[Okular-devel] [Bug 230282] Crash (reproducible) in PagePainter::scalePixmapOnImage()

Sami Liedes sliedes at cc.hut.fi
Thu Mar 11 22:49:42 CET 2010 

https://bugs.kde.org/show_bug.cgi?id=230282





--- Comment #6 from Sami Liedes <sliedes cc hut fi>  2010-03-11 22:49:36 ---
Here's a backtrace from the unoptimized packages, showing that actually the
pixmap is being scaled to width 1925, not ~1600 as I said before. Not sure if
that's significant. This is the backtrace as shown by crash handler.

------------------------------------------------------------
Application: Okular (okular), signal: Segmentation fault
The current source language is "auto; currently c".
[KCrash Handler]
#5  0x00007fbd19a9f3a2 in PagePainter::scalePixmapOnImage (dest=...,
src=0x7fff808ca190, scaledWidth=1925, scaledHeight=1445, cropRect=...,
format=QImage::Format_ARGB32)
    at ../../okular/ui/pagepainter.cpp:752
#6  0x00007fbd19a9e5a8 in PagePainter::paintCroppedPageOnPainter
(destPainter=0x7fff808cb100, page=0x167f340, pixID=3, flags=63,
scaledWidth=1648, scaledHeight=2133, limits=..., crop=...)
    at ../../okular/ui/pagepainter.cpp:604
#7  0x00007fbd19ab8032 in PageView::drawDocumentOnPainter (this=0x139bc20,
contentsRect=..., p=0x7fff808cb100) at ../../okular/ui/pageview.cpp:2368
#8  0x00007fbd19ab1ed2 in PageView::contentsPaintEvent (this=0x139bc20,
pe=0x7fff808cb980) at ../../okular/ui/pageview.cpp:1250
#9  0x00007fbd19abe417 in PageViewWidget::paintEvent (this=0x13ca420,
e=0x7fff808cb980) at ../../okular/ui/pageview.cpp:270
#10 0x00007fbd222a0196 in QWidget::event (this=0x13ca420, event=0x7fff808cb980)
at kernel/qwidget.cpp:7692
#11 0x00007fbd19abe3e3 in PageViewWidget::event (this=0x13ca420,
e=0x7fff808cb980) at ../../okular/ui/pageview.cpp:264
#12 0x00007fbd2225001d in QApplicationPrivate::notify_helper (this=0x1201fd0,
receiver=0x13ca420, e=0x7fff808cb980) at kernel/qapplication.cpp:4065
#13 0x00007fbd2225807a in QApplication::notify (this=0x7fff808cc960,
receiver=0x13ca420, e=0x7fff808cb980) at kernel/qapplication.cpp:4030
#14 0x00007fbd239f1de6 in KApplication::notify (this=0x7fff808cc960,
receiver=0x13ca420, event=0x7fff808cb980) at
../../kdeui/kernel/kapplication.cpp:302
#15 0x00007fbd22dd6c9c in QCoreApplication::notifyInternal
(this=0x7fff808cc960, receiver=0x13ca420, event=0x7fff808cb980) at
kernel/qcoreapplication.cpp:610
#16 0x00007fbd222a71be in QWidgetPrivate::drawWidget (this=0x13d29b0,
pdev=0x1315798, rgn=..., offset=..., flags=4, sharedPainter=0x0,
backingStore=0x13113b0) at kernel/qwidget.cpp:5084
#17 0x00007fbd2241ce6e in QWidgetBackingStore::sync (this=0x13113b0) at
painting/qbackingstore.cpp:1264
#18 0x00007fbd22299220 in QWidgetPrivate::syncBackingStore (this=0x130dff0) at
kernel/qwidget.cpp:1603
#19 0x00007fbd222a0031 in QWidget::event (this=0x1313810, event=0x16983c0) at
kernel/qwidget.cpp:7832
#20 0x00007fbd22622d2b in QMainWindow::event (this=0x1313810, event=0x16983c0)
at widgets/qmainwindow.cpp:1399
#21 0x00007fbd23afc353 in KXmlGuiWindow::event (this=0x7fff808c9aa0, ev=0x0) at
../../kdeui/xmlgui/kxmlguiwindow.cpp:131
#22 0x00007fbd2225001d in QApplicationPrivate::notify_helper (this=0x1201fd0,
receiver=0x1313810, e=0x16983c0) at kernel/qapplication.cpp:4065
#23 0x00007fbd2225807a in QApplication::notify (this=0x7fff808cc960,
receiver=0x1313810, e=0x16983c0) at kernel/qapplication.cpp:4030
#24 0x00007fbd239f1de6 in KApplication::notify (this=0x7fff808cc960,
receiver=0x1313810, event=0x16983c0) at ../../kdeui/kernel/kapplication.cpp:302
#25 0x00007fbd22dd6c9c in QCoreApplication::notifyInternal
(this=0x7fff808cc960, receiver=0x1313810, event=0x16983c0) at
kernel/qcoreapplication.cpp:610
#26 0x00007fbd22dd78e4 in QCoreApplication::sendEvent (receiver=0x0,
event_type=0, data=0x11e9950) at
../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213
#27 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0,
data=0x11e9950) at kernel/qcoreapplication.cpp:1247
#28 0x00007fbd22dff7d3 in QCoreApplication::sendPostedEvents (s=<value
optimized out>) at
../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#29 postEventSourceDispatch (s=<value optimized out>) at
kernel/qeventdispatcher_glib.cpp:276
#30 0x00007fbd1e64290e in g_main_dispatch (context=0x1204920) at
/tmp/buildd/glib2.0-2.22.4/glib/gmain.c:1960
#31 IA__g_main_context_dispatch (context=0x1204920) at
/tmp/buildd/glib2.0-2.22.4/glib/gmain.c:2513
#32 0x00007fbd1e6462c8 in g_main_context_iterate (context=0x1204920,
block=<value optimized out>, dispatch=<value optimized out>, self=<value
optimized out>)
    at /tmp/buildd/glib2.0-2.22.4/glib/gmain.c:2591
#33 0x00007fbd1e6463f0 in IA__g_main_context_iteration (context=0x1204920,
may_block=1) at /tmp/buildd/glib2.0-2.22.4/glib/gmain.c:2654
#34 0x00007fbd22dff39c in QEventDispatcherGlib::processEvents (this=0x11e9160,
flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:407
#35 0x00007fbd222e6f1f in QGuiEventDispatcherGlib::processEvents
(this=0x7fff808c9aa0, flags=<value optimized out>) at
kernel/qguieventdispatcher_glib.cpp:202
#36 0x00007fbd22dd5562 in QEventLoop::processEvents (this=<value optimized
out>, flags=...) at kernel/qeventloop.cpp:149
#37 0x00007fbd22dd5934 in QEventLoop::exec (this=0x7fff808cc900, flags=...) at
kernel/qeventloop.cpp:201
#38 0x00007fbd22dd7ba4 in QCoreApplication::exec () at
kernel/qcoreapplication.cpp:888
#39 0x0000000000407f10 in main (argc=2, argv=0x7fff808ccc08) at
../../../okular/shell/main.cpp:81
------------------------------------------------------------

