https://bugs.kde.org/show_bug.cgi?id=441945
--- Comment #5 from Dmitry Kazakov <dimul...@gmail.com> ---
There is something really wrong with file layers...
=================================================================
==25681==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000cebe70
at pc 0x7ffff29f55b6 bp 0x7fffffff8000 sp 0x7fffffff7ff0
READ of size 8 at 0x60b000cebe70 thread T0
#0 0x7ffff29f55b5 in KisImage::copyFromImageImpl(KisImage const&, int)
/home/appimage/persistent/krita/libs/image/kis_image.cc:397
#1 0x7ffff29f7c39 in KisImage::KisImage(KisImage const&, KisUndoStore*,
bool) /home/appimage/persistent/krita/libs/image/kis_image.cc:488
#2 0x7ffff29f7e4e in KisImage::clone(bool)
/home/appimage/persistent/krita/libs/image/kis_image.cc:346
#3 0x7ffff6303b2c in KisDocument::copyFromDocumentImpl(KisDocument const&,
KisDocument::CopyPolicy)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1115
#4 0x7ffff6305f08 in KisDocument::KisDocument(KisDocument const&, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:614
#5 0x7ffff6310a5d in KisDocument::Private::lockAndCloneImpl(bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1056
#6 0x7ffff6310d65 in KisDocument::lockAndCloneForSaving()
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1067
#7 0x7ffff6312363 in KisDocument::initiateSavingInBackground(QString,
QObject const*, char const*, KritaUtils::ExportFileJob const&,
KisPinnedSharedPtr<KisPropertiesConfiguration>, std::unique_ptr<KisDocument,
std::default_delete<KisDocument> >&&, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1208
#8 0x7ffff6312bd9 in KisDocument::initiateSavingInBackground(QString,
QObject const*, char const*, KritaUtils::ExportFileJob const&,
KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1193
#9 0x7ffff6313520 in
KisDocument::exportDocumentImpl(KritaUtils::ExportFileJob const&,
KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:773
#10 0x7ffff631a21a in KisDocument::saveAs(QString const&, QByteArray
const&, bool, KisPinnedSharedPtr<KisPropertiesConfiguration>)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:831
#11 0x7ffff63b1cb0 in KisMainWindow::saveDocument(KisDocument*, bool, bool,
bool) /home/appimage/persistent/krita/libs/ui/KisMainWindow.cpp:1449
#12 0x7ffff63b45f5 in KisMainWindow::slotFileSave()
/home/appimage/persistent/krita/libs/ui/KisMainWindow.cpp:1747
#13 0x7ffff63d74bc in KisMainWindow::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**)
/home/appimage/appimage-workspace/krita-build/libs/ui/kritaui_autogen/include/moc_KisMainWindow.cpp:377
#14 0x7fffe86df858 in QMetaObject::activate(QObject*, int, int, void**)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Core.so.5+0x2b4858)
#15 0x7fffe914f351 in QAction::triggered(bool)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Widgets.so.5+0x15c351)
#16 0x7fffe91518df in QAction::activate(QAction::ActionEvent)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Widgets.so.5+0x15e8df)
#17 0x7fffe9152243 in QAction::event(QEvent*)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Widgets.so.5+0x15f243)
#18 0x7fffe91558db in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Widgets.so.5+0x1628db)
#19 0x7fffe915cf1f in QApplication::notify(QObject*, QEvent*)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Widgets.so.5+0x169f1f)
#20 0x7ffff62b27d9 in KisApplication::notify(QObject*, QEvent*)
/home/appimage/persistent/krita/libs/ui/KisApplication.cpp:756
#21 0x7fffe86b24a7 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Core.so.5+0x2874a7)
#22 0x7fffe8b532f0 in QShortcutMap::dispatchEvent(QKeyEvent*)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Gui.so.5+0x1772f0)
#23 0x7fffe8b533a8 in QShortcutMap::tryShortcut(QKeyEvent*)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Gui.so.5+0x1773a8)
#24 0x7fffe8b09c56 in QWindowSystemInterface::handleShortcutEvent(QWindow*,
unsigned long, int, QFlags<Qt::KeyboardModifier>, unsigned int, unsigned int,
unsigned int, QString const&, bool, unsigned short)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Gui.so.5+0x12dc56)
#25 0x7fffe8b2522b in
QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Gui.so.5+0x14922b)
#26 0x7fffe8b2a174 in
QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Gui.so.5+0x14e174)
#27 0x7fffe8b0639a in
QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Gui.so.5+0x12a39a)
#28 0x7fffdbc78fb9
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5XcbQpa.so.5+0x6afb9)
#29 0x7fffe4e6b266 in g_main_context_dispatch
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a266)
#30 0x7fffe4e6b4bf (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a4bf)
