Issue 247 in webp: Ksnapshot crashes/segfaults when dragging screenshot to web browser window

[we...@googlecode.com]

Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 247 by Vdragon....@gmail.com: Ksnapshot crashes/segfaults when
dragging screenshot to web browser window
https://code.google.com/p/webp/issues/detail?id=247

(Content copied from [Bug 346123 of KDE Bug
Tracker](https://bugs.kde.org/show_bug.cgi?id=346123) since it may be
libwebp's issue)
When I drag the screenshot image from Ksnapshot to Google Chrome to share
Ksnapshot crashed.

gdb stacktrace:
`````
Program received signal SIGSEGV, Segmentation fault.
0xb2d7192f in ?? () from /usr/lib/i386-linux-gnu/libwebp.so.5
(gdb) backtrack
Undefined command: "backtrack". Try "help".
(gdb) backtrace
#0 0xb2d7192f in ?? () from /usr/lib/i386-linux-gnu/libwebp.so.5
#1 0xb2d726d8 in ?? () from /usr/lib/i386-linux-gnu/libwebp.so.5
#2 0xb2d7274f in WebPPictureImportRGB ()
from /usr/lib/i386-linux-gnu/libwebp.so.5
#3 0xb2d73462 in ?? () from /usr/lib/i386-linux-gnu/libwebp.so.5
#4 0xb2dc6c73 in ?? () from /usr/lib/kde4/plugins/imageformats/kimg_webp.so
#5 0xb68e0b3d in QImageWriter::write (this=this@entry=0xbfffda58,
image=...) at image/qimagewriter.cpp:606
#6 0xb68cd24c in QImageData::doImageIO (this=0x818d970,
image=image@entry=0xbfffdb00, writer=writer@entry=0xbfffda58,
quality=quality@entry=-1) at image/qimage.cpp:5240
#7 0xb68cd3e5 in QImage::save (this=this@entry=0xbfffdb00,
device=device@entry=0xbfffdaf0, format=0x80ae640 "WEBP",
quality=quality@entry=-1) at image/qimage.cpp:5228
#8 0xb68199d6 in QInternalMimeData::renderDataHelper (mimeType=...,
data=data@entry=0x831e0d0) at kernel/qdnd.cpp:482
#9 0xb689a277 in QX11Data::xdndMimeDataForAtom (this=0x809da00, a=927,
mimeData=0x831e0d0, data=data@entry=0xbfffdc98,
atomFormat=atomFormat@entry=0xbfffdc90,
dataFormat=dataFormat@entry=0xbfffdc94) at kernel/qdnd_x11.cpp:488
#10 0xb689affe in QX11Data::xdndHandleSelectionRequest (this=0x809da00,
req=req@entry=0xbfffde9c) at kernel/qdnd_x11.cpp:1868
#11 0xb688e253 in QApplication::x11ProcessEvent (this=0xbfffed34,
event=event@entry=0xbfffde9c) at kernel/qapplication_x11.cpp:3946
#12 0xb68b9524 in x11EventSourceDispatch (s=s@entry=0x809c3e0,
callback=0x0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#13 0xb5d941e3 in g_main_dispatch (context=0x80a3f70,
context@entry=0x809c3e0)
at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:3064
#14 g_main_context_dispatch (context=context@entry=0x80a3f70)
at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:3663
#15 0xb5d94468 in g_main_context_iterate (context=context@entry=0x80a3f70,
block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:3734
#16 0xb5d94528 in g_main_context_iteration (context=0x80a3f70, may_block=1)
at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:3795
#17 0xb732793b in QEventDispatcherGlib::processEvents (this=this@entry=
0x807bdf0, flags=...) at kernel/qeventdispatcher_glib.cpp:434
#18 0xb68b95de in QGuiEventDispatcherGlib::processEvents (this=0x807bdf0,
flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#19 0xb72f6823 in QEventLoop::processEvents (this=this@entry=0x833c918,
flags=...) at kernel/qeventloop.cpp:149
#20 0xb72f6b49 in QEventLoop::exec (this=this@entry=0x833c918, flags=...)
at kernel/qeventloop.cpp:204
#21 0xb689f3a6 in QDragManager::drag (this=0x81cd138, o=o@entry=0x817c770)
at kernel/qdnd_x11.cpp:2032
#22 0xb6817677 in QDrag::start (this=0x817c770, request=...)
at kernel/qdrag.cpp:316
#23 0x080580f2 in _start ()
`````

Reproducible: Always

OS: Ubuntu 14.04LTS x86(32-bit)
Qt: 4.8.6
KDE : 4.14.2 from Kubuntu Backports
KSnapshot: 0.8.2
libwebp: 0.4.0-4 from Ubuntu 14.04 software source

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

[we...@googlecode.com]

Comment #1 on issue 247 by pascal.m...@gmail.com: Ksnapshot

crashes/segfaults when dragging screenshot to web browser window
https://code.google.com/p/webp/issues/detail?id=247

Looks like an invalid pointer calling the libwebp library.

Looking at the KDE code for webp support, i think there's a potential bug
in file kimgio/webp.cpp:119

It reads:
size = WebPEncodeRGB(imageData, image.width(), image.height(),
image.width() * 4, quality, &output);

but i think it should be:

size = WebPEncodeRGB(imageData, image.width(), image.height(),
image.width() * 3, quality, &output);

[we...@googlecode.com]

Updates:
Owner: pascal.m...@gmail.com

Comment #2 on issue 247 by pascal.m...@gmail.com: Ksnapshot

crashes/segfaults when dragging screenshot to web browser window
https://code.google.com/p/webp/issues/detail?id=247

Forgot to mention the file's location:

https://projects.kde.org/projects/kde/kde-runtime/repository/revisions/master/entry/kimgio/webp.cpp

[we...@googlecode.com]

Comment #3 on issue 247 by Vdragon....@gmail.com: Ksnapshot

crashes/segfaults when dragging screenshot to web browser window
https://code.google.com/p/webp/issues/detail?id=247

@pascal
Thanks for checking out, I'll report back to KDE upstream.

Feel free to close this bug.

[we...@googlecode.com]

Comment #4 on issue 247 by pascal.m...@gmail.com: Ksnapshot

crashes/segfaults when dragging screenshot to web browser window
https://code.google.com/p/webp/issues/detail?id=247

Thanks! Do you have a link with the KDE bug report?

[we...@googlecode.com]

Comment #5 on issue 247 by Vdragon....@gmail.com: Ksnapshot

crashes/segfaults when dragging screenshot to web browser window
https://code.google.com/p/webp/issues/detail?id=247

@pascal
Here you are:
https://bugs.kde.org/show_bug.cgi?id=346123