[prev in list] [next in list] [prev in thread] [next in thread] 

List:       koffice-devel
Subject:    Re: krita crash (1.6 branch)
From:       Cyrille Berger <cberger () cberger ! net>
Date:       2007-05-17 21:48:53
Message-ID: 200705172348.54375.cberger () cberger ! net
[Download RAW message or body]

On Thursday 17 May 2007, David Faure wrote:
> Open png, Tools / Colorify, select color, press OK.
> (Yeah this is the only feature of krita that I know how to use, but it's
> way cool ;) However it recently started crashing:
>
> ==25745==
> ==25745== Invalid read of size 4
> ==25745==    at 0x5AD8560: __dynamic_cast (in /usr/lib/libstdc++.so.6.0.8)
> ==25745==    by 0x770F593: KisColorify::configuration(QWidget*)
> (Colorify.cpp:69) ==25745==    by 0x6D3E54A: KisFilterManager::apply()
> (kis_filter_manager.cc:249) ==25745==    by 0x6D3F4CF:
> KisFilterManager::slotApplyFilter(int) (kis_filter_manager.cc:374) [...]
> ==25745==  Address 0x6BC50B0 is 0 bytes inside a block of size 120 free'd
> ==25745==    at 0x4020CC7: operator delete(void*) (vg_replace_malloc.c:244)
> ==25745==    by 0x7712826: KisWdgColorify::~KisWdgColorify()
> (KisWdgColorify.h:34) ==25745==    by 0x51453DA: QWidget::~QWidget()
> (qwidget.cpp:973)
> ==25745==    by 0x54A4F22: QFrame::~QFrame() (qframe.h:48)
> ==25745==    by 0x51453DA: QWidget::~QWidget() (qwidget.cpp:973)
> ==25745==    by 0x4231F66: QFrame::~QFrame() (qframe.h:48)
> ==25745==    by 0x54A7EC6: QHBox::~QHBox() (qhbox.h:49)
> ==25745==    by 0x51453DA: QWidget::~QWidget() (qwidget.cpp:973)
> ==25745==    by 0x52BCB23: QDialog::~QDialog() (qdialog.cpp:271)
> ==25745==    by 0x41F8588: KDialog::~KDialog() (kdialog.h:53)
> ==25745==    by 0x496143D: KDialogBase::~KDialogBase()
> (kdialogbase.cpp:214) ==25745==    by 0x6D6B582:
> KisPreviewDialog::~KisPreviewDialog() (kis_previewdialog.cc:44) ==25745==  
>  by 0x6D3F4B9: KisFilterManager::slotApplyFilter(int)
> (kis_filter_manager.cc:372)
>
> In short: slotApplyFilter is deleting the dialog, and then calling a method
> of the plugin, that is accessing the dialog... Hmm, so how about this? It
> fixes the bug here.
>
> Index: ui/kis_filter_manager.cc
> ===================================================================
> --- ui/kis_filter_manager.cc    (revision 665776)
> +++ ui/kis_filter_manager.cc    (working copy)
> @@ -369,8 +369,6 @@ void KisFilterManager::slotApplyFilter(i
>          }
>      }
>
> -    delete m_lastDialog;
> -
>      if (!accepted || !apply()) {
>         // Override the old configuration
>          m_lastFilterConfig = oldConfig;
> @@ -378,6 +376,7 @@ void KisFilterManager::slotApplyFilter(i
>          m_lastFilter = oldFilter;
>      }
>
> +    delete m_lastDialog;
>  }
>
>  void KisFilterManager::slotConfigChanged()

That's doesn't feel good, if you do that, you delete the oldDialog, and then 
recalling that filter will crash. 

I think 

if (!accepted || !apply()) {
	// Override the old configuration
	m_lastFilterConfig = oldConfig;
	m_lastDialog = oldDialog;
	m_lastFilter = oldFilter;
} else {
	delete oldConfig;
	delete oldDialog;
}

is better

-- 
Cyrille Berger
_______________________________________________
koffice-devel mailing list
koffice-devel@kde.org
https://mail.kde.org/mailman/listinfo/koffice-devel
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic