Kitty: icat crashes kitty while trying to display large number of pictures
Output of kitty --version
kitty 0.14.2 created by Kovid Goyal
Description
As in the title, after trying to display large number of files, kitty displays some of them, and then crashes.
Reproduction
- Clone https://github.com/boyEstrogen/Anime-Girls-Holding-Programming-Books
- call kitty +kitten icat **/*
- Should crash after a while.
JanczarKurek
All 7 comments
Works for me with kitty from master. I suggest you try it from there, or
wait for the next release.
kovidgoyal
on 22 Jul 2019
I tried master version, got this message:
"corrupted size vs. prev_size while consolidating
fish: “python3 .” terminated by signal SIGABRT (Abort)"
Tested also on python3.6, got:
"munmap_chunk(): invalid pointer
fish: “python3.6 .” terminated by signal SIGABRT (Abort)"
Looks suspicious to me.
JanczarKurek
on 22 Jul 2019
Well without a way to replicate it there is not much I can do. You can
build kitty in debug mode with make debug and produce a backtrace of the
crash you get. Or better build it with make asan which should detect any
memory related issues.
kovidgoyal
on 22 Jul 2019
Also raporting this issue. I tried with master version and python 3.7.3, got double free or corruption (out) and free(): corrupted unsorted chunks.
I tried it on fresh install of arch linux in virtual machine, got same results.
v3ctor
on 22 Jul 2019
Tested on Fedora, with python 3.7.3 and master.
Errors: munmap_chunk(): invalid pointer and free(): corrupted unsorted chunks.
kasprzyckit
on 22 Jul 2019
Those error messages aren't very helpful. Is there some more verbose output that you guys didn't post?
Luflosi
on 22 Jul 2019
No, but I have built kitty with sanitizers:
[arch@arch bin]$ ./kitty
[arch@arch bin]$ LD_PRELOAD=/usr/lib/libasan.so ./kitty
=================================================================
==29217==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 824096 byte(s) in 204 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f491508 in PyObject_Malloc (/usr/lib/libpython3.7m.so.1.0+0xe7508)
Direct leak of 1560 byte(s) in 3 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f492c27 (/usr/lib/libpython3.7m.so.1.0+0xe8c27)
Direct leak of 1554 byte(s) in 4 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f491fc6 in PyMem_Malloc (/usr/lib/libpython3.7m.so.1.0+0xe7fc6)
Direct leak of 96 byte(s) in 3 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f495735 in PyThread_allocate_lock (/usr/lib/libpython3.7m.so.1.0+0xeb735)
Indirect leak of 78525 byte(s) in 82 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f491508 in PyObject_Malloc (/usr/lib/libpython3.7m.so.1.0+0xe7508)
Indirect leak of 544 byte(s) in 1 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f492c27 (/usr/lib/libpython3.7m.so.1.0+0xe8c27)
SUMMARY: AddressSanitizer: 906375 byte(s) leaked in 297 allocation(s).
