texture change fails sometimes

3Dickulus commented 4 years ago

the bug Changing texture cube map fails (segfault) but only sometimes

To Reproduce

Load the Simple SkyBox tutorial
Click on Skybox tab
Change the texture to something that is not a skybox texture like random png
See error

Expected behavior The texture should load with the un-serviced parts blank or with garbage data from last buffer occupant.

Desktop:

OS: OpenSuSE
Gfx card nVidia GTX 760
Driver version nVidia 418.87

Additional context Seems inconsistent, loads some things as expected.

Proposed fix: Test for size compliance X=n Y=6n or Y=n X=6n and behave accordingly. Reject if criteria is not met or expand to fit or alloc and fill missing areas

claudeha commented 4 years ago

It reads past the end of the image data in glTexImage, which may or may not crash depending on memory layout. Here's a valgrind trace:

...
==7773== Invalid read of size 8
==7773==    at 0x483D924: memmove (vg_replace_strmem.c:1271)
==7773==    by 0x1359E009: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1375F586: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x13BA6951: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x131FCF0B: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x131FE002: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1337AB8B: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1337C93D: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1891FD: glTexImage2D (qopenglfunctions_4_5_compatibility.h:1425)
==7773==    by 0x1891FD: Fragmentarium::GUI::DisplayWidget::loadQtTexture(QString, unsigned int, unsigned int, QString) (DisplayWidget.cpp:906)
==7773==    by 0x197403: Fragmentarium::GUI::DisplayWidget::initFragmentTextures() (DisplayWidget.cpp:1013)
==7773==    by 0x197D5A: Fragmentarium::GUI::DisplayWidget::initFragmentShader() (DisplayWidget.cpp:715)
==7773==    by 0x198518: Fragmentarium::GUI::DisplayWidget::setFragmentShader(Fragmentarium::Parser::FragmentSource) (DisplayWidget.cpp:303)
==7773==  Address 0x2d981ad0 is 0 bytes after a block of size 465,248 alloc'd
==7773==    at 0x483677F: malloc (vg_replace_malloc.c:309)
==7773==    by 0x537B26F: QImageData::create(QSize const&, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x537B39A: QImage::QImage(QSize const&, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x537B3D8: QImage::QImage(int, int, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x537EA51: QImage::convertToFormat_helper(QImage::Format, QFlags<Qt::ImageConversionFlag>) const (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x18919C: convertToFormat (qimage.h:188)
==7773==    by 0x18919C: Fragmentarium::GUI::DisplayWidget::loadQtTexture(QString, unsigned int, unsigned int, QString) (DisplayWidget.cpp:904)
==7773==    by 0x197403: Fragmentarium::GUI::DisplayWidget::initFragmentTextures() (DisplayWidget.cpp:1013)
==7773==    by 0x197D5A: Fragmentarium::GUI::DisplayWidget::initFragmentShader() (DisplayWidget.cpp:715)
==7773==    by 0x198518: Fragmentarium::GUI::DisplayWidget::setFragmentShader(Fragmentarium::Parser::FragmentSource) (DisplayWidget.cpp:303)
==7773==    by 0x1BBD5F: Fragmentarium::GUI::MainWindow::initializeFragment() (MainWindow.cpp:2728)
==7773==    by 0x16EBAD: Fragmentarium::GUI::MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_MainWindow.cpp:601)
==7773==    by 0x5E5B387: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.5)
==7773== 
==7773== Invalid read of size 8
==7773==    at 0x483D92F: memmove (vg_replace_strmem.c:1271)
==7773==    by 0x1359E009: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1375F586: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x13BA6951: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x131FCF0B: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x131FE002: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1337AB8B: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1337C93D: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1891FD: glTexImage2D (qopenglfunctions_4_5_compatibility.h:1425)
==7773==    by 0x1891FD: Fragmentarium::GUI::DisplayWidget::loadQtTexture(QString, unsigned int, unsigned int, QString) (DisplayWidget.cpp:906)
==7773==    by 0x197403: Fragmentarium::GUI::DisplayWidget::initFragmentTextures() (DisplayWidget.cpp:1013)
==7773==    by 0x197D5A: Fragmentarium::GUI::DisplayWidget::initFragmentShader() (DisplayWidget.cpp:715)
==7773==    by 0x198518: Fragmentarium::GUI::DisplayWidget::setFragmentShader(Fragmentarium::Parser::FragmentSource) (DisplayWidget.cpp:303)
==7773==  Address 0x2d981ad8 is 8 bytes after a block of size 465,248 alloc'd
==7773==    at 0x483677F: malloc (vg_replace_malloc.c:309)
==7773==    by 0x537B26F: QImageData::create(QSize const&, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x537B39A: QImage::QImage(QSize const&, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x537B3D8: QImage::QImage(int, int, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x537EA51: QImage::convertToFormat_helper(QImage::Format, QFlags<Qt::ImageConversionFlag>) const (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x18919C: convertToFormat (qimage.h:188)
==7773==    by 0x18919C: Fragmentarium::GUI::DisplayWidget::loadQtTexture(QString, unsigned int, unsigned int, QString) (DisplayWidget.cpp:904)
==7773==    by 0x197403: Fragmentarium::GUI::DisplayWidget::initFragmentTextures() (DisplayWidget.cpp:1013)
==7773==    by 0x197D5A: Fragmentarium::GUI::DisplayWidget::initFragmentShader() (DisplayWidget.cpp:715)
==7773==    by 0x198518: Fragmentarium::GUI::DisplayWidget::setFragmentShader(Fragmentarium::Parser::FragmentSource) (DisplayWidget.cpp:303)
==7773==    by 0x1BBD5F: Fragmentarium::GUI::MainWindow::initializeFragment() (MainWindow.cpp:2728)
==7773==    by 0x16EBAD: Fragmentarium::GUI::MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_MainWindow.cpp:601)
==7773==    by 0x5E5B387: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.5)
==7773== 
==7773== Invalid read of size 8
==7773==    at 0x483D937: memmove (vg_replace_strmem.c:1271)
==7773==    by 0x1359E009: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1375F586: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x13BA6951: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x131FCF0B: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x131FE002: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1337AB8B: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1337C93D: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1891FD: glTexImage2D (qopenglfunctions_4_5_compatibility.h:1425)
==7773==    by 0x1891FD: Fragmentarium::GUI::DisplayWidget::loadQtTexture(QString, unsigned int, unsigned int, QString) (DisplayWidget.cpp:906)
==7773==    by 0x197403: Fragmentarium::GUI::DisplayWidget::initFragmentTextures() (DisplayWidget.cpp:1013)
==7773==    by 0x197D5A: Fragmentarium::GUI::DisplayWidget::initFragmentShader() (DisplayWidget.cpp:715)
==7773==    by 0x198518: Fragmentarium::GUI::DisplayWidget::setFragmentShader(Fragmentarium::Parser::FragmentSource) (DisplayWidget.cpp:303)
==7773==  Address 0x2d981ae0 is 16 bytes after a block of size 465,248 alloc'd
==7773==    at 0x483677F: malloc (vg_replace_malloc.c:309)
==7773==    by 0x537B26F: QImageData::create(QSize const&, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x537B39A: QImage::QImage(QSize const&, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x537B3D8: QImage::QImage(int, int, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x537EA51: QImage::convertToFormat_helper(QImage::Format, QFlags<Qt::ImageConversionFlag>) const (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.5)
==7773==    by 0x18919C: convertToFormat (qimage.h:188)
==7773==    by 0x18919C: Fragmentarium::GUI::DisplayWidget::loadQtTexture(QString, unsigned int, unsigned int, QString) (DisplayWidget.cpp:904)
==7773==    by 0x197403: Fragmentarium::GUI::DisplayWidget::initFragmentTextures() (DisplayWidget.cpp:1013)
==7773==    by 0x197D5A: Fragmentarium::GUI::DisplayWidget::initFragmentShader() (DisplayWidget.cpp:715)
==7773==    by 0x198518: Fragmentarium::GUI::DisplayWidget::setFragmentShader(Fragmentarium::Parser::FragmentSource) (DisplayWidget.cpp:303)
==7773==    by 0x1BBD5F: Fragmentarium::GUI::MainWindow::initializeFragment() (MainWindow.cpp:2728)
==7773==    by 0x16EBAD: Fragmentarium::GUI::MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_MainWindow.cpp:601)
==7773==    by 0x5E5B387: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.12.5)
==7773== 
==7773== Invalid read of size 8
==7773==    at 0x483D93F: memmove (vg_replace_strmem.c:1271)
==7773==    by 0x1359E009: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1375F586: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x13BA6951: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x131FCF0B: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x131FE002: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1337AB8B: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1337C93D: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1891FD: glTexImage2D (qopenglfunctions_4_5_compatibility.h:1425)
==7773==    by 0x1891FD: Fragmentarium::GUI::DisplayWidget::loadQtTexture(QString, unsigned int, unsigned int, QString) (DisplayWidget.cpp:906)
==7773==    by 0x197403: Fragmentarium::GUI::DisplayWidget::initFragmentTextures() (DisplayWidget.cpp:1013)
==7773==    by 0x197D5A: Fragmentarium::GUI::DisplayWidget::initFragmentShader() (DisplayWidget.cpp:715)
==7773==    by 0x198518: Fragmentarium::GUI::DisplayWidget::setFragmentShader(Fragmentarium::Parser::FragmentSource) (DisplayWidget.cpp:303)
==7773==  Address 0x2d981ae8 is 24 bytes after a block of size 465,248 in arena "client"
==7773== 
==7773== Invalid read of size 8
==7773==    at 0x483D97D: memmove (vg_replace_strmem.c:1271)
==7773==    by 0x1359E009: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1375F586: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x13BA6951: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x131FCF0B: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x131FE002: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1337AB8B: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1337C93D: ??? (in /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so)
==7773==    by 0x1891FD: glTexImage2D (qopenglfunctions_4_5_compatibility.h:1425)
==7773==    by 0x1891FD: Fragmentarium::GUI::DisplayWidget::loadQtTexture(QString, unsigned int, unsigned int, QString) (DisplayWidget.cpp:906)
==7773==    by 0x197403: Fragmentarium::GUI::DisplayWidget::initFragmentTextures() (DisplayWidget.cpp:1013)
==7773==    by 0x197D5A: Fragmentarium::GUI::DisplayWidget::initFragmentShader() (DisplayWidget.cpp:715)
==7773==    by 0x198518: Fragmentarium::GUI::DisplayWidget::setFragmentShader(Fragmentarium::Parser::FragmentSource) (DisplayWidget.cpp:303)
==7773==  Address 0x2d982850 is 3,392 bytes inside an unallocated block of size 444,960 in arena "client"
==7773== 
Segmentation fault.
Fragmentarium crashed!

and info about the image I was using to test:

quasiconformal2.png: PNG image data, 868 x 134, 8-bit/color RGB, non-interlaced

3Dickulus commented 4 years ago

I think it's fixed, neglected to mention #138 in the commit a few minutes ago :( commit 3db53c2370e196fdcfb39f6d5f276d714ed33114

3Dickulus / FragM

texture change fails sometimes #138