#31 0x7fffe4e6b56b in g_main_context_iteration
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a56b)
#32 0x7fffe870b7ce in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Core.so.5+0x2e07ce)
#33 0x7fffe86b0a39 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Core.so.5+0x285a39)
#34 0x7fffe86b97b3 in QCoreApplication::exec()
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Core.so.5+0x28e7b3)
#35 0x412430 in main /home/appimage/persistent/krita/krita/main.cc:698
#36 0x7fffe755f83f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
#37 0x415728 in _start
(/home/appimage/appimage-workspace/krita.appdir/usr/bin/krita+0x415728)
0x60b000cebe70 is located 96 bytes inside of 104-byte region
[0x60b000cebe10,0x60b000cebe78)
freed by thread T0 here:
#0 0x7ffff72b70a5 in operator delete(void*, unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10f0a5)
#1 0x7ffff29f8d9e in KisImage::~KisImage()
/home/appimage/persistent/krita/libs/image/kis_image.cc:274
#2 0x7ffff5596dd9 in KisSharedPtr<KisImage>::deref(KisSharedPtr<KisImage>
const*, KisImage*)
/home/appimage/persistent/krita/libs/global/kis_shared_ptr.h:199
#3 0x7ffff5596dd9 in KisSharedPtr<KisImage>::deref() const
/home/appimage/persistent/krita/libs/global/kis_shared_ptr.h:213
#4 0x7ffff5596dd9 in KisSharedPtr<KisImage>::~KisSharedPtr()
/home/appimage/persistent/krita/libs/global/kis_shared_ptr.h:97
#5 0x7ffff5596dd9 in
KisFileLayer::slotLoadingFinished(KisSharedPtr<KisPaintDevice>, double, double,
QSize const&) /home/appimage/persistent/krita/libs/ui/kis_file_layer.cpp:192
#6 0x7ffff4fe5a9f in KisFileLayer::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**)
/home/appimage/appimage-workspace/krita-build/libs/ui/kritaui_autogen/EWIEGA46WW/moc_kis_file_layer.cpp:78
#7 0x7fffe86df858 in QMetaObject::activate(QObject*, int, int, void**)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Core.so.5+0x2b4858)
#8 0x7ffff4fb5984 in
KisSafeDocumentLoader::loadingFinished(KisSharedPtr<KisPaintDevice>, double,
double, QSize const&)
/home/appimage/appimage-workspace/krita-build/libs/ui/kritaui_autogen/EWIEGA46WW/moc_kis_safe_document_loader.cpp:169
#9 0x7ffff55adf49 in KisSafeDocumentLoader::delayedLoadStart()
/home/appimage/persistent/krita/libs/ui/kis_safe_document_loader.cpp:321
#10 0x7ffff55b2d05 in KisSafeDocumentLoader::fileChangedCompressed(bool)
/home/appimage/persistent/krita/libs/ui/kis_safe_document_loader.cpp:247
#11 0x7ffff55b313d in KisSafeDocumentLoader::reloadImage()
/home/appimage/persistent/krita/libs/ui/kis_safe_document_loader.cpp:207
#12 0x7ffff55933a6 in KisFileLayer::setImage(KisWeakSharedPtr<KisImage>)
/home/appimage/persistent/krita/libs/ui/kis_file_layer.cpp:263
#13 0x7ffff2d113fa in operator()
/home/appimage/persistent/krita/libs/image/kis_node.cpp:265
#14 0x7ffff2d113fa in recursiveApplyNodes<KisSharedPtr<KisNode>,
KisNode::setImage(KisImageWSP)::<lambda(KisNodeSP)> >
/home/appimage/persistent/krita/libs/image/kis_layer_utils.h:204
#15 0x7ffff2d1b5f5 in KisNode::setImage(KisWeakSharedPtr<KisImage>)
/home/appimage/persistent/krita/libs/image/kis_node.cpp:263
#16 0x7ffff2a929bb in KisLayer::setImage(KisWeakSharedPtr<KisImage>)
/home/appimage/persistent/krita/libs/image/kis_layer.cc:384
#17 0x7ffff298ff6f in KisGroupLayer::setImage(KisWeakSharedPtr<KisImage>)
/home/appimage/persistent/krita/libs/image/kis_group_layer.cc:151
#18 0x7ffff29f2cf8 in KisImage::copyFromImageImpl(KisImage const&, int)
/home/appimage/persistent/krita/libs/image/kis_image.cc:396
#19 0x7ffff29f7c39 in KisImage::KisImage(KisImage const&, KisUndoStore*,
bool) /home/appimage/persistent/krita/libs/image/kis_image.cc:488
#20 0x7ffff29f7e4e in KisImage::clone(bool)
/home/appimage/persistent/krita/libs/image/kis_image.cc:346
#21 0x7ffff6303b2c in KisDocument::copyFromDocumentImpl(KisDocument const&,
KisDocument::CopyPolicy)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1115
#22 0x7ffff6305f08 in KisDocument::KisDocument(KisDocument const&, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:614
#23 0x7ffff6310a5d in KisDocument::Private::lockAndCloneImpl(bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1056
#24 0x7ffff6310d65 in KisDocument::lockAndCloneForSaving()
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1067
#25 0x7ffff6312363 in KisDocument::initiateSavingInBackground(QString,
QObject const*, char const*, KritaUtils::ExportFileJob const&,
KisPinnedSharedPtr<KisPropertiesConfiguration>, std::unique_ptr<KisDocument,
std::default_delete<KisDocument> >&&, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1208
#26 0x7ffff6312bd9 in KisDocument::initiateSavingInBackground(QString,
