Bugs item #1689329, was opened at 2007-03-27 18:05
Message generated for change (Comment added) made by dooglus
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=757416&aid=1689329&group_id=144022
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: dooglus (dooglus)
Assigned to: Nobody/Anonymous (nobody)
Summary: studio crashes zooming in to canvas
Initial Comment:
The attached .sif file crashes studio if I open it, maximise the canvas and
zoom in 4 or 5 times.
If I don't resize the window before zooming, it doesn't crash.
valgrind shows me this, which may well be related:
==589== Thread 2:
==589== Invalid read of size 4
==589== at 0x82B3EEA: synfig::Color::Color(synfig::Color const&)
(color.h:258)
==589== by 0x42E43F8: synfig::_BlendFunc::operator()(synfig::Color const&,
synfig::Color const&, float const&) const (surface.h:118)
==589== by 0x42E4490: etl::alpha_pen<etl::generic_pen<synfig::Color,
synfig::Color>, float, synfig::_BlendFunc>::put_value(synfig::Color const&,
float) const (_pen.h:356)
==589== by 0x4304475: etl::alpha_pen<etl::generic_pen<synfig::Color,
synfig::Color>, float, synfig::_BlendFunc>::put_value_alpha(float) const
(_pen.h:358)
==589== by 0x43044A3: etl::alpha_pen<etl::generic_pen<synfig::Color,
synfig::Color>, float, synfig::_BlendFunc>::put_hline(int, float const&)
(_pen.h:359)
==589== by 0x60D2B10: void etl::surface<synfig::Color, synfig::Color,
synfig::ColorPrep>::fill<synfig::Surface::alpha_pen>(synfig::Color,
synfig::Surface::alpha_pen&, int, int) (_surface.h:239)
==589== by 0x60CD5C7: Rectangle::accelerated_render(synfig::Context,
synfig::Surface*, int, synfig::RendDesc const&, synfig::ProgressCallback*)
const (rectangle.cpp:447)
==589== by 0x439E8BA: synfig::Context::accelerated_render(synfig::Surface*,
int, synfig::RendDesc const&, synfig::ProgressCallback*) const (context.cpp:248)
==589== by 0x42DDFCC:
synfig::Layer_PasteCanvas::accelerated_render(synfig::Context,
synfig::Surface*, int, synfig::RendDesc const&, synfig::ProgressCallback*)
const (layer_pastecanvas.cpp:367)
==589== by 0x439E8BA: synfig::Context::accelerated_render(synfig::Surface*,
int, synfig::RendDesc const&, synfig::ProgressCallback*) const (context.cpp:248)
==589== by 0x42DD93B:
synfig::Layer_PasteCanvas::accelerated_render(synfig::Context,
synfig::Surface*, int, synfig::RendDesc const&, synfig::ProgressCallback*)
const (layer_pastecanvas.cpp:313)
==589== by 0x439E8BA: synfig::Context::accelerated_render(synfig::Surface*,
int, synfig::RendDesc const&, synfig::ProgressCallback*) const (context.cpp:248)
==589== by 0x430D292: synfig::Target_Tile::render_frame_(synfig::Context,
synfig::ProgressCallback*) (target_tile.cpp:250)
==589== by 0x430DD77: synfig::Target_Tile::render(synfig::ProgressCallback*)
(target_tile.cpp:381)
==589== by 0x831E65F: studio::AsyncRenderer::render_target()
(asyncrenderer.cpp:460)
==589== by 0x8320A74: sigc::bound_mem_functor0<void,
studio::AsyncRenderer>::operator()() const (mem_fun.h:1787)
==589== by 0x8320A8B: sigc::adaptor_functor<sigc::bound_mem_functor0<void,
studio::AsyncRenderer> >::operator()() const (adaptor_trait.h:251)
==589== by 0x8320AF1:
sigc::internal::slot_call0<sigc::bound_mem_functor0<void,
studio::AsyncRenderer>, void>::call_it(sigc::internal::slot_rep*) (slot.h:103)