For some reason, srcData is NULL in PagePainter::scalePixmapOnImage():

------------------------------------------------------------
Program received signal SIGSEGV, Segmentation fault.
0x00007fffed37f3a2 in PagePainter::scalePixmapOnImage (dest=...,
src=0x7fffffffbba0, scaledWidth=1925, scaledHeight=1445, cropRect=...,
    format=QImage::Format_ARGB32) at ../../okular/ui/pagepainter.cpp:752
752                 (*destData++) = srcData[ srcOffset + xOffset[x] ];
(gdb) print destData
$1 = (unsigned int *) 0xa9dfc0
(gdb) print srcData
$2 = (unsigned int *) 0x0
(gdb) print srcImage
$3 = {<QPaintDevice> = {_vptr.QPaintDevice = 0x7ffff65288f0, painters = 0}, d =
0x0}
(gdb) print *src
$5 = {<QPaintDevice> = {_vptr.QPaintDevice = 0x7ffff6528d70, painters = 0},
data = 0xa39a60}
(gdb) print *src->data
$7 = {_vptr.QPixmapData = 0x7ffff65295b0, ref = {<QBasicAtomicInt> = {_q_value
= 2}, <No data fields>}, detach_no = 0,
  type = QPixmapData::PixmapType, id = 1, ser_no = 479, is_cached = 0}
------------------------------------------------------------

And valgrind output (this time with even zlib debug syms, although I doubt
that's significant :-):