QObject const*, char const*, KritaUtils::ExportFileJob const&,
KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1193
#27 0x7ffff6313520 in
KisDocument::exportDocumentImpl(KritaUtils::ExportFileJob const&,
KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:773
#28 0x7ffff631a21a in KisDocument::saveAs(QString const&, QByteArray
const&, bool, KisPinnedSharedPtr<KisPropertiesConfiguration>)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:831
#29 0x7ffff63b1cb0 in KisMainWindow::saveDocument(KisDocument*, bool, bool,
bool) /home/appimage/persistent/krita/libs/ui/KisMainWindow.cpp:1449
#30 0x7ffff63b45f5 in KisMainWindow::slotFileSave()
/home/appimage/persistent/krita/libs/ui/KisMainWindow.cpp:1747
#31 0x7ffff63d74bc in KisMainWindow::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**)
/home/appimage/appimage-workspace/krita-build/libs/ui/kritaui_autogen/include/moc_KisMainWindow.cpp:377
#32 0x7fffe86df858 in QMetaObject::activate(QObject*, int, int, void**)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Core.so.5+0x2b4858)
#33 0x7fffe914f351 in QAction::triggered(bool)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Widgets.so.5+0x15c351)
previously allocated by thread T0 here:
#0 0x7ffff72b59df in operator new(unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d9df)
#1 0x7ffff29f7e3b in KisImage::clone(bool)
/home/appimage/persistent/krita/libs/image/kis_image.cc:346
#2 0x7ffff6303b2c in KisDocument::copyFromDocumentImpl(KisDocument const&,
KisDocument::CopyPolicy)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1115
#3 0x7ffff6305f08 in KisDocument::KisDocument(KisDocument const&, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:614
#4 0x7ffff6310a5d in KisDocument::Private::lockAndCloneImpl(bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1056
#5 0x7ffff6310d65 in KisDocument::lockAndCloneForSaving()
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1067
#6 0x7ffff6312363 in KisDocument::initiateSavingInBackground(QString,
QObject const*, char const*, KritaUtils::ExportFileJob const&,
KisPinnedSharedPtr<KisPropertiesConfiguration>, std::unique_ptr<KisDocument,
std::default_delete<KisDocument> >&&, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1208
#7 0x7ffff6312bd9 in KisDocument::initiateSavingInBackground(QString,
QObject const*, char const*, KritaUtils::ExportFileJob const&,
KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:1193
#8 0x7ffff6313520 in
KisDocument::exportDocumentImpl(KritaUtils::ExportFileJob const&,
KisPinnedSharedPtr<KisPropertiesConfiguration>, bool)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:773
#9 0x7ffff631a21a in KisDocument::saveAs(QString const&, QByteArray const&,
bool, KisPinnedSharedPtr<KisPropertiesConfiguration>)
/home/appimage/persistent/krita/libs/ui/KisDocument.cpp:831
#10 0x7ffff63b1cb0 in KisMainWindow::saveDocument(KisDocument*, bool, bool,
bool) /home/appimage/persistent/krita/libs/ui/KisMainWindow.cpp:1449
#11 0x7ffff63b45f5 in KisMainWindow::slotFileSave()
/home/appimage/persistent/krita/libs/ui/KisMainWindow.cpp:1747
#12 0x7ffff63d74bc in KisMainWindow::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**)
/home/appimage/appimage-workspace/krita-build/libs/ui/kritaui_autogen/include/moc_KisMainWindow.cpp:377
#13 0x7fffe86df858 in QMetaObject::activate(QObject*, int, int, void**)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Core.so.5+0x2b4858)
#14 0x7fffe914f351 in QAction::triggered(bool)
(/home/appimage/appimage-workspace/deps/usr/lib/libQt5Widgets.so.5+0x15c351)
SUMMARY: AddressSanitizer: heap-use-after-free
/home/appimage/persistent/krita/libs/image/kis_image.cc:397 in
KisImage::copyFromImageImpl(KisImage const&, int)
Shadow bytes around the buggy address:
0x0c1680195770: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
0x0c1680195780: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa
0x0c1680195790: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
0x0c16801957a0: fd fd fd fd fa fa fa fa fa fa fa fa fd fd fd fd
0x0c16801957b0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
=>0x0c16801957c0: fa fa fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa
0x0c16801957d0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c16801957e0: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fd fd
0x0c16801957f0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x0c1680195800: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1680195810: fd fd fa fa fa fa fa fa fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==25681==ABORTING
--
You are receiving this mail because:
You are watching all bug changes.