==589== by 0x4D1BAE7: (within /usr/lib/libglibmm-2.4.so.1.0.24)
==589== by 0x50746BE: (within /usr/lib/libglib-2.0.so.0.1200.6)
==589== by 0x45800BC: start_thread (in /lib/tls/libpthread-2.3.6.so)
==589== by 0x529E9ED: clone (in /lib/tls/libc-2.3.6.so)
==589== Address 0x7749FC8 is not stack'd, malloc'd or (recently) free'd
gdb also sometimes shows some weird colour values when it crashes:
(gdb) where
#0 0xb6d20947 in raise () from /lib/tls/libc.so.6
#1 0xb6d220c9 in abort () from /lib/tls/libc.so.6
#2 0xb6d1a05f in __assert_fail () from /lib/tls/libc.so.6
#3 0xb7d3d9bb in blendfunc_STRAIGHT ([EMAIL PROTECTED], [EMAIL PROTECTED],
amount=0.299951553) at color.cpp:268
#4 0xb7d3dac0 in blendfunc_ALPHA_OVER ([EMAIL PROTECTED], [EMAIL PROTECTED],
amount=0.299951553) at color.cpp:502
#5 0xb7d3d7a9 in synfig::Color::blend ([EMAIL PROTECTED], [EMAIL PROTECTED],
amount=0.299951553, type=synfig::Color::BLEND_ALPHA_OVER)
at color.cpp:579
#6 0xb7c653df in synfig::_BlendFunc::operator() (this=0xb5e9de14, [EMAIL
PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]) at surface.h:118
#7 0xb7c65441 in etl::alpha_pen<etl::generic_pen<synfig::Color,
synfig::Color>, float, synfig::_BlendFunc>::put_value (
this=0xb5e9dde8, [EMAIL PROTECTED], a=1) at
/usr/local/include/ETL/_pen.h:356
#8 0xb7c85426 in etl::alpha_pen<etl::generic_pen<synfig::Color,
synfig::Color>, float, synfig::_BlendFunc>::put_value_alpha (
this=0xb5e9dde8, a=1) at /usr/local/include/ETL/_pen.h:358
#9 0xb7c85454 in etl::alpha_pen<etl::generic_pen<synfig::Color,
synfig::Color>, float, synfig::_BlendFunc>::put_hline (
this=0xb5e9dde8, l=26, [EMAIL PROTECTED]) at
/usr/local/include/ETL/_pen.h:359
#10 0xb6884b11 in etl::surface<synfig::Color, synfig::Color,
synfig::ColorPrep>::fill<synfig::Surface::alpha_pen> (this=0xb5e9e730,
[EMAIL PROTECTED], [EMAIL PROTECTED], w=28, h=1) at
/usr/local/include/ETL/_surface.h:239
#11 0xb687f5c8 in Rectangle::accelerated_render (this=0x8c955a8, context=
{<std::_Deque_iterator<etl::handle<synfig::Layer>,const
etl::handle<synfig::Layer>&,const etl::handle<synfig::Layer>*>> = {_M_cur =
0x8e16800, _M_first = 0x8e16800, _M_last = 0x8e16a00, _M_node = 0x8d9dbfc}, <No
data fields>}, surface=0xb5e9e730, quality=10,
[EMAIL PROTECTED], cb=0xb5e9e788) at rectangle.cpp:447
#12 0xb7d1f86b in synfig::Context::accelerated_render (this=0xb5e9e90c,
surface=0xb5e9e730, quality=10, [EMAIL PROTECTED],
cb=0xb5e9e788) at context.cpp:248
#13 0xb7c5ef7d in synfig::Layer_PasteCanvas::accelerated_render
(this=0x8e16c10, context=
{<std::_Deque_iterator<etl::handle<synfig::Layer>,const
etl::handle<synfig::Layer>&,const etl::handle<synfig::Layer>*>> = {_M_cur =
0x8e153f4, _M_first = 0x8e153d0, _M_last = 0x8e155d0, _M_node = 0x8e18dd4}, <No
data fields>}, surface=0xb5e9f084, quality=10,
[EMAIL PROTECTED], cb=0xb5e9ec80) at layer_pastecanvas.cpp:367
#14 0xb7d1f86b in synfig::Context::accelerated_render (this=0xb5e9ee54,
surface=0xb5e9f084, quality=10, [EMAIL PROTECTED],
cb=0xb5e9ec80) at context.cpp:248
#15 0xb7c5e8ec in synfig::Layer_PasteCanvas::accelerated_render
(this=0x8e16458, context=
{<std::_Deque_iterator<etl::handle<synfig::Layer>,const
etl::handle<synfig::Layer>&,const etl::handle<synfig::Layer>*>> = {_M_cur =
0x8e153e8, _M_first = 0x8e153d0, _M_last = 0x8e155d0, _M_node = 0x8e18dd4}, <No