------------------------------------------------------------
==23790== Memcheck, a memory error detector
==23790== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==23790== Using Valgrind-3.5.0-Debian and LibVEX; rerun with -h for copyright
info
==23790== Command: okular Mallivihko.pdf
==23790==
==23790== Conditional jump or move depends on uninitialised value(s)
==23790==    at 0x7B68290: inflateReset2 (inflate.c:157)
==23790==    by 0x7B6837F: inflateInit2_ (inflate.c:193)
==23790==    by 0x7B62AD8: uncompress (uncompr.c:47)
==23790==    by 0x62CC9AB: qUncompress(unsigned char const*, int)
(qbytearray.cpp:543)
==23790==    by 0x57D8820: KPixmapCache::Private::loadData(int, QPixmap&)
(qbytearray.h:579)
==23790==    by 0x57D9905: KPixmapCache::find(QString const&, QPixmap&)
(kpixmapcache.cpp:1314)
==23790==    by 0x573B479: KIconCache::find(QString const&, QPixmap&, QString*)
(kiconcache.cpp:277)
==23790==    by 0x572E751: KIconLoader::loadIcon(QString const&,
KIconLoader::Group, int, int, QStringList const&, QString*, bool) const
(kiconloader.cpp:1083)
==23790==    by 0x57269AC: KIconEngine::pixmap(QSize const&, QIcon::Mode,
QIcon::State) (kiconengine.cpp:119)
==23790==    by 0x6913404: QIcon::pixmap(QSize const&, QIcon::Mode,
QIcon::State) const (qicon.cpp:716)
==23790==    by 0x6902514: QWidgetPrivate::setWindowIcon_sys(bool)
(qwidget_x11.cpp:1347)
==23790==    by 0x68CC43F: QWidget::create(unsigned long, bool, bool)
(qwidget.cpp:1283)
==23790==
==23790== Conditional jump or move depends on uninitialised value(s)
==23790==    at 0x4192127: PageView::resizeEvent(QResizeEvent*)
(pageview.cpp:1279)
==23790==    by 0x68CA1C9: QWidget::event(QEvent*) (qwidget.cpp:7700)
==23790==    by 0x6C3292A: QFrame::event(QEvent*) (qframe.cpp:559)
==23790==    by 0x63AAFB7:
QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*)
(qcoreapplication.cpp:726)
==23790==    by 0x6879FEB: QApplicationPrivate::notify_helper(QObject*,
QEvent*) (qapplication.cpp:4061)
==23790==    by 0x6882079: QApplication::notify(QObject*, QEvent*)
(qapplication.cpp:4030)
==23790==    by 0x575EDE5: KApplication::notify(QObject*, QEvent*)
(kapplication.cpp:302)
==23790==    by 0x63ABC9B: QCoreApplication::notifyInternal(QObject*, QEvent*)
(qcoreapplication.cpp:610)
==23790==    by 0x69085DA: QWidgetPrivate::setGeometry_sys(int, int, int, int,
bool) (qcoreapplication.h:213)
==23790==    by 0x68C9096: QWidget::setGeometry(QRect const&)
(qwidget.cpp:6237)
==23790==    by 0x6CC17B3: QAbstractScrollAreaPrivate::layoutChildren()
(qabstractscrollarea.cpp:459)
==23790==    by 0x6CC1DB0: QAbstractScrollArea::event(QEvent*)
(qabstractscrollarea.cpp:874)
==23790==
==23790== Invalid read of size 4
==23790==    at 0x417F3A2: PagePainter::scalePixmapOnImage(QImage&, QPixmap
const*, int, int, QRect const&, QImage::Format) (pagepainter.cpp:752)
==23790==    by 0x417E5A7: PagePainter::paintCroppedPageOnPainter(QPainter*,
Okular::Page const*, int, int, int, int, QRect const&, Okular::NormalizedRect
const&) (pagepainter.cpp:604)
==23790==    by 0x4198031: PageView::drawDocumentOnPainter(QRect const&,
QPainter*) (pageview.cpp:2368)
==23790==    by 0x4191ED1: PageView::contentsPaintEvent(QPaintEvent*)
(pageview.cpp:1250)
==23790==    by 0x419E416: PageViewWidget::paintEvent(QPaintEvent*)
(pageview.cpp:270)
==23790==    by 0x68CA195: QWidget::event(QEvent*) (qwidget.cpp:7692)
==23790==    by 0x419E3E2: PageViewWidget::event(QEvent*) (pageview.cpp:264)
==23790==    by 0x687A01C: QApplicationPrivate::notify_helper(QObject*,
QEvent*) (qapplication.cpp:4065)
==23790==    by 0x6882079: QApplication::notify(QObject*, QEvent*)
(qapplication.cpp:4030)
==23790==    by 0x575EDE5: KApplication::notify(QObject*, QEvent*)
(kapplication.cpp:302)
==23790==    by 0x63ABC9B: QCoreApplication::notifyInternal(QObject*, QEvent*)
(qcoreapplication.cpp:610)
==23790==    by 0x68D11BD: QWidgetPrivate::drawWidget(QPaintDevice*, QRegion
const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (qwidget.cpp:5084)
==23790==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==23790==
------------------------------------------------------------

If there's something you want me to inspect further, I'll be happy to be of
assistance.

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Okular-devel mailing list