[Pkg-sugar-devel] Bug#892016: scratch: segfault in lookupMethodInClass upon trying to load an image from the webcam

Sat Sep 22 12:02:23 BST 2018

Hi All

On Sat, 22 Sep 2018 09:40:35 +0300 Adrian Bunk <bunk at debian.org> wrote:
> Control: clone -1 -2
> Control: reassign -1 squeak-vm
> Control: reassign -2 squeak-plugins-scratch
> 
> On Sun, Aug 05, 2018 at 07:33:58PM +0200, Bernhard Übelacker wrote:
> > Hello Wouter,
> > thanks for this additional information.
> > 
> > I could reproduce the issue with a usb webcam inside a buster amd64 VM.
> > Unfortunately this camera button was with the german translation not
> > visible with the small resolution of that VM.
> > 
> > It took a little time to get into the smalltalk side of things.
> > But I think I have found a problem - on the c side of the plugins.
> > 
> > 
> > 
> > (gdb) bt
> > #0  0x00007fffafa33c82 in convertImageRGB24toARGB32 (cam=0x7fffafa37180 <camInfo>) at ./unix/plugins/CameraPlugin/sqCamera-linux.c:333
> > #1  0x00007fffafa33f2a in convertImage (cam=0x7fffafa37180 <camInfo>) at ./unix/plugins/CameraPlugin/sqCamera-linux.c:412
> > #2  0x00007fffafa34d10 in CameraGetFrame (camNum=1, buf=0x7fffb2b9fcb4 "", pixelCount=76800) at ./unix/plugins/CameraPlugin/sqCamera-linux.c:836
> > #3  0x00007fffafa3352c in primGetFrame () at ./unix/src/plugins/CameraPlugin/CameraPlugin.c:160
> > #4  0x0000555555578ca4 in dispatchFunctionPointer (aFunctionPointer=0x7fffafa33461 <primGetFrame>) at ./build-tree/gnu-interp.c:3809
> > #5  0x00005555555769f8 in callExternalPrimitive (functionID=0x7fffafa33461 <primGetFrame>) at ./build-tree/gnu-interp.c:2512
> > #6  0x000055555558fc92 in primitiveExternalCall () at ./build-tree/gnu-interp.c:17732
> > #7  0x0000555555578ca4 in dispatchFunctionPointer (aFunctionPointer=0x55555558faf0 <primitiveExternalCall>) at ./build-tree/gnu-interp.c:3809
> > #8  0x000055555558227a in interpret () at ./build-tree/gnu-interp.c:9339
> > #9  0x00005555555a7cef in main (argc=8, argv=0x7fffffffe2a8, envp=0x7fffffffe2f0) at ./unix/vm/sqUnixMain.c:1458
> > 
> > (gdb) list convertImageRGB24toARGB32
> > 319     static void
> > 320     convertImageRGB24toARGB32 (camPtr cam)
> > 321     {
> > 322             unsigned char     *src = cam->inBuffer;
> > 323             unsigned long int *dst = cam->sqBuffer;           <-- sizeof(*dst) == 8, should be 4 ?
> > 324             unsigned long int pixelCount = cam->sqPixels;
> > 325             unsigned long int pixel;
> > 326             int i;
> > 327
> > 328             if (0 == dst) return;
> > 329
> > 330             for ( i = 0; i < pixelCount; i++) {
> > 331                     pixel = 0xFF000000 | (*src++ << 16);
> > 332                     pixel = pixel | (*src++ << 8);
> > 333                     *dst++  = pixel | *src++;
> > 334             }
> > 335     }
> > 
> > 
> > 
> > Here the buffer allocated in the squeak-vm is given to primGetFrame
> > and gets finally the image written to in convertImageRGB24toARGB32.
> > Unfortunately these conversion functions use "unsigned long int *dst",
> > with a long int having a size of 8 bytes at amd64, while we got
> > just 4 bytes per pixel reserved from squeak-vm, therefore
> > overrunning our reserved buffer.
> > 
> > 
> > When just installing the packages the plugin so.CameraPlugin gets
> > used from the package squeak-plugins-scratch.

I fixed that in the Camera Plugin last year and it is used in the current, OpenSmalltalk-VM/Cog-based Squeak as such:

https://github.com/OpenSmalltalk/opensmalltalk-vm/commit/203de239312943d2d8be86ecec306a6f9971f49e

I think this diff is independent of OpenSmalltalk VM and should work with the interpreter-based sources of Squeak VM 4.10 as used with this package and Scratch. 

Hope this helps.

Best regards
	-Tobias