=================================================================
==29189==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900029b478 at pc 0x7f83b1209308 bp 0x7ffe62892f90 sp 0x7ffe62892f80
READ of size 4 at 0x61900029b478 thread T0
#0 0x7f83b1209307 in scroll_filter_func kitty/graphics.c:614
#1 0x7f83b1221fe1 in filter_refs kitty/graphics.c:601
#2 0x7f83b1221fe1 in grman_scroll_images kitty/graphics.c:661
#3 0x7f83b12d1755 in screen_scroll kitty/screen.c:882
#4 0x7f83b12d4c85 in screen_handle_graphics_command kitty/screen.c:579
#5 0x7f83b129a969 in parse_graphics_code kitty/parse-graphics-command.h:318
#6 0x7f83b12b24e8 in dispatch_apc kitty/parser.c:872
#7 0x7f83b12b24e8 in _parse_bytes_watching_for_pending kitty/parser.c:1108
#8 0x7f83b12b7cf0 in do_parse_bytes kitty/parser.c:1226
#9 0x7f83b12b7cf0 in parse_worker kitty/parser.c:1281
#10 0x7f83b1187c3f in do_parse kitty/child-monitor.c:307
#11 0x7f83b1187c3f in parse_input kitty/child-monitor.c:379
#12 0x7f83b118832e in process_global_state kitty/child-monitor.c:914
#13 0x7f83b1189921 in do_state_check kitty/child-monitor.c:900
#14 0x7f83af1dce2b in dispatchTimers glfw/backend_utils.c:215
#15 0x7f83af1dd6d3 in pollForEvents glfw/backend_utils.c:315
#16 0x7f83af1b9295 in handleEvents glfw/x11_window.c:66
#17 0x7f83af1b936a in _glfwPlatformWaitEvents glfw/x11_window.c:2531
#18 0x7f83af199744 in _glfwPlatformRunMainLoop glfw/main_loop.h:30
#19 0x7f83af17a540 in glfwRunMainLoop glfw/init.c:344
#20 0x7f83b1206192 in run_main_loop kitty/glfw.c:1142
#21 0x7f83b117bc8f in main_loop kitty/child-monitor.c:954
#22 0x7f83b5fc50c9 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b0c9)
#23 0x7f83b5ffdb7e in _PyMethodDescr_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x143b7e)
#24 0x7f83b5ffdd13 (/usr/lib/libpython3.7m.so.1.0+0x143d13)
#25 0x7f83b603af8f in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180f8f)
#26 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
#27 0x7f83b5feada2 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130da2)
#28 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#29 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#30 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
#31 0x7f83b5feada2 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130da2)
#32 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#33 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#34 0x7f83b5feac02 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130c02)
#35 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#36 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#37 0x7f83b5feac02 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130c02)
#38 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#39 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#40 0x7f83b5feac02 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130c02)
#41 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#42 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#43 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
#44 0x7f83b5feaac9 in PyEval_EvalCodeEx (/usr/lib/libpython3.7m.so.1.0+0x130ac9)
#45 0x7f83b5feaaeb in PyEval_EvalCode (/usr/lib/libpython3.7m.so.1.0+0x130aeb)
#46 0x7f83b6035429 (/usr/lib/libpython3.7m.so.1.0+0x17b429)
#47 0x7f83b5fc5067 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b067)
#48 0x7f83b5fc5393 in _PyCFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b393)
#49 0x7f83b5ffdd4b (/usr/lib/libpython3.7m.so.1.0+0x143d4b)
#50 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#51 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
#52 0x7f83b5feada2 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130da2)
#53 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#54 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#55 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
#56 0x7f83b5feb44e in _PyFunction_FastCallDict (/usr/lib/libpython3.7m.so.1.0+0x13144e)
#57 0x7f83b60c2c73 (/usr/lib/libpython3.7m.so.1.0+0x208c73)
#58 0x7f83b60c414f (/usr/lib/libpython3.7m.so.1.0+0x20a14f)
#59 0x7f83b5f97515 in Py_Main (/usr/lib/libpython3.7m.so.1.0+0xdd515)
#60 0x564cf4c002fe in main (/home/v3ct0r/kitty/linux-package/bin/kitty+0x12fe)
#61 0x7f83b5d1dee2 in __libc_start_main (/usr/lib/libc.so.6+0x26ee2)