data fields>}, surface=0xb5e9f084, quality=10,
[EMAIL PROTECTED], cb=0xb5e9f05c) at layer_pastecanvas.cpp:313
#16 0xb7d1f86b in synfig::Context::accelerated_render (this=0xb5e9f1e4,
surface=0xb5e9f084, quality=10, [EMAIL PROTECTED],
cb=0xb5e9f05c) at context.cpp:248
#17 0xb7c8e243 in synfig::Target_Tile::render_frame_ (this=0xb6b5c008, context=
{<std::_Deque_iterator<etl::handle<synfig::Layer>,const
etl::handle<synfig::Layer>&,const etl::handle<synfig::Layer>*>> = {_M_cur =
0x8e16f7c, _M_first = 0x8e16d80, _M_last = 0x8e16f80, _M_node = 0x8e18dd0}, <No
data fields>}, cb=0x0) at target_tile.cpp:250
#18 0xb7c8ed28 in synfig::Target_Tile::render (this=0xb6b5c008, cb=0x0) at
target_tile.cpp:381
#19 0x0831e660 in studio::AsyncRenderer::render_target (this=0x8c960b0) at
asyncrenderer.cpp:460
#20 0x08320a75 in sigc::bound_mem_functor0<void,
studio::AsyncRenderer>::operator() (this=0x8e10ecc)
at /usr/include/sigc++-2.0/sigc++/functors/mem_fun.h:1787
#21 0x08320a8c in sigc::adaptor_functor<sigc::bound_mem_functor0<void,
studio::AsyncRenderer> >::operator() (this=0x8e10ec8)
at /usr/include/sigc++-2.0/sigc++/adaptors/adaptor_trait.h:251
#22 0x08320af2 in sigc::internal::slot_call0<sigc::bound_mem_functor0<void,
studio::AsyncRenderer>, void>::call_it (rep=0x8e10eb0)
at /usr/include/sigc++-2.0/sigc++/functors/slot.h:103
#23 0xb72e5ae8 in ?? () from /usr/lib/libglibmm-2.4.so.1
#24 0xb6f896bf in ?? () from /usr/lib/libglib-2.0.so.0
#25 0x089f6a00 in ?? ()
#26 0x08c9bdc8 in ?? ()
#27 0xb5e9f468 in ?? ()
#28 0xb7a73ae6 in __nptl_deallocate_tsd () from /lib/tls/libpthread.so.0
#29 0xb7a740bd in start_thread () from /lib/tls/libpthread.so.0
#30 0xb6dc39ee in clone () from /lib/tls/libc.so.6
(gdb) p src
No symbol "src" in current context.
(gdb) up
#1 0xb6d220c9 in abort () from /lib/tls/libc.so.6
(gdb)
#2 0xb6d1a05f in __assert_fail () from /lib/tls/libc.so.6
(gdb)
#3 0xb7d3d9bb in blendfunc_STRAIGHT ([EMAIL PROTECTED], [EMAIL PROTECTED],
amount=0.299951553) at color.cpp:268
268 assert(out.is_valid());
(gdb) p src
$1 = (synfig::Color &) @0xb5e9dafc: {a_ = 0, r_ = -5.30277541e-20, g_ =
9.63986447e+25, b_ = 1.22342433e+36, static hex_ = {
static npos = 4294967295,
_M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> =
{<No data fields>}, <No data fields>},
_M_p = 0x8da8154 "000000"}}}
(gdb) p bg
$2 = (synfig::Color &) @0xb5e9db5c: {a_ = 3.04313708e+35, r_ = -5.30277541e-20,
g_ = 9.63986447e+25, b_ = 1.22342433e+36,
static hex_ = {static npos = 4294967295,
_M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> =
{<No data fields>}, <No data fields>},
_M_p = 0x8da8154 "000000"}}}
(gdb) p amount
$3 = 0.299951553
(gdb) p out
$4 = (synfig::Color &) @0xb5e9dbbc: {a_ = 2.13034348e+35, r_ = -5.30277541e-20,
g_ = -nan(0x400000), b_ = -nan(0x400000),
static hex_ = {static npos = 4294967295,
_M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> =
{<No data fields>}, <No data fields>},
_M_p = 0x8da8154 "000000"}}}
(gdb) p src.get_a()
$5 = (const ColorReal &) @0xb5e9dafc: 0
(gdb) p src.get_r()
$6 = (const ColorReal &) @0xb5e9db00: -5.30277541e-20
----------------------------------------------------------------------
>Comment By: dooglus (dooglus)
Date: 2007-03-31 21:03
Message:
Logged In: YES
user_id=1546005
Originator: YES
The rectangle rendering code was drawing outside its tile.
