search

kovidgoyal / kitty

Cross-platform, fast, feature-rich, GPU based terminal
https://sw.kovidgoyal.net/kitty/
GNU General Public License v3.0
24.15k stars 972 forks source link

icat crashes kitty while trying to display large number of pictures #1825

Closed JanczarKurek closed 5 years ago

JanczarKurek commented 5 years ago

Output of kitty --version

kitty 0.14.2 created by Kovid Goyal

Description

As in the title, after trying to display large number of files, kitty displays some of them, and then crashes.

Reproduction

  1. Clone https://github.com/boyEstrogen/Anime-Girls-Holding-Programming-Books
  2. call kitty +kitten icat **/*
  3. Should crash after a while.
kovidgoyal commented 5 years ago

Works for me with kitty from master. I suggest you try it from there, or wait for the next release.

JanczarKurek commented 5 years ago

I tried master version, got this message:

"corrupted size vs. prev_size while consolidating fish: “python3 .” terminated by signal SIGABRT (Abort)"

Tested also on python3.6, got:

"munmap_chunk(): invalid pointer fish: “python3.6 .” terminated by signal SIGABRT (Abort)"

Looks suspicious to me.

kovidgoyal commented 5 years ago

Well without a way to replicate it there is not much I can do. You can build kitty in debug mode with make debug and produce a backtrace of the crash you get. Or better build it with make asan which should detect any memory related issues.

v3ctor commented 5 years ago

Also raporting this issue. I tried with master version and python 3.7.3, got double free or corruption (out) and free(): corrupted unsorted chunks.

I tried it on fresh install of arch linux in virtual machine, got same results.

kasprzyckit commented 5 years ago

Tested on Fedora, with python 3.7.3 and master. Errors: munmap_chunk(): invalid pointer and free(): corrupted unsorted chunks.

Luflosi commented 5 years ago

Those error messages aren't very helpful. Is there some more verbose output that you guys didn't post?

v3ctor commented 5 years ago

No, but I have built kitty with sanitizers:

[arch@arch bin]$ ./kitty 
[arch@arch bin]$ LD_PRELOAD=/usr/lib/libasan.so ./kitty 

=================================================================
==29217==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 824096 byte(s) in 204 object(s) allocated from:
    #0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x7fc46f491508 in PyObject_Malloc (/usr/lib/libpython3.7m.so.1.0+0xe7508)

Direct leak of 1560 byte(s) in 3 object(s) allocated from:
    #0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x7fc46f492c27  (/usr/lib/libpython3.7m.so.1.0+0xe8c27)

Direct leak of 1554 byte(s) in 4 object(s) allocated from:
    #0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x7fc46f491fc6 in PyMem_Malloc (/usr/lib/libpython3.7m.so.1.0+0xe7fc6)

Direct leak of 96 byte(s) in 3 object(s) allocated from:
    #0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x7fc46f495735 in PyThread_allocate_lock (/usr/lib/libpython3.7m.so.1.0+0xeb735)

Indirect leak of 78525 byte(s) in 82 object(s) allocated from:
    #0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x7fc46f491508 in PyObject_Malloc (/usr/lib/libpython3.7m.so.1.0+0xe7508)

Indirect leak of 544 byte(s) in 1 object(s) allocated from:
    #0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x7fc46f492c27  (/usr/lib/libpython3.7m.so.1.0+0xe8c27)

SUMMARY: AddressSanitizer: 906375 byte(s) leaked in 297 allocation(s).
=================================================================
==29189==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900029b478 at pc 0x7f83b1209308 bp 0x7ffe62892f90 sp 0x7ffe62892f80
READ of size 4 at 0x61900029b478 thread T0
    #0 0x7f83b1209307 in scroll_filter_func kitty/graphics.c:614
    #1 0x7f83b1221fe1 in filter_refs kitty/graphics.c:601
    #2 0x7f83b1221fe1 in grman_scroll_images kitty/graphics.c:661
    #3 0x7f83b12d1755 in screen_scroll kitty/screen.c:882
    #4 0x7f83b12d4c85 in screen_handle_graphics_command kitty/screen.c:579
    #5 0x7f83b129a969 in parse_graphics_code kitty/parse-graphics-command.h:318
    #6 0x7f83b12b24e8 in dispatch_apc kitty/parser.c:872
    #7 0x7f83b12b24e8 in _parse_bytes_watching_for_pending kitty/parser.c:1108
    #8 0x7f83b12b7cf0 in do_parse_bytes kitty/parser.c:1226
    #9 0x7f83b12b7cf0 in parse_worker kitty/parser.c:1281
    #10 0x7f83b1187c3f in do_parse kitty/child-monitor.c:307
    #11 0x7f83b1187c3f in parse_input kitty/child-monitor.c:379
    #12 0x7f83b118832e in process_global_state kitty/child-monitor.c:914
    #13 0x7f83b1189921 in do_state_check kitty/child-monitor.c:900
    #14 0x7f83af1dce2b in dispatchTimers glfw/backend_utils.c:215
    #15 0x7f83af1dd6d3 in pollForEvents glfw/backend_utils.c:315
    #16 0x7f83af1b9295 in handleEvents glfw/x11_window.c:66
    #17 0x7f83af1b936a in _glfwPlatformWaitEvents glfw/x11_window.c:2531
    #18 0x7f83af199744 in _glfwPlatformRunMainLoop glfw/main_loop.h:30
    #19 0x7f83af17a540 in glfwRunMainLoop glfw/init.c:344
    #20 0x7f83b1206192 in run_main_loop kitty/glfw.c:1142
    #21 0x7f83b117bc8f in main_loop kitty/child-monitor.c:954
    #22 0x7f83b5fc50c9 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b0c9)
    #23 0x7f83b5ffdb7e in _PyMethodDescr_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x143b7e)
    #24 0x7f83b5ffdd13  (/usr/lib/libpython3.7m.so.1.0+0x143d13)
    #25 0x7f83b603af8f in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180f8f)
    #26 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
    #27 0x7f83b5feada2 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130da2)
    #28 0x7f83b5ffdc2f  (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
    #29 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
    #30 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
    #31 0x7f83b5feada2 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130da2)
    #32 0x7f83b5ffdc2f  (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
    #33 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
    #34 0x7f83b5feac02 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130c02)
    #35 0x7f83b5ffdc2f  (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
    #36 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
    #37 0x7f83b5feac02 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130c02)
    #38 0x7f83b5ffdc2f  (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
    #39 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
    #40 0x7f83b5feac02 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130c02)
    #41 0x7f83b5ffdc2f  (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
    #42 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
    #43 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
    #44 0x7f83b5feaac9 in PyEval_EvalCodeEx (/usr/lib/libpython3.7m.so.1.0+0x130ac9)
    #45 0x7f83b5feaaeb in PyEval_EvalCode (/usr/lib/libpython3.7m.so.1.0+0x130aeb)
    #46 0x7f83b6035429  (/usr/lib/libpython3.7m.so.1.0+0x17b429)
    #47 0x7f83b5fc5067 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b067)
    #48 0x7f83b5fc5393 in _PyCFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b393)
    #49 0x7f83b5ffdd4b  (/usr/lib/libpython3.7m.so.1.0+0x143d4b)
    #50 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
    #51 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
    #52 0x7f83b5feada2 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130da2)
    #53 0x7f83b5ffdc2f  (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
    #54 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
    #55 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
    #56 0x7f83b5feb44e in _PyFunction_FastCallDict (/usr/lib/libpython3.7m.so.1.0+0x13144e)
    #57 0x7f83b60c2c73  (/usr/lib/libpython3.7m.so.1.0+0x208c73)
    #58 0x7f83b60c414f  (/usr/lib/libpython3.7m.so.1.0+0x20a14f)
    #59 0x7f83b5f97515 in Py_Main (/usr/lib/libpython3.7m.so.1.0+0xdd515)
    #60 0x564cf4c002fe in main (/home/v3ct0r/kitty/linux-package/bin/kitty+0x12fe)
    #61 0x7f83b5d1dee2 in __libc_start_main (/usr/lib/libc.so.6+0x26ee2)
    #62 0x564cf4c0042d in _start (/home/v3ct0r/kitty/linux-package/bin/kitty+0x142d)

0x61900029b478 is located 248 bytes inside of 1088-byte region [0x61900029b380,0x61900029b7c0)
freed by thread T0 here:
    #0 0x7f83b650a6c0 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:122
    #1 0x7f83b1222346 in free_refs_data kitty/graphics.c:45
    #2 0x7f83b1222346 in free_image kitty/graphics.c:61
    #3 0x7f83b1222346 in remove_image kitty/graphics.c:98
    #4 0x7f83b1222346 in filter_refs kitty/graphics.c:605
    #5 0x7f83b1222346 in grman_scroll_images kitty/graphics.c:661
    #6 0x7f83b12d1755 in screen_scroll kitty/screen.c:882
    #7 0x7f83b12d4c85 in screen_handle_graphics_command kitty/screen.c:579
    #8 0x7f83b129a969 in parse_graphics_code kitty/parse-graphics-command.h:318
    #9 0x7f83b12b24e8 in dispatch_apc kitty/parser.c:872
    #10 0x7f83b12b24e8 in _parse_bytes_watching_for_pending kitty/parser.c:1108
    #11 0x7f83b12b7cf0 in do_parse_bytes kitty/parser.c:1226
    #12 0x7f83b12b7cf0 in parse_worker kitty/parser.c:1281
    #13 0x7f83b1187c3f in do_parse kitty/child-monitor.c:307
    #14 0x7f83b1187c3f in parse_input kitty/child-monitor.c:379
    #15 0x7f83b118832e in process_global_state kitty/child-monitor.c:914
    #16 0x7f83b1189921 in do_state_check kitty/child-monitor.c:900
    #17 0x7f83af1dce2b in dispatchTimers glfw/backend_utils.c:215
    #18 0x7f83af1dd6d3 in pollForEvents glfw/backend_utils.c:315
    #19 0x7f83af1b9295 in handleEvents glfw/x11_window.c:66
    #20 0x7f83af1b936a in _glfwPlatformWaitEvents glfw/x11_window.c:2531
    #21 0x7f83af199744 in _glfwPlatformRunMainLoop glfw/main_loop.h:30
    #22 0x7f83af17a540 in glfwRunMainLoop glfw/init.c:344
    #23 0x7f83b1206192 in run_main_loop kitty/glfw.c:1142
    #24 0x7f83b117bc8f in main_loop kitty/child-monitor.c:954
    #25 0x7f83b5fc50c9 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b0c9)

previously allocated by thread T0 here:
    #0 0x7f83b650af40 in __interceptor_realloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:163
    #1 0x7f83b120b4a4 in handle_put_command kitty/graphics.c:483
    #2 0x7f83b12248da in grman_handle_command kitty/graphics.c:780
    #3 0x7f83b12d4566 in screen_handle_graphics_command kitty/screen.c:574
    #4 0x7f83b129a969 in parse_graphics_code kitty/parse-graphics-command.h:318
    #5 0x7f83b12b24e8 in dispatch_apc kitty/parser.c:872
    #6 0x7f83b12b24e8 in _parse_bytes_watching_for_pending kitty/parser.c:1108
    #7 0x7f83b12b7cf0 in do_parse_bytes kitty/parser.c:1226
    #8 0x7f83b12b7cf0 in parse_worker kitty/parser.c:1281
    #9 0x7f83b1187c3f in do_parse kitty/child-monitor.c:307
    #10 0x7f83b1187c3f in parse_input kitty/child-monitor.c:379
    #11 0x7f83b118832e in process_global_state kitty/child-monitor.c:914
    #12 0x7f83b1189921 in do_state_check kitty/child-monitor.c:900
    #13 0x7f83af1dce2b in dispatchTimers glfw/backend_utils.c:215
    #14 0x7f83af1dd6d3 in pollForEvents glfw/backend_utils.c:315
    #15 0x7f83af1b9295 in handleEvents glfw/x11_window.c:66
    #16 0x7f83af1b936a in _glfwPlatformWaitEvents glfw/x11_window.c:2531
    #17 0x7f83af199744 in _glfwPlatformRunMainLoop glfw/main_loop.h:30
    #18 0x7f83af17a540 in glfwRunMainLoop glfw/init.c:344
    #19 0x7f83b1206192 in run_main_loop kitty/glfw.c:1142
    #20 0x7f83b117bc8f in main_loop kitty/child-monitor.c:954
    #21 0x7f83b5fc50c9 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b0c9)

SUMMARY: AddressSanitizer: heap-use-after-free kitty/graphics.c:614 in scroll_filter_func
Shadow bytes around the buggy address:
  0x0c328004b630: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c328004b640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c328004b650: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c328004b660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c328004b670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c328004b680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]
  0x0c328004b690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c328004b6a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c328004b6b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c328004b6c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c328004b6d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==29189==ABORTING