Bug#929113: gimp crashed while editing

Bernhard Übelacker bernhardu at mailbox.org
Thu May 30 01:54:25 BST 2019 

Dear Maintainer,
I just tried to have a look at this
backtrace by the submitter:

    Thread 1 (Thread 0x7f81021b1e00 (LWP 3464)):
    ...
    #6  0x7f810411f 730 in <signal handler called> () at libpthread.so.0
    #7  0x56302b0c9 97f in  ()
    #8  0x56302b0c9 c28 in  ()
    #9  0x7f8104303 dd8 in g_main_context_dispatch () at libglib-2.0.so.0
    #10 0x7f8104304 1c8 in  () at libglib-2.0.so.0
    #11 0x7f8104304 4c2 in g_main_loop_run () at libglib-2.0.so.0
    #12 0x56302ad56 cb7 in app_run ()
    #13 0x56302ad56 5b5 in main ()

I think that translates to these symbols:

    #0  0x555555997 97f in gimp_projection_chunk_render_iteration () at gimpprojection.c:1416
    #1  0x555555997 c28 in gimp_projection_chunk_render_callback () at gimpprojection.c:857
    #2  0x7ffff6eb1 dd8 in g_main_dispatch () at ../../../glib/gmain.c:3182
    #3  0x7ffff6eb1 dd8 in g_main_context_dispatch () at ../../../glib/gmain.c:3847
    #4  0x7ffff6eb2 1c8 in g_main_context_iterate () at ../../../glib/gmain.c:3920
    #5  0x7ffff6eb2 4c2 in g_main_loop_run () at ../../../glib/gmain.c:4116
    #6  0x555555624 cb7 in app_run () at app.c:440
    #7  0x555555624 5b5 in main () at main.c:524

Unfortuantely at this offset 97f is just a idiv instruction.
Without having the registers values I could
not make a clue out of it.

    (gdb) disassemble 0x55555599797f-0x10,0x55555599797f+0x8
    Dump of assembler code from 0x55555599796f to 0x555555997987:
       0x555555997 96f <gimp_projection_chunk_render_iteration+367>:     cmp    %r13d,%eax
       0x555555997 972 <gimp_projection_chunk_render_iteration+370>:     mov    %eax,%r12d
       0x555555997 975 <gimp_projection_chunk_render_iteration+373>:     mov    0x4c(%rbx),%eax
       0x555555997 978 <gimp_projection_chunk_render_iteration+376>:     cmovg  %r13d,%r12d
       0x555555997 97c <gimp_projection_chunk_render_iteration+380>:     xor    %edi,%edi
       0x555555997 97e <gimp_projection_chunk_render_iteration+382>:     cltd   
    => 0x555555997 97f <gimp_projection_chunk_render_iteration+383>:     idiv   %r12d
       0x555555997 982 <gimp_projection_chunk_render_iteration+386>:     cvtsi2sd %eax,%xmm0
       0x555555997 986 <gimp_projection_chunk_render_iteration+390>:     callq  0x555555997500 <gimp_projection_round_chunk_size>
    End of assembler dump.


Unfortunately gimp seems to call gdb but does just
retrieve backtraces but not registers.

Maybe in libgimpbase/gimputils.c a line
like following could do that:

       gchar *args[9] = { "gdb", "-batch",
+                         "-ex", "info reg",
                          "-ex", "info threads",
                          "-ex", "thread apply all backtrace full",


Register $r12d might have been 0, in that case
gimp would throw a similar exception.

Also I could not find a matching upstream bug report.

Kind regards,
Bernhard
-------------- next part --------------

# Debian Buster amd64 qemu VM


apt update
apt dist-upgrade


apt install systemd-coredump xserver-xorg dbus-x11 lightdm openbox gdb mc gimp gimp-dbgsym libglib2.0-0-dbgsym
apt build-dep gimp



mkdir /home/benutzer/source/gimp/orig -p
cd    /home/benutzer/source/gimp/orig
apt source gimp
cd



export DISPLAY=:0

gdb -q --args gimp

set width 0
set pagination off
run

ctrl+c

generate-core-file ~/gimp.core



gdb -q /usr/bin/gimp --core  gimp.core

set width 0
set pagination off
directory /home/benutzer/source/gimp/orig/gimp-2.10.8/app/core
b *0x00005555556245b0
b *0x0000555555624cb2
b *0x00007ffff6eb64bd
b *0x00007ffff6eb61c3
b *0x00007ffff6eb5dd5
b *0x0000555555997c23
b *0x000055555599797f

###########

# From submitter:
Thread 1 (Thread 0x7f81021b1e00 (LWP 3464)):
#0  0x7f810411e 544 in __libc_read (nbytes=256, buf=0x7ffe67e0a850, fd=14) at ../sysdeps/unix/sysv/linux/read.c:26
#1  0x7f810411e 544 in __libc_read (fd=14, buf=0x7ffe67e0a850, nbytes=256) at ../sysdeps/unix/sysv/linux/read.c:24
#2  0x7f8104e17 d34 in gimp_stack_trace_print () at libgimpbase-2.0.so.0
#3  0x56302ad57 4a0 in  ()
#4  0x56302ad57 8d8 in  ()
#5  0x56302ad58 037 in  ()
#6  0x7f810411f 730 in <signal handler called> () at libpthread.so.0
#7  0x56302b0c9 97f in  ()
#8  0x56302b0c9 c28 in  ()
#9  0x7f8104303 dd8 in g_main_context_dispatch () at libglib-2.0.so.0
#10 0x7f8104304 1c8 in  () at libglib-2.0.so.0
#11 0x7f8104304 4c2 in g_main_loop_run () at libglib-2.0.so.0
#12 0x56302ad56 cb7 in app_run ()
#13 0x56302ad56 5b5 in main ()


   0x000055555599797f <+383>:   idiv   %r12d
Breakpoint 7 at 0x55555599797f: file gimpprojection.c, line 1416.

   0x0000555555997 c23 <gimp_projection_chunk_render_callback+83>:       callq  0x555555997800 <gimp_projection_chunk_render_iteration>
   0x0000555555997 c28 <gimp_projection_chunk_render_callback+88>:       test   %eax,%eax
Breakpoint 6 at 0x555555997c23: file gimpprojection.c, line 857.


   0x00007ffff6eb5 dd5 <+341>:   callq  *%r15
   0x00007ffff6eb5 dd8 <+344>:   mov    0x10(%rsp),%rcx
Breakpoint 5 at 0x7ffff6eb5dd5: file ../../../glib/gmain.c, line 3182.


   0x00007ffff6eb6 1c3 <+515>:   callq  0x7ffff6eb5c80 <g_main_context_dispatch>
   0x00007ffff6eb6 1c8 <+520>:   jmpq   0x7ffff6eb60ee <g_main_context_iterate+302>
Breakpoint 4 at 0x7ffff6eb61c3: file ../../../glib/gmain.c, line 3920.


   0x00007ffff6eb6 4bd <+173>:   callq  0x7ffff6eb5fc0 <g_main_context_iterate>
   0x00007ffff6eb6 4c2 <+178>:   mov    0x8(%rbx),%eax
Breakpoint 3 at 0x7ffff6eb64bd: file ../../../glib/gmain.c, line 4116.


   0x0000555555624 cb2 <+850>:   callq  0x5555556207e0 <g_main_loop_run at plt>
   0x0000555555624 cb7 <+855>:   mov    %rbx,%rdi
Breakpoint 2 at 0x555555624cb2: file app.c, line 440.


   0x0000555555624 5b0 <+912>:   callq  0x555555624960 <app_run>
   0x0000555555624 5b5 <+917>:   mov    0xa0(%rsp),%rdi
Breakpoint 1 at 0x5555556245b0: file main.c, line 524.

