Crash : Malformed .bmp files lead to crash. #71960

New Issue

Ed H. · 2019-11-27T04:28:32+01:00

Ed H. commented

2019-11-27 04:28:32 +01:00

There is no bounds checking in source\blender\imbuf\intern\bmp.c leading to out of bound access if the bmp file is malformed.

repro:

Copy the attached bmp files to the default folder (on windows c:\Users\[username]\Documents\
Click the Shader tab
The file dialog in the upper left will try to make thumbnails, and crash while doing it.

Note: The problem exists in the 16bpp (rgb565) codepath as well but i had nothing that could write that format.

Note2: The header checks also do not respect the buffer bounds, i didn't have time to make to make a crashing bmp, but whoever will work on this will have to fix that as well.

note3: the crashy bmp files are created by taking a regular bmp file and truncating it to about half their size, leading to a correct header, but not enough image data in the file.

[Original report]

System Information
Operating system: Windows 10 Pro, Version 1903, Build: 18362.476
Graphics card: Nvidia GTX 980 TI Driver 441.20

Blender Version
Broken: 2.181 release
Worked: (optional)

On fresh install of 2.81, startup with default project.
Select the Shader tab and Blender crashes with:

found bundled python: C:\Program Files\Blender Foundation\Blender 2.81\2.81\python
Error : EXCEPTION_ACCESS_VIOLATION
Address : 0x00007FF63621A4B0
Module : C:\Program Files\Blender Foundation\Blender 2.81\blender.exe

There is no bounds checking in `source\blender\imbuf\intern\bmp.c` leading to out of bound access if the bmp file is malformed. repro: 1) Copy the attached bmp files to the default folder (on windows `c:\Users\[username]\Documents\` 2) Click the Shader tab 3) The file dialog in the upper left will try to make thumbnails, and crash while doing it. Note: The problem exists in the 16bpp (rgb565) codepath as well but i had nothing that could write that format. Note2: The header checks also do not respect the buffer bounds, i didn't have time to make to make a crashing bmp, but whoever will work on this will have to fix that as well. note3: the crashy bmp files are created by taking a regular bmp file and truncating it to about half their size, leading to a correct header, but not enough image data in the file. ![crashy_32bpp.bmp](https://archive.blender.org/developer/F8571017/crashy_32bpp.bmp) ![crashy_1bpp.bmp](https://archive.blender.org/developer/F8571018/crashy_1bpp.bmp) ![crashy_24bpp.bmp](https://archive.blender.org/developer/F8571019/crashy_24bpp.bmp) [Original report] **System Information** Operating system: Windows 10 Pro, Version 1903, Build: 18362.476 Graphics card: Nvidia GTX 980 TI Driver 441.20 **Blender Version** Broken: 2.181 release Worked: (optional) On fresh install of 2.81, startup with default project. Select the Shader tab and Blender crashes with: found bundled python: C:\Program Files\Blender Foundation\Blender 2.81\2.81\python Error : EXCEPTION_ACCESS_VIOLATION Address : 0x00007FF63621A4B0 Module : C:\Program Files\Blender Foundation\Blender 2.81\blender.exe

Ed H. commented

2019-11-27 04:28:32 +01:00

Added subscriber: @Ed-H

blender-admin commented

2019-11-27 04:28:32 +01:00

#83324 was marked as duplicate of this issue

blender-admin commented

2019-11-27 04:28:32 +01:00

#68164 was marked as duplicate of this issue

Ed H. commented

2019-11-27 04:31:03 +01:00

blender_debug_output.txt

blender_system_info.txt

[blender_debug_output.txt](https://archive.blender.org/developer/F8171057/blender_debug_output.txt) [blender_system_info.txt](https://archive.blender.org/developer/F8171058/blender_system_info.txt)

Ed H. commented

2019-11-27 04:31:28 +01:00

Had the same issue with 2.80

Germano Cavalcante commented

2019-11-27 13:44:02 +01:00

Added subscriber: @mano-wii

Germano Cavalcante commented

2019-11-27 13:44:02 +01:00

This is strange, it seems that the graphics driver is one of the latest.
https://www.geforce.com/drivers?nvid=nv-int-bnnr-96776#cid=internal_en-us_banner_gtx_900_series_upgrade

But we do not have much information to know what is happening.
Try after loading Factory Settings. (File -> Defaults -> Load Factory Settings)

This is strange, it seems that the graphics driver is one of the latest. https://www.geforce.com/drivers?nvid=nv-int-bnnr-96776#cid=internal_en-us_banner_gtx_900_series_upgrade But we do not have much information to know what is happening. Try after loading Factory Settings. (`File -> Defaults -> Load Factory Settings`)

Germano Cavalcante commented

2019-11-28 18:06:51 +01:00

Did loading the factory settings have any effect?