#62 0x564cf4c0042d in _start (/home/v3ct0r/kitty/linux-package/bin/kitty+0x142d)
0x61900029b478 is located 248 bytes inside of 1088-byte region [0x61900029b380,0x61900029b7c0)
freed by thread T0 here:
#0 0x7f83b650a6c0 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:122
#1 0x7f83b1222346 in free_refs_data kitty/graphics.c:45
#2 0x7f83b1222346 in free_image kitty/graphics.c:61
#3 0x7f83b1222346 in remove_image kitty/graphics.c:98
#4 0x7f83b1222346 in filter_refs kitty/graphics.c:605
#5 0x7f83b1222346 in grman_scroll_images kitty/graphics.c:661
#6 0x7f83b12d1755 in screen_scroll kitty/screen.c:882
#7 0x7f83b12d4c85 in screen_handle_graphics_command kitty/screen.c:579
#8 0x7f83b129a969 in parse_graphics_code kitty/parse-graphics-command.h:318
#9 0x7f83b12b24e8 in dispatch_apc kitty/parser.c:872
#10 0x7f83b12b24e8 in _parse_bytes_watching_for_pending kitty/parser.c:1108
#11 0x7f83b12b7cf0 in do_parse_bytes kitty/parser.c:1226
#12 0x7f83b12b7cf0 in parse_worker kitty/parser.c:1281
#13 0x7f83b1187c3f in do_parse kitty/child-monitor.c:307
#14 0x7f83b1187c3f in parse_input kitty/child-monitor.c:379
#15 0x7f83b118832e in process_global_state kitty/child-monitor.c:914
#16 0x7f83b1189921 in do_state_check kitty/child-monitor.c:900
#17 0x7f83af1dce2b in dispatchTimers glfw/backend_utils.c:215
#18 0x7f83af1dd6d3 in pollForEvents glfw/backend_utils.c:315
#19 0x7f83af1b9295 in handleEvents glfw/x11_window.c:66
#20 0x7f83af1b936a in _glfwPlatformWaitEvents glfw/x11_window.c:2531
#21 0x7f83af199744 in _glfwPlatformRunMainLoop glfw/main_loop.h:30
#22 0x7f83af17a540 in glfwRunMainLoop glfw/init.c:344
#23 0x7f83b1206192 in run_main_loop kitty/glfw.c:1142
#24 0x7f83b117bc8f in main_loop kitty/child-monitor.c:954
#25 0x7f83b5fc50c9 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b0c9)
previously allocated by thread T0 here:
#0 0x7f83b650af40 in __interceptor_realloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7f83b120b4a4 in handle_put_command kitty/graphics.c:483
#2 0x7f83b12248da in grman_handle_command kitty/graphics.c:780
#3 0x7f83b12d4566 in screen_handle_graphics_command kitty/screen.c:574
#4 0x7f83b129a969 in parse_graphics_code kitty/parse-graphics-command.h:318
#5 0x7f83b12b24e8 in dispatch_apc kitty/parser.c:872
#6 0x7f83b12b24e8 in _parse_bytes_watching_for_pending kitty/parser.c:1108
#7 0x7f83b12b7cf0 in do_parse_bytes kitty/parser.c:1226
#8 0x7f83b12b7cf0 in parse_worker kitty/parser.c:1281
#9 0x7f83b1187c3f in do_parse kitty/child-monitor.c:307
#10 0x7f83b1187c3f in parse_input kitty/child-monitor.c:379
#11 0x7f83b118832e in process_global_state kitty/child-monitor.c:914
#12 0x7f83b1189921 in do_state_check kitty/child-monitor.c:900
#13 0x7f83af1dce2b in dispatchTimers glfw/backend_utils.c:215
#14 0x7f83af1dd6d3 in pollForEvents glfw/backend_utils.c:315
#15 0x7f83af1b9295 in handleEvents glfw/x11_window.c:66
#16 0x7f83af1b936a in _glfwPlatformWaitEvents glfw/x11_window.c:2531
#17 0x7f83af199744 in _glfwPlatformRunMainLoop glfw/main_loop.h:30
#18 0x7f83af17a540 in glfwRunMainLoop glfw/init.c:344
#19 0x7f83b1206192 in run_main_loop kitty/glfw.c:1142
#20 0x7f83b117bc8f in main_loop kitty/child-monitor.c:954
#21 0x7f83b5fc50c9 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b0c9)
SUMMARY: AddressSanitizer: heap-use-after-free kitty/graphics.c:614 in scroll_filter_func
Shadow bytes around the buggy address:
0x0c328004b630: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b650: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c328004b660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c328004b670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c328004b680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]
0x0c328004b690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b6a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b6b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b6c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b6d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==29189==ABORTING
👍3
Was this page helpful?
0 / 5 - 0 ratings
Related issues
JJGO
·
3Comments
reed-jones
·
4Comments
mihaicristiantanase
·
3Comments
atomsymbol
·
3Comments
Jomik
·
4Comments
Most helpful comment
No, but I have built kitty with sanitizers: