Details
-
Bug
-
Resolution: Cannot Reproduce
-
P1: Critical
-
None
-
5.9.7
-
None
-
Originally reported on POWER9 (PowerPC) workstation (Talos II) with AMD Radeon R5 220; also seen on x86_64 hardware running Linux inside Hyper-V
Description
This bug was found in KPat when attempting to change card decks. The KDE bug report number is #402220. Card decks are a single SVG file, with each card being a specific ID. When opening the "Change Appearance" dialogue to change the deck, a segmentation fault was observed. All decks affected have embedded PNG images as the actual card data. For example, from the xskat-french card deck:
<image
id="2_diamond"
x="864"
y="336"
height="112"
width="72"
xlink:href="data:image/png;base64,[ .. base64 data .. ] " />
Backtrace from GDB:
#0 0x00003ffff6b367f0 in fetchTransformedBilinear64<(TextureBlendType)4> (buffer=0x3fffeaf68418, data=0x100763428, y=0, x=0, length=74) at painting/qdrawhelper.cpp:2967
#1 0x00003ffff6b4186c in BlendSrcGenericRGB64::fetch (len=74, y=0, x=0, this=0x3fffeaf64378) at painting/qdrawhelper.cpp:4054
#2 handleSpans<BlendSrcGenericRGB64> (count=256, spans=0x3fffeaf6c710, data=<optimized out>, handler=...) at painting/qdrawhelper.cpp:3967
#3 0x00003ffff6b409e8 in blend_src_generic_rgb64 (count=<optimized out>, spans=0x3fffeaf6c710, userData=0x100763428) at painting/qdrawhelper.cpp:4081
#4 0x00003ffff6b3b0dc in qBlendTexture (count=<optimized out>, spans=0x3fffeaf6c710, userData=0x100763428) at painting/qdrawhelper.cpp:5347
#5 0x00003ffff6b6bcf0 in qt_span_fill_clipRect (count=<optimized out>, spans=0x3fffeaf6c710, userData=0x100763428) at painting/qpaintengine_raster.cpp:4099
#6 0x00003ffff6bde020 in QSpanBuffer::flushSpans (this=0x3fffeaf6c700) at painting/qrasterizer.cpp:111
#7 QSpanBuffer::addSpan (coverage=<optimized out>, y=85, len=<optimized out>, x=<optimized out>, this=0x3fffeaf6c700) at painting/qrasterizer.cpp:105
#8 QRasterizer::rasterizeLine (this=0x10074d7c0, a=..., b=..., width=<optimized out>, squareCap=<optimized out>) at painting/qrasterizer.cpp:917
#9 0x00003ffff6b75b2c in QRasterPaintEngine::drawImage (this=0x100763000, r=..., img=..., sr=...) at painting/qpaintengine_raster.cpp:2423
#10 0x00003ffff6b9aca8 in QPainter::drawImage (this=0x3fffeaf6d840, targetRect=..., image=..., sourceRect=..., flags=...) at painting/qpainter.cpp:5477
#11 0x00003ffff5c10364 in QPainter::drawImage (image=..., r=..., this=0x3fffeaf6d840) at /usr/include/QtGui/qpainter.h:848
#12 QSvgImage::draw (this=0x101092a40, p=0x3fffeaf6d840, states=...) at qsvggraphics.cpp:137
#13 0x00003ffff5c3cd94 in QSvgG::draw (this=0x1010926a0, p=0x3fffeaf6d840, states=...) at qsvgstructure.cpp:71
#14 0x00003ffff5c3cd94 in QSvgG::draw (this=0x101092440, p=0x3fffeaf6d840, states=...) at qsvgstructure.cpp:71
#15 0x00003ffff5c477c0 in QSvgTinyDocument::draw (this=0x1007ef200, p=0x3fffeaf6d840, id=..., bounds=...) at qsvgtinydocument.cpp:304
#16 0x00003ffff5c4a580 in QSvgRenderer::render (this=<optimized out>, painter=<optimized out>, elementId=..., bounds=...) at qsvgrenderer.cpp:399
#17 0x00003ffff7e60858 in PreviewThread::run (this=0x10075b520) at /usr/src/packages/user/kpat/src/kpat-18.08.3/libkcardgame/kcardthemewidget.cpp:104
#18 0x00003ffff61b3c88 in QThreadPrivate::start (arg=0x10075b520) at thread/qthread_unix.cpp:368
#19 0x00003ffff7fa276c in start (p=0x3fffeaf6da78) at src/thread/pthread_create.c:147
#20 0x00003ffff7fae608 in __clone () at src/thread/powerpc64/clone.s:43
On the PowerPC workstation where I first encountered this bug, QT_QUICK_BACKEND=software due to QTBUG-56975. Another of our developers encountered this when running KDE inside Hyper-V; I am not sure if software rendering is required in Hyper-V, but I would assume it is.