Project

General

Profile

Bug #11503

crashing on mouseover

Added by David Schaefer 10 months ago. Updated 10 months ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
-
Target version:
-
Start date:
02/09/2017
Due date:
% Done:

0%

Affected Version:
git master branch
System:
Ubuntu
bitness:
64-bit
hardware architecture:
amd64/x86

Description

david@Tower ~/w/mydarktable.git> env LC_ALL=C ~/unstable/darktable/bin/darktable

(darktable:15039): IBUS-WARNING **: Unable to connect to ibus: Could not connect: Connection refused

(darktable:15039): Gtk-WARNING **: Allocating size to GtkDialog 0x6290002ae320 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate? =================================================================
15039ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f706a579e26 at pc 0x7f70b0da2d5f bp 0x7f7095e08f50 sp 0x7f7095e086f8
READ of size 537036936 at 0x7f706a579e26 thread T9
#0 0x7f70b0da2d5e (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x5ed5e)
#1 0x7f70acf721aa in gp_file_copy (/usr/lib/x86_64-linux-gnu/libgphoto2.so.6+0x121aa)
#2 0x7f70acf74c3f (/usr/lib/x86_64-linux-gnu/libgphoto2.so.6+0x14c3f)
#3 0x7f70acf76ec6 in gp_filesystem_get_file (/usr/lib/x86_64-linux-gnu/libgphoto2.so.6+0x16ec6)
#4 0x7f70acf6d898 in gp_camera_file_get (/usr/lib/x86_64-linux-gnu/libgphoto2.so.6+0xd898)
#5 0x7f70b092c5e7 in _camctl_recursive_get_previews /home/david/workspace/darktable.git/src/common/camera_control.c:980
#6 0x7f70b092c7fe in _camctl_recursive_get_previews /home/david/workspace/darktable.git/src/common/camera_control.c:1049
#7 0x7f70b092cd76 in dt_camctl_get_previews /home/david/workspace/darktable.git/src/common/camera_control.c:1069
#8 0x7f70b092efee in dt_camera_get_previews_job_run /home/david/workspace/darktable.git/src/control/jobs/camera_jobs.c:227
#9 0x7f70b07bb9b8 in dt_control_job_execute /home/david/workspace/darktable.git/src/control/jobs.c:298
#10 0x7f70b07bcd2f in dt_control_run_job /home/david/workspace/darktable.git/src/control/jobs.c:317
#11 0x7f70b07bcd2f in dt_control_work /home/david/workspace/darktable.git/src/control/jobs.c:555
#12 0x7f70b03c96c9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76c9)
#13 0x7f70b01030ae in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x1080ae)

0x7f706a579e26 is located 58 bytes to the left of global variable '*.LC3' defined in '/home/david/workspace/darktable.git/src/libs/styles.c' (0x7f706a579e60) of size 8
'*.LC3' is ascii string '_cancel'
0x7f706a579e26 is located 0 bytes to the right of global variable '*.LC2' defined in '/home/david/workspace/darktable.git/src/libs/styles.c' (0x7f706a579e20) of size 6
'*.LC2' is ascii string '_save'
SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x5ed5e)
Shadow bytes around the buggy address:
0x0fee8d4a7370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fee8d4a7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fee8d4a7390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fee8d4a73a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fee8d4a73b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fee8d4a73c0: 00 00 00 0006f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
0x0fee8d4a73d0: f9 f9 f9 f9 00 00 01 f9 f9 f9 f9 f9 00 00 00 00
0x0fee8d4a73e0: f9 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
0x0fee8d4a73f0: f9 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9 00 05 f9 f9
0x0fee8d4a7400: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 02 f9 f9
0x0fee8d4a7410: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Thread T9 created by T0 here:
#0 0x7f70b0d754e8 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x314e8)
#1 0x7f70b0700e8d in dt_pthread_create /home/david/workspace/darktable.git/src/common/dtpthread.c:63
#2 0x7f70b07bd363 in dt_control_jobs_init /home/david/workspace/darktable.git/src/control/jobs.c:611
#3 0x7f70b07b304d in dt_control_init /home/david/workspace/darktable.git/src/control/control.c:72
#4 0x7f70b06f412d in dt_init /home/david/workspace/darktable.git/src/common/darktable.c:831
#5 0x55a45f99c9d5 in main /home/david/workspace/darktable.git/src/main.c:24
#6 0x7f70b001b3f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
15039ABORTING

History

#1 Updated by Pascal Obry 10 months ago

Crash on mouseover... But over what? How to reproduce? Is that for all mouseover when a hint should be displayed? On a particular widget?

#2 Updated by David Schaefer 10 months ago

Dear Pascal,

unfortunately I am not able to reproduce it,
it only happened once,
it happened on the import (or collection) module,
I didnt do anything special but stopping my mouse for a short while on a ui element so I think the tooltip was triggered.

I was hoping the asan info contains enough evidence to track that bug down.

#3 Updated by Pascal Obry 10 months ago

No clear to me given from the trace... It seems that the crash is in libgphoto2.

#4 Updated by David Schaefer 10 months ago

well, if I will ever be able to reproduce it I will create an issue again. So if the asan is not helpful you might close the isse

Also available in: Atom PDF