r398 | dooglus | 2007-03-31 21:01:45 +0200 (Sat, 31 Mar 2007) | 2 lines
Changed paths:
M /synfig-core/trunk/src/modules/mod_geometry/rectangle.cpp
Fix 1689329: if the inverted rectangle we're rendering doesn't overlap the
tile we're rendering at all, don't attempt to draw its outlines. Doing so
can result in us drawing outside the tile's allocated memory.
----------------------------------------------------------------------
Comment By: dooglus (dooglus)
Date: 2007-03-28 15:12
Message:
Logged In: YES
user_id=1546005
Originator: YES
By adding some extra code to examine the Color objects earlier, I got
valgrind to show a little earlier where the bad memory is, and where it was
free()d:
Thread 2:
Invalid read of size 4
synfig::Color::my_check_range() const (color.h:125)
etl::generic_pen<synfig::Color, synfig::Color>::get_value() const
(_pen.h:219)
etl::alpha_pen<etl::generic_pen<synfig::Color, synfig::Color>, float,
synfig::_BlendFunc>::put_value(synfig::Color const&, float) const
(_pen.h:380)
etl::alpha_pen<etl::generic_pen<synfig::Color, synfig::Color>, float,
synfig::_BlendFunc>::put_value_alpha(float) const (_pen.h:374)
etl::alpha_pen<etl::generic_pen<synfig::Color, synfig::Color>, float,
synfig::_BlendFunc>::put_hline(int, float const&) (_pen.h:369)
void etl::surface<synfig::Color, synfig::Color,
synfig::ColorPrep>::fill<synfig::Surface::alpha_pen>(synfig::Color,
synfig::Surface::alpha_pen&, int, int) (_surface.h:239)
Rectangle::accelerated_render(synfig::Context, synfig::Surface*, int,
synfig::RendDesc const&, synfig::ProgressCallback*) const
(rectangle.cpp:445)
synfig::Context::accelerated_render(synfig::Surface*, int,
synfig::RendDesc const&, synfig::ProgressCallback*) const
(context.cpp:248)
synfig::Target_Tile::render_frame_(synfig::Context,
synfig::ProgressCallback*) (target_tile.cpp:250)
synfig::Target_Tile::render(synfig::ProgressCallback*)
(target_tile.cpp:381)
studio::AsyncRenderer::render_target() (asyncrenderer.cpp:462)
sigc::bound_mem_functor0<void, studio::AsyncRenderer>::operator()()
const (mem_fun.h:1787)
sigc::adaptor_functor<sigc::bound_mem_functor0<void,
studio::AsyncRenderer> >::operator()() const (adaptor_trait.h:251)
sigc::internal::slot_call0<sigc::bound_mem_functor0<void,
studio::AsyncRenderer>, void>::call_it(sigc::internal::slot_rep*)
(slot.h:103)
(within /usr/lib/libglibmm-2.4.so.1.0.24)
(within /usr/lib/libglib-2.0.so.0.1200.6)
start_thread (in /lib/tls/libpthread-2.3.6.so)
clone (in /lib/tls/libc-2.3.6.so)
Address 0x740FB40 is 720 bytes inside a block of size 5,096 free'd
free (vg_replace_malloc.c:233)
(within /usr/lib/libcairo.so.2.9.2)
_cairo_pixman_region_union (in /usr/lib/libcairo.so.2.9.2)
_cairo_pixman_region_union_rect (in /usr/lib/libcairo.so.2.9.2)
(within /usr/lib/libcairo.so.2.9.2)
(within /usr/lib/libcairo.so.2.9.2)
(within /usr/lib/libcairo.so.2.9.2)
(within /usr/lib/libcairo.so.2.9.2)
(within /usr/lib/libcairo.so.2.9.2)
cairo_fill_preserve (in /usr/lib/libcairo.so.2.9.2)
cairo_fill (in /usr/lib/libcairo.so.2.9.2)
(within /usr/lib/libgtk-x11-2.0.so.0.800.20)
Gtk::Ruler_Class::draw_ticks_vfunc_callback(_GtkRuler*) (in
