Opened 8 years ago

Closed 4 years ago

#20 closed defect (fixed)

Occasionally crashes when drawing (freehand or contour-fill)

Reported by: finticemo Owned by: yrizoud
Priority: critical Milestone: 2.6
Component: GrafX2 Version: 2.4
Keywords: Cc:


I'm really not sure how to describe this. I know that the crash occurs when drawing a few pixels, with freehand or contour-fill drawing tools. Often it's on a small (32x32) image. It's also frequently near (but not on) the edge of the image.
GrafX2 can go hours without crashing this way, but OTOH today it's crashed in this way 3 times within an hour.

Thanks to gdb I have some more detail:

Error number 0 occured in file buttons.c, line 3484, function Save_picture.

Program received signal SIGSEGV, Segmentation fault.
0x00005555555af50c in Pixel_double (x=<optimized out>, y=<optimized out>, color=234 '\352') at pxdouble.c:41
41	  *(Screen_pixels + x * ZOOMX + y*ZOOMY * VIDEO_LINE_WIDTH)=color;
(gdb) bt
#0  0x00005555555af50c in Pixel_double (x=<optimized out>, y=<optimized out>, color=234 '\352') at pxdouble.c:41
#1  0x0000555555575ce0 in Horizontal_grid_line (x_pos=x_pos@entry=251, y_pos=y_pos@entry=2687, width=width@entry=384) at graph.c:2887
#2  0x0000555555575e1d in Redraw_grid (x=251, y=12, w=384, h=65512) at graph.c:2908
#3  0x0000555555576226 in Update_part_of_screen (x=x@entry=0, y=1, y@entry=0, width=<optimized out>, height=<optimized out>) at graph.c:201
#4  0x000055555557782a in Polyfill_general (vertices=vertices@entry=2, points=points@entry=0x555555d54240, color=<optimized out>) at graph.c:2536
#5  0x0000555555578419 in Polyfill (vertices=2, points=0x555555d54240, color=<optimized out>) at graph.c:2556
#6  0x00005555555933da in Filled_contour_0_8 () at operatio.c:2752
#7  0x00005555555a1664 in Main_handler () at engine.c:1559
#8  0x000055555556b19f in main (argc=<optimized out>, argv=<optimized out>) at main.c:985

I would guess that this is the typical case for contour-fill crash -- only a few vertices in the shape.
I can provide the image I was working on at the time of the latest crash, but AFAICS it is unremarkable (32x32, 1 layer)

Thankfully no work is lost, usually.. crash recovery works very well.

Change History (11)

comment:1 by yrizoud, 8 years ago

From the call stack, I can see that the it's from a negative height (65512 == -24) when drawing the grid (dotted lines)

We'll have to investigate, thanks a lot for report.

comment:2 by yrizoud, 8 years ago

Owner: changed from Adrien Destugues to yrizoud
Status: newassigned

comment:3 by yrizoud, 8 years ago

The issue happens with Contour fill if you draw just a horizontal line with it (within the image, even a very large image), AND the zoomed view is open with the grid visible.

I'm investigating a related issue with other tools, in this case it involves drawing entirely outside the image's right or bottom edge, while the zoomed view is visible and grid visible.

comment:4 by Thomas Bernard, 5 years ago

I can't reproduce the crash.
I've made sure the zoomed view is open and the grid visible.

when drawing a horizontal line I have a positive height... (32)

There has been a small change in the Update_part_of_screen() code, but it is only rounding things, I don't think that could have change this negative height problem :

comment:5 by PulkoMandy, 5 years ago

Milestone: 2.52.6

comment:6 by Thomas Bernard, 5 years ago

does anyone is able to reproduce the issue with GrafX2 2.5 ?
It could be a bug that have been fixed some time ago...

comment:7 by Thomas Bernard, 5 years ago

If nobody reproduces the bug with a recent version, I propose to close it !

comment:8 by PulkoMandy, 4 years ago

Priority: majorcritical

comment:9 by Thomas Bernard, 4 years ago

@yrizoud: it looks like you reproduced the issue back in the days ;)
Do you still reproduce it ?

comment:10 by yrizoud@…, 4 years ago

I reproduced it on a 2.4.2035, and saw that all sources based on 2.5 have the fix for this specific scenario :

The most frequent crashes have been caused by overflows / wrapping values, sometimes the mix of signed and unsigned makes it hard to see the culprit.
Checking for invalid values at the beginning of a function is one thing, but the caller may still continue his errors.
I don't know if it would be possible to log the stack trace or pause debugger, for example, whenever Update_part_of_screen() is called with width or height <=0.

comment:11 by Thomas Bernard, 4 years ago

Resolution: fixed
Status: assignedclosed

You can use GFX2_Log(GFX2_ERROR, ...)
to log the error and set a breakpoint on that line ;)

Note: See TracTickets for help on using tickets.