Opened 4 years ago

Closed 2 years ago

Last modified 2 years ago

#16752 closed bug (fixed)

app_server: crash when zooming picture

Reported by: X512 Owned by: axeld
Priority: normal Milestone: R1/beta4
Component: Servers/app_server Version: R1/Development
Keywords: Cc: madmax
Blocked By: Blocking:
Platform: All

Description (last modified by X512)

This is hrev54888.

Steps to reproduce:

  1. Open attached picture in PictureView.
  2. Zoom picture with mouse wheel.
  3. app_server will crash. Also global freezes will occur.

Can be reproduced in test_app_server. When building PictureView, be should be replaced with be_test in Makefile.

Attachments (3)

Picture (2.7 KB ) - added by X512 4 years ago.
test_app_server-1813-debug-13-01-2021-18-15-11.report (49.0 KB ) - added by X512 4 years ago.
Crash report for debug build of test_app_server
test_app_server-22223-debug-13-01-2021-20-47-00.report (49.9 KB ) - added by X512 4 years ago.
Crash after adding overflow check in ServerBitmap

Download all attachments as: .zip

Change History (15)

by X512, 4 years ago

Attachment: Picture added

by X512, 4 years ago

Attachment: test_app_server-1813-debug-13-01-2021-18-15-11.report added

Crash report for debug build of test_app_server

comment:1 by X512, 4 years ago

Description: modified (diff)

comment:2 by waddlesplash, 4 years ago

Looks plausibly related to the guarded_heap crash in #16489.

comment:3 by X512, 4 years ago

Description: modified (diff)

comment:4 by X512, 4 years ago

It can be int32 overflow in ServerBitmap. When analyzing one of crashes, Alpha mask buffer bitmap size was 46848 x 27648 and color space was B_RGBA32. 46848*27648*4 = 0x1337e8000 > UINT32_MAX.

Version 0, edited 4 years ago by X512 (next)

comment:5 by waddlesplash, 4 years ago

Why are the alpha mask buffers so large? Is the picture zoomed that big? And, aren't alpha masks 1-byte?

comment:6 by X512, 4 years ago

Is the picture zoomed that big?

Yes. But some kind of clipping probably can be introduced.

And, aren't alpha masks 1-byte?

No, because Painter don't support buffer formats except B_RGBA32: https://git.haiku-os.org/haiku/tree/src/servers/app/drawing/Painter/Painter.cpp#n230.

After adding proper overflow check, it now crash in different place.

by X512, 4 years ago

Attachment: test_app_server-22223-debug-13-01-2021-20-47-00.report added

Crash after adding overflow check in ServerBitmap

comment:7 by X512, 4 years ago

Alpha mask is a good motivation for implementing 8 bit rendering in Painter.

comment:8 by X512, 4 years ago

Second crash seems to be NULL dereference to bitmap buffer that was failed to allocate.

comment:9 by waddlesplash, 2 years ago

Milestone: UnscheduledR1/beta4
Resolution: fixed
Status: newclosed

If you zoom in too far, it won't redraw anymore, and if you zoom at all the text disappears, but those seem like separate issues, and the crash itself is gone.

comment:10 by waddlesplash, 2 years ago

Cc: madmax added

CC'ing madmax, as he may want to investigate the "text disappears when zooming picture" issue (or perhaps he already knows of it, and this might be an easier way to test.)

comment:11 by pulkomandy, 2 years ago

And, aren't alpha masks 1-byte?

No, you can have a subpixel precise alpha mask if you want to. For example this allows you to render some text in the alpha mask, and then fill it with a gradient or some other fun things, and preserve the subpixel antialiasing of the text still.

comment:12 by X512, 2 years ago

AGG support RLE-like compressed masks.

Note: See TracTickets for help on using tickets.