-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Random crashes/leaks, when trying to convert invalid lottie files to gifs #2072
Comments
When image data fails to load or image parsing fails, the id is leaked without being assigned to the name. To prevent that, free id value when obj is nullptr. related issue: thorvg#2072 BrokenLottie.7z/test3_IDX_130_RAND_18289244608080059871.json BrokenLottie.7z/test3_IDX_131_RAND_7772102071213376276.json BrokenLottie.7z/test3_IDX_132_RAND_3072617087893397532.json BrokenLottie.7z/test3_IDX_134_RAND_17738488813555566674.json BrokenLottie.7z/test3_IDX_137_RAND_13903188963759129023.json BrokenLottie.7z/test3_IDX_138_RAND_1645404078965858130.json
When image data fails to load or image parsing fails, the id is leaked without being assigned to the name. To prevent that, free id value when obj is nullptr. related issue: #2072 BrokenLottie.7z/test3_IDX_130_RAND_18289244608080059871.json BrokenLottie.7z/test3_IDX_131_RAND_7772102071213376276.json BrokenLottie.7z/test3_IDX_132_RAND_3072617087893397532.json BrokenLottie.7z/test3_IDX_134_RAND_17738488813555566674.json BrokenLottie.7z/test3_IDX_137_RAND_13903188963759129023.json BrokenLottie.7z/test3_IDX_138_RAND_1645404078965858130.json
@JSUYA ok to close? |
Hi, various defects are occurring in 888 json test files. Issues related to gradient color stops require further check. There seem to be more cases depending on how color stop is defined. |
When image data fails to load or image parsing fails, the id is leaked without being assigned to the name. To prevent that, free id value when obj is nullptr. related issue: #2072 BrokenLottie.7z/test3_IDX_130_RAND_18289244608080059871.json BrokenLottie.7z/test3_IDX_131_RAND_7772102071213376276.json BrokenLottie.7z/test3_IDX_132_RAND_3072617087893397532.json BrokenLottie.7z/test3_IDX_134_RAND_17738488813555566674.json BrokenLottie.7z/test3_IDX_137_RAND_13903188963759129023.json BrokenLottie.7z/test3_IDX_138_RAND_1645404078965858130.json
Prototyping. Update tvgLottieLoader.cpp Update tvgAnimation.cpp range gl_engine: make stencil task support other advance logical * Support rendering Gradient in path Stroke mode * Fix GlStencilCoverTask not support even-odd fill rule * Make GlStencilCoverTask can discard overlapped area during stroke rendering lottie: Added gradient population preventing logic `LottieGradient.populate` function checks whether the value has already been calculated and populated via the flag `populated`. loader/lottie: Prevent leak memory when image load fails When image data fails to load or image parsing fails, the id is leaked without being assigned to the name. To prevent that, free id value when obj is nullptr. related issue: thorvg#2072 BrokenLottie.7z/test3_IDX_130_RAND_18289244608080059871.json BrokenLottie.7z/test3_IDX_131_RAND_7772102071213376276.json BrokenLottie.7z/test3_IDX_132_RAND_3072617087893397532.json BrokenLottie.7z/test3_IDX_134_RAND_17738488813555566674.json BrokenLottie.7z/test3_IDX_137_RAND_13903188963759129023.json BrokenLottie.7z/test3_IDX_138_RAND_1645404078965858130.json lottie/property: code refactoring introduce the release() method for memory freeing. This method can be used for any demands. test/lottie: added the slot resetting use case lottie: Support the slot reverting feature Implemented the ability to revert Lottie slots by calling override with nullptr. This functionality allows for the complete reversal of applied slots. usage: - `animation->override(nullptr)` Co-Authored-By: Hermet Park <hermet@lottiefiles.com> 1 11 1 remove string_view fix compile for ci Revert "Merge branch 'main' into lucas/markers" This reverts commit e448f0d, reversing changes made to 44402f7.
When lottie is broken and provides invalid gradient, the program crashes in segmentation fault. At that time, in the `populate` function, `ColorStop& color` doesn't have `input` but tries to use it. Added checking nullptr logic. The function `populate` will not proceed and return 0 in that case. related issue: thorvg#2072
When lottie is broken and provides invalid gradient, the program crashes in segmentation fault. At that time, in the `populate` function, `ColorStop& color` doesn't have `input` but tries to use it. Added checking nullptr logic. The function `populate` will not proceed and return 0 in that case. related issue: #2072
This change is better for stability. Returns `None` if the `mode` attribute cannot be parsed. related issue: thorvg#2072
This change is better for stability. Returns `None` if the `mode` attribute cannot be parsed. related issue: #2072
|
When lottie is broken and provides invalid gradient, the program crashes in segmentation fault. At that time, in the `populate` function, `ColorStop& color` doesn't have `input` but tries to use it. Added checking nullptr logic. The function `populate` will not proceed and return 0 in that case. related issue: #2072
This change is better for stability. Returns `None` if the `mode` attribute cannot be parsed. related issue: #2072
Recent version on Ubuntu 23.10 for this json files - with ThreadSanitizer prints most of the time unexpected memory mapping Valgrind not shows any problems |
When image data fails to load or image parsing fails, the id is leaked without being assigned to the name. To prevent that, free id value when obj is nullptr. related issue: #2072 BrokenLottie.7z/test3_IDX_130_RAND_18289244608080059871.json BrokenLottie.7z/test3_IDX_131_RAND_7772102071213376276.json BrokenLottie.7z/test3_IDX_132_RAND_3072617087893397532.json BrokenLottie.7z/test3_IDX_134_RAND_17738488813555566674.json BrokenLottie.7z/test3_IDX_137_RAND_13903188963759129023.json BrokenLottie.7z/test3_IDX_138_RAND_1645404078965858130.json
When lottie is broken and provides invalid gradient, the program crashes in segmentation fault. At that time, in the `populate` function, `ColorStop& color` doesn't have `input` but tries to use it. Added checking nullptr logic. The function `populate` will not proceed and return 0 in that case. related issue: #2072
This change is better for stability. Returns `None` if the `mode` attribute cannot be parsed. related issue: #2072
When image data fails to load or image parsing fails, the id is leaked without being assigned to the name. To prevent that, free id value when obj is nullptr. related issue: #2072 BrokenLottie.7z/test3_IDX_130_RAND_18289244608080059871.json BrokenLottie.7z/test3_IDX_131_RAND_7772102071213376276.json BrokenLottie.7z/test3_IDX_132_RAND_3072617087893397532.json BrokenLottie.7z/test3_IDX_134_RAND_17738488813555566674.json BrokenLottie.7z/test3_IDX_137_RAND_13903188963759129023.json BrokenLottie.7z/test3_IDX_138_RAND_1645404078965858130.json
When lottie is broken and provides invalid gradient, the program crashes in segmentation fault. At that time, in the `populate` function, `ColorStop& color` doesn't have `input` but tries to use it. Added checking nullptr logic. The function `populate` will not proceed and return 0 in that case. related issue: #2072
This change is better for stability. Returns `None` if the `mode` attribute cannot be parsed. related issue: #2072
New pack - lottie files.zip
|
Command (lottie compiled with ubsan + asan)
files with info about problems - BrokenLottie.7z.zip - (this is 7zip archive, but named zip, to be able to post it here)
example problems
The text was updated successfully, but these errors were encountered: