Opened 5 years ago

Closed 18 months ago

#20 closed defect (fixed)

Occasionally crashes when drawing (freehand or contour-fill)

Reported by: finticemo Owned by: yrizoud
Priority: critical Milestone: 2.6
Component: GrafX2 Version: 2.4
Keywords: Cc:

Description

I'm really not sure how to describe this. I know that the crash occurs when drawing a few pixels, with freehand or contour-fill drawing tools. Often it's on a small (32x32) image. It's also frequently near (but not on) the edge of the image.
GrafX2 can go hours without crashing this way, but OTOH today it's crashed in this way 3 times within an hour.

Thanks to gdb I have some more detail:

Error number 0 occured in file buttons.c, line 3484, function Save_picture.

Program received signal SIGSEGV, Segmentation fault.
0x00005555555af50c in Pixel_double (x=<optimized out>, y=<optimized out>, color=234 '\352') at pxdouble.c:41
41	  *(Screen_pixels + x * ZOOMX + y*ZOOMY * VIDEO_LINE_WIDTH)=color;
(gdb) bt
#0  0x00005555555af50c in Pixel_double (x=<optimized out>, y=<optimized out>, color=234 '\352') at pxdouble.c:41
#1  0x0000555555575ce0 in Horizontal_grid_line (x_pos=x_pos@entry=251, y_pos=y_pos@entry=2687, width=width@entry=384) at graph.c:2887
#2  0x0000555555575e1d in Redraw_grid (x=251, y=12, w=384, h=65512) at graph.c:2908
#3  0x0000555555576226 in Update_part_of_screen (x=x@entry=0, y=1, y@entry=0, width=<optimized out>, height=<optimized out>) at graph.c:201
#4  0x000055555557782a in Polyfill_general (vertices=vertices@entry=2, points=points@entry=0x555555d54240, color=<optimized out>) at graph.c:2536
#5  0x0000555555578419 in Polyfill (vertices=2, points=0x555555d54240, color=<optimized out>) at graph.c:2556
#6  0x00005555555933da in Filled_contour_0_8 () at operatio.c:2752
#7  0x00005555555a1664 in Main_handler () at engine.c:1559
#8  0x000055555556b19f in main (argc=<optimized out>, argv=<optimized out>) at main.c:985

I would guess that this is the typical case for contour-fill crash -- only a few vertices in the shape.
I can provide the image I was working on at the time of the latest crash, but AFAICS it is unremarkable (32x32, 1 layer)

Thankfully no work is lost, usually.. crash recovery works very well.

Change History (11)

comment:1 Changed 5 years ago by yrizoud

From the call stack, I can see that the it's from a negative height (65512 == -24) when drawing the grid (dotted lines)

We'll have to investigate, thanks a lot for report.

comment:2 Changed 5 years ago by yrizoud

Owner: changed from Adrien Destugues to yrizoud
Status: newassigned

comment:3 Changed 5 years ago by yrizoud

The issue happens with Contour fill if you draw just a horizontal line with it (within the image, even a very large image), AND the zoomed view is open with the grid visible.

I'm investigating a related issue with other tools, in this case it involves drawing entirely outside the image's right or bottom edge, while the zoomed view is visible and grid visible.

comment:4 Changed 2 years ago by Thomas Bernard

I can't reproduce the crash.
I've made sure the zoomed view is open and the grid visible.

when drawing a horizontal line I have a positive height... (32)

There has been a small change in the Update_part_of_screen() code, but it is only rounding things, I don't think that could have change this negative height problem :
https://gitlab.com/GrafX2/grafX2/commit/f2b04e08d0b90581fe032d4313217fa39dde725f#37da4535699a1be2dfc0fe7ab630482a100f74a5_84_87

comment:5 Changed 2 years ago by PulkoMandy

Milestone: 2.52.6

comment:6 Changed 23 months ago by Thomas Bernard

does anyone is able to reproduce the issue with GrafX2 2.5 ?
It could be a bug that have been fixed some time ago...

comment:7 Changed 21 months ago by Thomas Bernard

If nobody reproduces the bug with a recent version, I propose to close it !

comment:8 Changed 19 months ago by PulkoMandy

Priority: majorcritical

comment:9 Changed 18 months ago by Thomas Bernard

@yrizoud: it looks like you reproduced the issue back in the days ;)
Do you still reproduce it ?

comment:10 Changed 18 months ago by yrizoud@…

I reproduced it on a 2.4.2035, and saw that all sources based on 2.5 have the fix for this specific scenario : https://gitlab.com/miniupnp/grafX2/commit/f9eb1bfe7bb4924967501e1faf73e2880c09224f

The most frequent crashes have been caused by overflows / wrapping values, sometimes the mix of signed and unsigned makes it hard to see the culprit.
Checking for invalid values at the beginning of a function is one thing, but the caller may still continue his errors.
I don't know if it would be possible to log the stack trace or pause debugger, for example, whenever Update_part_of_screen() is called with width or height <=0.

comment:11 Changed 18 months ago by Thomas Bernard

Resolution: fixed
Status: assignedclosed

You can use GFX2_Log(GFX2_ERROR, ...)
to log the error and set a breakpoint on that line ;)

Note: See TracTickets for help on using tickets.