/usr/lib/libgtkmm-2.4.so.1.0.29)
gtk_ruler_draw_ticks (in /usr/lib/libgtk-x11-2.0.so.0.800.20)
(within /usr/lib/libgtk-x11-2.0.so.0.800.20)
Gtk::Widget_Class::expose_event_callback(_GtkWidget*, _GdkEventExpose*)
(in /usr/lib/libgtkmm-2.4.so.1.0.29)
_gtk_marshal_BOOLEAN__BOXED (in /usr/lib/libgtk-x11-2.0.so.0.800.20)
(within /usr/lib/libgobject-2.0.so.0.1200.6)
g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1200.6)
(within /usr/lib/libgobject-2.0.so.0.1200.6)
g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1200.6)
g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.6)
(within /usr/lib/libgtk-x11-2.0.so.0.800.20)
gtk_main_do_event (in /usr/lib/libgtk-x11-2.0.so.0.800.20)
(within /usr/lib/libgdk-x11-2.0.so.0.800.20)
gdk_window_process_all_updates (in /usr/lib/libgdk-x11-2.0.so.0.800.20)
(within /usr/lib/libgdk-x11-2.0.so.0.800.20)
(within /usr/lib/libglib-2.0.so.0.1200.6)
g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1200.6)
(within /usr/lib/libglib-2.0.so.0.1200.6)
g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1200.6)
gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.800.20)
----------------------------------------------------------------------
Comment By: dooglus (dooglus)
Date: 2007-03-27 23:47
Message:
Logged In: YES
user_id=1546005
Originator: YES
Backing out r354 and r356 doesn't fix this crash. I suspect that whatever
caused r354 to crash is also causing this bug.
----------------------------------------------------------------------
Comment By: dooglus (dooglus)
Date: 2007-03-27 23:26
Message:
Logged In: YES
user_id=1546005
Originator: YES
svn r354 introduced a crash which r356 worked around. I didn't understand
why it was crashing, and still don't, but maybe this is related to that?
----------------------------------------------------------------------
Comment By: dooglus (dooglus)
Date: 2007-03-27 21:38
Message:
Logged In: YES
user_id=1546005
Originator: YES
It also crashes with <param name="blend_method"><integer
value="16"/></param>
BLEND_SCREEN=16, //!< \writeme
isn't deprecated.
----------------------------------------------------------------------
Comment By: dooglus (dooglus)
Date: 2007-03-27 21:34
Message:
Logged In: YES
user_id=1546005
Originator: YES
I didn't have any success trying to debug this, so I tried cutting the
example .sif down to a smaller example that still crashes.
Here it is:
<?xml version="1.0"?>
<canvas>
<layer type="rectangle">
<param name="blend_method"><integer value="19"/></param>
<param name="point1"><vector><x>-1</x><y>-2</y></vector></param>
<param name="point2"><vector><x>2</x><y>1</y></vector></param>
<param name="invert"><bool value="true"/></param>
</layer>
</canvas>
color.h says:
//! Deprecated
BLEND_ALPHA_OVER=19,//!< multiply alphas and then straight
blends that
using the amount
it seems that this crash is dependent on using the deprecated 'alpha over'
blend method.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=757416&aid=1689329&group_id=144022
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Synfig-devl mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/synfig-devl