------

  0x56302b0c9c28 in ???
- 0x56302ad565b5 in main
= 0x373673 offset

-> 0x00005555556245b5 + 0x373673 = 0x555555997C28      ->      disassemble 0x555555997C28-0x20,0x555555997C28+0x20   -->  gimp_projection_chunk_render_callback+88


------

(gdb) list gimpprojection.c:1416
1412
1413    static gint
1414    gimp_projection_round_chunk_width (gdouble width)
1415    {
1416      gint w = gimp_projection_round_chunk_size (width, FALSE);
1417
1418      return CLAMP (w, GIMP_PROJECTION_CHUNK_MIN_WIDTH,
1419                       GIMP_PROJECTION_CHUNK_MAX_WIDTH);
1420    }

(gdb) list gimpprojection.c:1379,1412
1379
1380    static gint
1381    gimp_projection_round_chunk_size (gdouble  size,
1382                                      gboolean toward_zero)
1383    {
1384      /* round 'size' (up or down, depending on 'toward_zero') to the closest power
1385       * of 2
1386       */
1387
1388      if (size < 0.0)
1389        {
1390          return -gimp_projection_round_chunk_size (-size, toward_zero);
1391        }
1392      else if (size == 0.0)
1393        {
1394          return 0;
1395        }
1396      else if (size < 1.0)
1397        {
1398          return toward_zero ? 0 : 1;
1399        }
1400      else
1401        {
1402          gdouble log2_size = log (size) / G_LN2;
1403
1404          if (toward_zero)
1405            log2_size = floor (log2_size);
1406          else
1407            log2_size = ceil  (log2_size);
1408
1409          return 1 << (gint) log2_size;
1410        }
1411    }


-------


#0  0x555555997 97f in gimp_projection_chunk_render_iteration () at gimpprojection.c:1416
#1  0x555555997 c28 in gimp_projection_chunk_render_callback () at gimpprojection.c:857
#2  0x7ffff6eb1 dd8 in g_main_dispatch () at ../../../glib/gmain.c:3182
#3  0x7ffff6eb1 dd8 in g_main_context_dispatch () at ../../../glib/gmain.c:3847
#4  0x7ffff6eb2 1c8 in g_main_context_iterate () at ../../../glib/gmain.c:3920
#5  0x7ffff6eb2 4c2 in g_main_loop_run () at ../../../glib/gmain.c:4116
#6  0x555555624 cb7 in app_run () at app.c:440
#7  0x555555624 5b5 in main () at main.c:524



(gdb) disassemble 0x55555599797f-0x10,0x55555599797f+0x8
Dump of assembler code from 0x55555599796f to 0x555555997987:
   0x000055555599796f <gimp_projection_chunk_render_iteration+367>:     cmp    %r13d,%eax
   0x0000555555997972 <gimp_projection_chunk_render_iteration+370>:     mov    %eax,%r12d
   0x0000555555997975 <gimp_projection_chunk_render_iteration+373>:     mov    0x4c(%rbx),%eax
   0x0000555555997978 <gimp_projection_chunk_render_iteration+376>:     cmovg  %r13d,%r12d
   0x000055555599797c <gimp_projection_chunk_render_iteration+380>:     xor    %edi,%edi
   0x000055555599797e <gimp_projection_chunk_render_iteration+382>:     cltd   
=> 0x000055555599797f <gimp_projection_chunk_render_iteration+383>:     idiv   %r12d
   0x0000555555997982 <gimp_projection_chunk_render_iteration+386>:     cvtsi2sd %eax,%xmm0
   0x0000555555997986 <gimp_projection_chunk_render_iteration+390>:     callq  0x555555997500 <gimp_projection_round_chunk_size>
End of assembler dump.

More information about the pkg-gnome-maintainers mailing list