Hi. darktable user <|beowulf|> has reported a problem, and while trying to investigate, the following ASAN report was acquired [1].
If we look at https://github.com/lensfun/lensfun/blob/v0.3.2/libs/lensfun/modifier.cpp#L257-L262 you can see that lfCallbackData is being deleted. But as https://github.com/lensfun/lensfun/blob/v0.3.2/include/lensfun/lensfun.h.in#L1902-L1903 suggests, it is just a base type, and is not used directly: https://github.com/lensfun/lensfun/blob/v0.3.2/libs/lensfun/lensfunprv.h#L459-L475 However. lfCallbackData does not have a virtual destructor. Thus we are only freeing the base class, not the actual lfSubpixelCallbackData / lfCoordCallbackData / lfColorCallbackData. At least that is how i read it. Roman. [1] └> darktable ================================================================= ==30412==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x60300182a430 in thread T1 (worker 0): object passed to delete has wrong type: size of the allocated type: 32 bytes; size of the deallocated type: 24 bytes. #0 0x7f31a4735751 in operator delete(void*, unsigned long) /home/sourcemage/build_directory/gcc-7.1.0/libsanitizer/asan/asan_new_delete.cc:140 #1 0x7f316f4e303b in free_callback_list /home/sourcemage/build_directory/lensfun-0.3.2/libs/lensfun/modifier.cpp:262 #2 0x7f316f4e3630 in lfModifier::~lfModifier() /home/sourcemage/build_directory/lensfun-0.3.2/libs/lensfun/modifier.cpp:270 #3 0x7f316f4e364c in lfModifier::Destroy() /home/sourcemage/build_directory/lensfun-0.3.2/libs/lensfun/modifier.cpp:143 #4 0x7f316f7378a8 in get_autoscale /home/florian/repos/darktable/src/iop/lens.c:2008 #5 0x7f316f7417dd in reload_defaults /home/florian/repos/darktable/src/iop/lens.c:1209 #6 0x7f31a3f8faa3 in dt_iop_reload_defaults /home/florian/repos/darktable/src/develop/imageop.c:1035 #7 0x7f31a3f9a29d in dt_iop_load_modules /home/florian/repos/darktable/src/develop/imageop.c:1329 #8 0x7f31a3f84800 in dt_dev_load_image /home/florian/repos/darktable/src/develop/develop.c:499 #9 0x7f31a3ede88b in dt_imageio_export_with_flags /home/florian/repos/darktable/src/common/imageio.c:551 #10 0x7f31a3f1d381 in _init_8 /home/florian/repos/darktable/src/common/mipmap_cache.c:1220 #11 0x7f31a3f1d381 in dt_mipmap_cache_get_with_caller /home/florian/repos/darktable/src/common/mipmap_cache.c:801 #12 0x7f31a3f77f22 in dt_image_load_job_run /home/florian/repos/darktable/src/control/jobs/image_jobs.c:35 #13 0x7f31a3f66cf6 in dt_control_job_execute /home/florian/repos/darktable/src/control/jobs.c:304 #14 0x7f31a3f6801f in dt_control_run_job /home/florian/repos/darktable/src/control/jobs.c:323 #15 0x7f31a3f6801f in dt_control_work /home/florian/repos/darktable/src/control/jobs.c:568 #16 0x7f31a3afe363 in start_thread (/lib/libpthread.so.0+0x7363) #17 0x7f31a386da8e in __clone (/lib/libc.so.6+0xdda8e) 0x60300182a430 is located 0 bytes inside of 32-byte region [0x60300182a430,0x60300182a450) allocated by thread T1 (worker 0) here: #0 0x7f31a47345ee in operator new(unsigned long) /home/sourcemage/build_directory/gcc-7.1.0/libsanitizer/asan/asan_new_delete.cc:80 #1 0x7f316f4e2b9f in lfModifier::AddSubpixelCallback(void (*)(void*, float*, int), int, void*, unsigned long) /home/sourcemage/build_directory/lensfun-0.3.2/libs/lensfun/mod-subpix.cpp:14 Thread T1 (worker 0) created by T0 here: #0 0x7f31a46b3cbe in __interceptor_pthread_create /home/sourcemage/build_directory/gcc-7.1.0/libsanitizer/asan/asan_interceptors.cc:243 #1 0x7f31a3e6efb0 in dt_pthread_create /home/florian/repos/darktable/src/common/dtpthread.c:65 #2 0x7f31a3f686d0 in dt_control_jobs_init /home/florian/repos/darktable/src/control/jobs.c:624 #3 0x7f31a3f5d7e1 in dt_control_init /home/florian/repos/darktable/src/control/control.c:70 #4 0x7f31a3e5da64 in dt_init /home/florian/repos/darktable/src/common/darktable.c:855 #5 0x4008f5 in main /home/florian/repos/darktable/src/main.c:64 #6 0x7f31a37b0349 in __libc_start_main (/lib/libc.so.6+0x20349) SUMMARY: AddressSanitizer: new-delete-type-mismatch /home/sourcemage/build_directory/gcc-7.1.0/libsanitizer/asan/asan_new_delete.cc:140 in operator delete(void*, unsigned long) ==30412==HINT: if you don't care about these errors you may set ASAN_OPTIONS=new_delete_type_mismatch=0 ==30412==ABORTING ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Lensfun-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lensfun-users
