Bug#1110085: GIMP crashes when trying to change outline color if fill and outline option is selected
Bernhard Übelacker
bernhardu at mailbox.org
Tue Sep 23 21:12:59 BST 2025
On Tue, 29 Jul 2025 12:54:00 -0300 Breno <breno05martins at gmail.com> wrote:> Package: gimp
> Version: 3.0.4
>
> What I did:
>
> 1 - Selected text tool
> 2 - Changed style to outline and fill
> 3 - Tried to change the solid color of the outline
> /lib/x86_64-linux-gnu/libc.so.6(__libc_free+0x19c) [0x7f6f849723dc]
> /usr/bin/gimp-3.0(+0x39898c) [0x5612d904c98c]
> /lib/x86_64-linux-gnu/libgimpwidgets-3.0.so.0(+0x2c2ab) [0x7f6f8602c2ab]
> /lib/x86_64-linux-gnu/libgimpwidgets-3.0.so.0(gimp_color_selection_set_config+0x69) [0x7f6f860326b9]
> /usr/bin/gimp-3.0(gimp_color_dialog_new+0x350) [0x5612d90c06b0]
> /usr/bin/gimp-3.0(+0x398027) [0x5612d904c027]
> /lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x17b81) [0x7f6f85fb4b81]
Hello,
this crash seems to have similarities to this upstream bug report:
https://gitlab.gnome.org/GNOME/gimp/-/issues/14047
At least at the top the calls to gimp_color_dialog_new and
gimp_color_selection_set_config are visible.
Except here we "abort" below a call to "free".
Upstream seems to have solved issue 14047 with this commit:
https://gitlab.gnome.org/GNOME/gimp/-/commit/1685c86af5d6253151d0056a9677ba469ea10164
These bugs seems to contain similar backtraces as this report, #1110085:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112555
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110107
This is the line of the "free" which fails in Debian's gimp:
https://sources.debian.org/src/gimp/3.0.4-3/app/widgets/gimpcolorselectorpalette.c#L109
The issue is quite easy to reproduce,
below is the top of a backtrace with a minimal Debian Trixie,
showing the palette pointer passed
into "gimp_color_selector_palette_palette_changed"
being a NULL pointer.
Kind regards,
Bernhard
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0) at ./nptl/pthread_kill.c:44
#1 0x00007f685ea329ff in __pthread_kill_internal (threadid=<optimized out>, signo=6) at ./nptl/pthread_kill.c:89
#2 0x00007f685e9ddcc2 in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007f685e9c64ac in __GI_abort () at ./stdlib/abort.c:73
#4 0x00007f685e9c7291 in __libc_message_impl (fmt=fmt at entry=0x7f685eb4932d "%s\n") at ../sysdeps/posix/libc_fatal.c:134
#5 0x00007f685ea3c465 in malloc_printerr (str=str at entry=0x7f685eb47100 "free(): invalid pointer") at ./malloc/malloc.c:5829
#6 0x00007f685ea413dc in _int_free_check (av=0x7f685eb85ac0 <main_arena>, p=0x5636f67da400, size=<optimized out>) at ./malloc/malloc.c:4560
#7 _int_free (av=0x7f685eb85ac0 <main_arena>, p=0x5636f67da400, have_lock=0) at ./malloc/malloc.c:4692
#8 __GI___libc_free (mem=0x5636f67da410) at ./malloc/malloc.c:3476
#9 0x00005636c3d6898c in gimp_color_selector_palette_palette_changed (context=<optimized out>, palette=0x0, select=0x5636f6e21c80) at ../app/widgets/gimpcolorselectorpalette.c:109
#10 gimp_color_selector_palette_set_config (selector=0x5636f6e21c80, config=<optimized out>) at ../app/widgets/gimpcolorselectorpalette.c:185
#11 0x00007f686022c2ab in ?? () from /lib/x86_64-linux-gnu/libgimpwidgets-3.0.so.0
#12 0x00007f68602326b9 in gimp_color_selection_set_config () from /lib/x86_64-linux-gnu/libgimpwidgets-3.0.so.0
#13 0x00005636c3ddc6b0 in gimp_color_dialog_new (viewable=viewable at entry=0x0, context=0x5636f6ace720, user_context_aware=<optimized out>, title=<optimized out>, icon_name=icon_name at entry=0x0, desc=desc at entry=0x0, parent=0x5636f67da410, dialog_factory=0x0, dialog_identifier=0x0, color=0x5636f7102a40, wants_updates=0, show_alpha=1) at ../app/widgets/gimpcolordialog.c:526
#14 0x00005636c3d68027 in gimp_color_panel_clicked (button=0x5636f67da410) at ../app/widgets/gimpcolorpanel.c:186
...
More information about the pkg-gnome-maintainers
mailing list