Ed H. commented

2019-11-28 22:42:17 +01:00

No

Richard Antalik commented

2020-01-16 16:33:01 +01:00

Added subscriber: @iss

Richard Antalik commented

2020-01-16 16:33:01 +01:00

Changed status from 'Needs Developer To Reproduce' to: 'Needs User Info'

Richard Antalik commented

2020-01-16 16:33:01 +01:00

Is this still an issue with latest build? https://builder.blender.org/download/

Jeroen Bakker commented

2020-01-20 11:53:28 +01:00

Added subscribers: @ronsn, @robbott

Ed H. commented

2020-01-27 09:55:53 +01:00

Still fails with 2.82:
Build info:

        Blender 2.82 (sub 6)
        Build: 2020-01-27 00:03:00 Windows Release

Still fails with 2.82: Build info: ``` Blender 2.82 (sub 6) Build: 2020-01-27 00:03:00 Windows Release

Ed H. commented

2020-01-27 09:59:57 +01:00

Also tested with 2.83:
Still fails.

Build info:

     Blender 2.83 (sub 1)
     Build: 2020-01-27 00:29:53 Windows Release

Also tested with 2.83: Still fails. Build info: ``` Blender 2.83 (sub 1) Build: 2020-01-27 00:29:53 Windows Release ```

Richard Antalik commented

2020-01-27 12:07:49 +01:00

Changed status from 'Needs User Info' to: 'Needs Developer To Reproduce'

Ed H. commented

2020-02-10 08:15:49 +01:00

Still happening with 'blender-2.83-cdfaddbb1d42-windows64'blender_system_info.txt

blender_debug_output.txt

Is there anything else I can do on my end?

Still happening with 'blender-2.83-cdfaddbb1d42-windows64'[blender_system_info.txt](https://archive.blender.org/developer/F8332045/blender_system_info.txt) [blender_debug_output.txt](https://archive.blender.org/developer/F8332046/blender_debug_output.txt) Is there anything else I can do on my end?

Ed H. commented

2020-02-10 08:16:09 +01:00

This comment was removed by @Ed-H

*This comment was removed by @Ed-H*

Ed H. commented

2020-05-18 20:14:32 +02:00

Just tested with 2.90 May 18th alpha. Still crashes on Shader tab.

Beulah Royds commented

2020-05-21 14:01:28 +02:00

Added subscriber: @Delenn97

Beulah Royds commented

2020-05-21 14:01:28 +02:00

Was a fix ever found for this? Or can I nolonger use blender

Ed H. commented

2020-06-02 02:06:31 +02:00

I noticed that if I open this project and click the Shader tab Blender does not crash. So maybe there is some initialization or un-initialized value somewhere(?).

Detailing-Project-File.zip

I noticed that if I open this project and click the Shader tab Blender ***does not*** crash. So maybe there is some initialization or un-initialized value somewhere(?). [Detailing-Project-File.zip](https://archive.blender.org/developer/F8570754/Detailing-Project-File.zip)

Ray molenkamp commented

2020-06-02 02:12:25 +02:00

Added subscriber: @LazyDodo

Ray molenkamp commented

2020-06-02 02:12:25 +02:00

Can you try a daily 2.90? When it crashes it should with a bit of luck write out a crash report that may help tracking this down.

Ed H. commented

2020-06-02 02:37:33 +02:00

Still crashed at 2.90 6/1/2020 build. Here are the debug / info files.
Running NVIDIA drivers 446.14 on 980 TI.

blender_system_info.txt

blender_debug_output.txt

blender.crash.txt

Still crashed at 2.90 6/1/2020 build. Here are the debug / info files. Running NVIDIA drivers 446.14 on 980 TI. [blender_system_info.txt](https://archive.blender.org/developer/F8570802/blender_system_info.txt) [blender_debug_output.txt](https://archive.blender.org/developer/F8570803/blender_debug_output.txt) [blender.crash.txt](https://archive.blender.org/developer/F8570804/blender.crash.txt)

Ed H. commented

2020-06-02 02:38:40 +02:00

Also tried "factory startup" cmd still no luck.

Ray molenkamp commented

2020-06-02 03:20:59 +02:00

Seems to crash while trying to generate a thumbnail for a .bmp file, is there any chance you could run ProcessMonitor and see what the last .bmp file was that blender read? and then do 2 two things.

Move it somewhere else, and see if the problem goes away
If the problem does go away, and you could share the troublesome bmp so we could fix the bug that be great

Seems to crash while trying to generate a thumbnail for a `.bmp` file, is there any chance you could run [ProcessMonitor ](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) and see what the last `.bmp` file was that blender read? and then do 2 two things. 1) Move it somewhere else, and see if the problem goes away 2) If the problem does go away, and you could share the troublesome bmp so we could fix the bug that be great

Campbell Barton commented

2020-06-02 04:09:21 +02:00

Changed status from 'Needs Developer To Reproduce' to: 'Needs User Info'

Ray molenkamp commented

2020-06-02 04:13:44 +02:00

Changed status from 'Needs User Info' to: 'Confirmed'

Ray molenkamp commented

2020-06-02 04:13:44 +02:00

Actually i made some bad .bmp files and can repro easily, there is NO bounds checking whatsoever in the bmp loader.

Copy the attached bmp files to the default folder (on windows c:\Users\[username]\Documents\
Click the Shader tab

Note: The problem exists in the 16bpp (rgb565) codepath as well but i had nothing that could write that format.

Note2: The header checks also do not respect the buffer bounds, i didn't have time to make to make a crashing bmp, but whoever will work on this will have to fix that as well.

note3: the crashy bmp files are created by taking a regular bmp file and truncating it to about half their size, leading to a correct header, but not enough image data in the file.

Actually i made some bad .bmp files and can repro easily, there is *NO* bounds checking whatsoever in the bmp loader. 1) Copy the attached bmp files to the default folder (on windows `c:\Users\[username]\Documents\` 2) Click the Shader tab Note: The problem exists in the 16bpp (rgb565) codepath as well but i had nothing that could write that format. Note2: The header checks also do not respect the buffer bounds, i didn't have time to make to make a crashing bmp, but whoever will work on this will have to fix that as well. note3: the crashy bmp files are created by taking a regular bmp file and truncating it to about half their size, leading to a correct header, but not enough image data in the file. ![crashy_32bpp.bmp](https://archive.blender.org/developer/F8571017/crashy_32bpp.bmp) ![crashy_1bpp.bmp](https://archive.blender.org/developer/F8571018/crashy_1bpp.bmp) ![crashy_24bpp.bmp](https://archive.blender.org/developer/F8571019/crashy_24bpp.bmp)

Ed H. commented

2020-06-02 04:28:19 +02:00

That fixed it.

The file was called "hokie.bmp" and it was not a valid .BMP file. Must have been corrupted. I cannot open it with any other graphics. tool. This file was in the "My Documents" folder; which it looks like Blender goes through and reads all the media there. I probably could change that directory in the upper left frame to point to a more specific place for Blender related media. I have attached problem file here.

Thank you for your analysis.

**That fixed it.** The file was called "hokie.bmp" and it was not a valid .BMP file. Must have been corrupted. I cannot open it with any other graphics. tool. This file was in the "My Documents" folder; which it looks like Blender goes through and reads all the media there. I probably could change that directory in the upper left frame to point to a more specific place for Blender related media. I have attached problem file here. ![hokie.bmp](https://archive.blender.org/developer/F8571035/hokie.bmp) Thank you for your analysis.

Ray molenkamp commented

2020-06-02 06:24:08 +02:00

Not sure if you want it, but i repaired the file by just padding it with white pixels

Not sure if you want it, but i repaired the file by just padding it with white pixels ![fixed_hokie.bmp](https://archive.blender.org/developer/F8571226/fixed_hokie.bmp)

Ray molenkamp changed title from ~~Error : EXCEPTION_ACCESS_VIOLATION when selecting the Shader tab on new project~~ to Crash : Malformed .bmp files lead to crash.

2020-06-02 17:16:57 +02:00

Ed H. commented

2020-06-02 20:15:42 +02:00

I was actually able to open it with microsoft Code(??!) I had to open a valid BMP file first though.
This was probably created by a pinball table editor. I've deleted it, thanks.

I was actually able to open it with microsoft Code(??!) I had to open a valid BMP file first though. This was probably created by a pinball table editor. I've deleted it, thanks.

Richard Antalik commented

2020-11-24 20:47:53 +01:00

Images & Movies isn't a project really, so I guess I will add #vfx_video
Or we can update query https://developer.blender.org/maniphest/query/J_RaaSzk5wr0/

Images & Movies isn't a project really, so I guess I will add #vfx_video Or we can update query https://developer.blender.org/maniphest/query/J_RaaSzk5wr0/

Robert Guetzkow commented

2020-12-02 20:29:04 +01:00

Added subscribers: @Kealinit, @rjg

Ed H. commented

2020-12-02 21:14:20 +01:00

Just wanted to point out that, the original cause of the Shader Editor crash is because Blender would scan the "My Documents" folder for image files when the user selected the Shader tab; and in my case hit a bad .BMP file in the process.