Free forum by Nabble | Edit this page |