Memory Corruption in FilterEngine::proceed (Bug #161)
Description
I've been having a weird memory corruption problem that I've been trying to track down. I used electric fence to try and find out where it is and I started getting seg faults in cv::FilterEngine::proceed. It doesn't happen very often and I can't even give you the parameters that I used right now since it runs for some time and the parameters are always changing. I've gotten the error through several opencv functions, GaussianBlur, Sobel, and I can't remember what else right now, I'm guessing anything that uses the FilterEngine. I've compiled opencv for debug and using gdb I was hoping to get a line number of the seg fault but I'm not getting line number on a backtrace. I only seem to get line numbers when I step into the shared library. Can someone help me track down this bug?
Associated revisions
fixed initialization of the border interpolation table in the filter engine (ticket #161)
Merge pull request #161 from apavlenko:fix/sdk_r21
Merge pull request #161 from alalek:ocl_compare_scalar
History
Updated by Kirt Lillywhite about 15 years ago
Replying to kfrance:
I've been having a weird memory corruption problem that I've been trying to track down. I used electric fence to try and find out where it is and I started getting seg faults in cv::FilterEngine::proceed. It doesn't happen very often and I can't even give you the parameters that I used right now since it runs for some time and the parameters are always changing. I've gotten the error through several opencv functions, GaussianBlur, Sobel, and I can't remember what else right now, I'm guessing anything that uses the FilterEngine. I've compiled opencv for debug and using gdb I was hoping to get a line number of the seg fault but I'm not getting line number on a backtrace. I only seem to get line numbers when I step into the shared library. Can someone help me track down this bug?
I was able to track down some parameters and a line number that I get the segfault now. I'm calling "GaussianBlur(sub, dst, Size(11,11), 0, 0);". The sub Mat is a subimage with dimensions 2x59. So it is a small image (with the application I'm making that actually happens quite a bit) using a kernel that is bigger that the actual image. The sub mat was taken from a 64x128 image with a rect(61,64,2,59). The program the segfaults in the FilterEngine::proceed, cvfilter.cpp line 398. I'm hoping that is enough to reproduce the error.
Updated by Kirt Lillywhite about 15 years ago
I've fixed my problem by cloning the subimage so that the variable isolated was true and the parent image wasn't used for the borders, but I imagine others will have this problem as well and would want it fixed.
Updated by anonymous - almost 15 years ago
The bug can not be reproduced with the latest OpenCV version from SVN
- Status changed from Open to Done
- (deleted custom field) set to worksforme
Updated by Kirt Lillywhite almost 15 years ago
The problem is still there with the newest version in SVN that I checked out, revision 2999. If you just run the code there isn't any problem. If you run it using valgrind or linking against electric fence then you will see the problem. Sorry if that wasn't clear before. If you are using valgrind you will see an invalid read of size 1. If you are using electric fence you will get a segmentation fault when it tries to make a read outside of allocated memory. I'm using Linux and I can give you any revision of other software that I'm using. I can't think of anything that is relevant except I'm using libpng 1.4.1.
- Status changed from Done to Cancelled
- (deleted custom field) deleted (
worksforme)
Updated by Kirt Lillywhite over 14 years ago
This bug still exists in the svn trunk. To reproduce
1. Download test.cpp test_image.png
2. Compile g++ test.cpp -o test -lopencv_highgui -I /usr/include/opencv
3. Run with valgrind ./test
You get an invalid read because it reads from memory that has not been allocated so it is just reading a random memory location that is in an unknown state. I would fix it for my case but the code is a bit complicated and I'm afraid I'll break it for other cases.
Updated by Vadim Pisarevsky over 14 years ago
thanks for the sample and sorry for delay! finally fixed in r3915
- Status changed from Cancelled to Done
- (deleted custom field) set to fixed