Bug 607406

Summary:

[abrt] crash in gimp-2:2.6.8-6.fc13: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)

Product:

[Fedora] Fedora

Reporter:

Airbete <airfullbete>

Component:

qtcurve-gtk2

Assignee:

Thomas Janssen <thomasj>

Status:

CLOSED ERRATA

QA Contact:

Fedora Extras Quality Assurance <extras-qa>

Severity:

medium

Docs Contact:

Priority:

low

Version:

CC:

hein, nphilipp, rdieter, thomasj

Target Milestone:

---

Target Release:

---

Hardware:

x86_64

OS:

Linux

Whiteboard:

abrt_hash:68c0845b81f820e2454c9c5fa677ed96792f5dc4

Fixed In Version:

qtcurve-gtk2-1.8.1-1.fc14

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2010-12-15 09:00:50 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
File: backtrace	none

Description Airbete 2010-06-24 02:43:15 UTC

abrt 1.1.1 detected a crash.

architecture: x86_64
Attached file: backtrace
cmdline: /usr/bin/gimp
component: gimp
crash_function: gimp_cell_renderer_viewable_clicked
executable: /usr/bin/gimp-2.6
global_uuid: 68c0845b81f820e2454c9c5fa677ed96792f5dc4
kernel: 2.6.33.5-124.fc13.x86_64
package: gimp-2:2.6.8-6.fc13
rating: 4
reason: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)

comment
-----
gimp crashed while at the moment i alt-clicked on the mask of a layer in the layers dialog.
I don't know how to reproduce.

How to reproduce
-----
1. 
2.
3.

Comment 1 Airbete 2010-06-24 02:43:17 UTC

Created attachment 426442 [details]
File: backtrace

Comment 2 Nils Philippsen 2010-06-24 15:32:20 UTC

I see that you are using the QtCurve gtk engine/theme. Meanwhile I've filed an update with the new upstream GIMP version 2.6.9. Please try reproducing your problem with this updated version using both your current and alternatively the default "Clearlooks" theme/gtk engine. The updated gimp packages should hit updates-testing shortly, meanwhile you can grab them here:

https://admin.fedoraproject.org/updates/gimp-2.6.9-1.fc13,xsane-0.997-5.fc13,gegl-0.1.2-3.fc13,babl-0.1.2-4.fc13

Please report back if you can reproduce the problem with either engine.

Comment 3 Airbete 2010-06-29 18:40:51 UTC

I have been able to reproduce the crash with gimp-2.6.9-3.fc13.x86_64 (and my current theme QtCurve).
At some point in my editing flow, alt-clicking on a layer mask makes gimp crash. However i don't know an exact sequence that leads to the crash. I haven't tried with Clearlooks yet.

AB.

Comment 4 Airbete 2010-06-29 18:47:02 UTC

> However i don't know an exact sequence that leads to the crash.

In fact, if i am lucky enough to save my work (.xcf) just before a alt-click crashes gimp, when i reopen the file with a newly started gimp session, alt-click does work correctly. So gimp must somehow get in a wrong state at some earlier point in my workflow.

AB.

Comment 5 Nils Philippsen 2010-06-30 16:13:21 UTC

(In reply to comment #4)
> > However i don't know an exact sequence that leads to the crash.
> 
> In fact, if i am lucky enough to save my work (.xcf) just before a alt-click
> crashes gimp, when i reopen the file with a newly started gimp session,
> alt-click does work correctly. So gimp must somehow get in a wrong state at
> some earlier point in my workflow.

I still suspect the QtCurve theme engine to be the culprit here. Have you tried this with the "safe" Clearlooks theme at all?

Comment 6 Airbete 2010-06-30 20:10:52 UTC

(In reply to comment #5)
> 
> I still suspect the QtCurve theme engine to be the culprit here. Have you tried
> this with the "safe" Clearlooks theme at all?    

I have worked under Clearlooks for a couple of hours now and i haven't been able to crash gimp.

Comment 7 Nils Philippsen 2010-07-01 08:35:57 UTC

Changing component accordingly.

Comment 8 Thomas Janssen 2010-07-01 09:34:25 UTC

I can't see what QtCurve could do to crash gimp while alt-clicking on a mask of a layer in the layerdialog.

I need steps to reproduce it here and the output of: rpm -qa | grep qtcurve

Comment 9 Airbete 2010-07-01 14:32:17 UTC

(In reply to comment #8)
> I can't see what QtCurve could do to crash gimp while alt-clicking on a mask of
> a layer in the layerdialog.
> 
> I need steps to reproduce it here and the output of: rpm -qa | grep qtcurve    

Unfortunately, i don't have a step sequence to reproduce the bug. Gimp crashes only when i've been working for a while on an image. If i ever find a sequence, i'll post it for sure.

# rpm -qa | grep qtcurve
qtcurve-gtk2-1.4.1-1.fc13.x86_64
qtcurve-kde4-1.4.3-1.fc13.x86_64
qtcurve-gtk2-1.4.1-1.fc13.i686
qtcurve-kde4-1.4.3-1.fc13.i686

Comment 10 Nils Philippsen 2010-07-01 15:54:21 UTC

(In reply to comment #8)
> I can't see what QtCurve could do to crash gimp while alt-clicking on a mask of
> a layer in the layerdialog.

The crash happens in the callback function gimp_cell_renderer_viewable_clicked(), here:

...
      if (bevent->type == GDK_BUTTON_PRESS &&
          (bevent->button == 1 || bevent->button == 2))
        {
===>      gimp_view_popup_show (gtk_get_event_widget (event),
                                bevent,
                                cell->renderer->context,
                                cell->renderer->viewable,
                                cell->renderer->width,
                                cell->renderer->height,
                                cell->renderer->dot_for_dot);    <====
        }
...

I'm not very good reading assembler, but my take on the disassembled code in the attached backtrace is that it crashes while dereferencing/accessing cell->renderer->dot_for_dot. Most likely the cell->renderer pointer is invalid which can sensibly only happen after the cell object is finalized (when being deleted), as the renderer member only ever gets set right when the object is created or deleted, never in between.

My wild-assed guess is that using the qtcurve gtk2 engine somehow makes gtk call the gimp_cell_renderer_viewable_clicked() callback _after_ the cell object is unreferenced and (at least partially) garbage-collected. But that's only a shot in the dark.

Comment 11 Thomas Janssen 2010-08-08 19:25:16 UTC

(In reply to comment #9)
> (In reply to comment #8)
> > I can't see what QtCurve could do to crash gimp while alt-clicking on a mask of
> > a layer in the layerdialog.
> > 
> > I need steps to reproduce it here and the output of: rpm -qa | grep qtcurve    
> 
> Unfortunately, i don't have a step sequence to reproduce the bug. Gimp crashes
> only when i've been working for a while on an image. If i ever find a sequence,
> i'll post it for sure.
> 
> # rpm -qa | grep qtcurve
> qtcurve-gtk2-1.4.1-1.fc13.x86_64
> qtcurve-kde4-1.4.3-1.fc13.x86_64
> qtcurve-gtk2-1.4.1-1.fc13.i686
> qtcurve-kde4-1.4.3-1.fc13.i686    

Is there a reason why you have both arch installed? x86_64 and i686? Does it as well crash when you only have the ones from your base arch installed?

I know meanwhile that gimp can crash if gtk_widget_get_allocation(widget, &alloc)
is used, instead of
alloc=widget->allocation;

But that's not the case here.

Comment 12 Thomas Janssen 2010-08-08 19:26:48 UTC

(In reply to comment #10)
> (In reply to comment #8)
> > I can't see what QtCurve could do to crash gimp while alt-clicking on a mask of
> > a layer in the layerdialog.
> 
> The crash happens in the callback function
> gimp_cell_renderer_viewable_clicked(), here:
> 
> ...
>       if (bevent->type == GDK_BUTTON_PRESS &&
>           (bevent->button == 1 || bevent->button == 2))
>         {
> ===>      gimp_view_popup_show (gtk_get_event_widget (event),
>                                 bevent,
>                                 cell->renderer->context,
>                                 cell->renderer->viewable,
>                                 cell->renderer->width,
>                                 cell->renderer->height,
>                                 cell->renderer->dot_for_dot);    <====
>         }
> ...
> 
> I'm not very good reading assembler, but my take on the disassembled code in
> the attached backtrace is that it crashes while dereferencing/accessing
> cell->renderer->dot_for_dot. Most likely the cell->renderer pointer is invalid
> which can sensibly only happen after the cell object is finalized (when being
> deleted), as the renderer member only ever gets set right when the object is
> created or deleted, never in between.
> 
> My wild-assed guess is that using the qtcurve gtk2 engine somehow makes gtk
> call the gimp_cell_renderer_viewable_clicked() callback _after_ the cell object
> is unreferenced and (at least partially) garbage-collected. But that's only a
> shot in the dark.    

Sounds like an interesting shot in the dark :) I'm working with upstream on that one. Thanks.

Comment 13 Thomas Janssen 2010-09-14 16:45:13 UTC

Hey Airbete, could you test it with the latest 1.6.0 in updates-testing. Not sure it's really fixed, but hope so :)

Thanks

Comment 14 Fedora Update System 2010-12-06 10:39:47 UTC

qtcurve-gtk2-1.8.1-1.fc14,qtcurve-kde4-1.8.1-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/qtcurve-gtk2-1.8.1-1.fc14,qtcurve-kde4-1.8.1-1.fc14

Comment 15 Fedora Update System 2010-12-06 19:58:00 UTC

qtcurve-gtk2-1.8.1-1.fc14, qtcurve-kde4-1.8.1-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update qtcurve-gtk2 qtcurve-kde4'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/qtcurve-gtk2-1.8.1-1.fc14,qtcurve-kde4-1.8.1-1.fc14

Comment 16 Fedora Update System 2010-12-15 09:00:20 UTC

qtcurve-gtk2-1.8.1-1.fc14, qtcurve-kde4-1.8.1-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.