Assert Dragging & dropping color in the Image Editor (double UNDO push?)
System Information
Operating system: Linux-5.3.12-200.fc30.x86_64-x86_64-with-fedora-30-Thirty 64 Bits
Graphics card: GeForce GTX 970M/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 440.31

Blender Version
Broken: version: 2.82 (sub 5), branch: master, commit date: 2019-12-16 11:41, hash: rBbbc97fc533d0
Worked: (optional)

Short description of error
Assert Dragging & dropping color in the Image Editor from the color button onto the image.
(also reported in T72440, but that crash was fixed...)

Exact steps for others to reproduce the error

  • Open file
  • Drag white color from the color button in the tool settings onto the image
  • Assert

BLI_assert failed: /blender/source/blender/blenkernel/intern/undo_system.c:457, BKE_undosys_step_push_init_with_type(), at 'ustack->step_init == ((void *)0)'
ustack->step_init is not NULL (already has Drop Color, wants to do for ED_imapaint_bucket_fill as well, so seems like two undo pushes where only one is allowed?)

Sybren A. Stüvel (sybren) changed the subtype of this task from "Report" to "Bug".Jan 20 2020, 1:57 PM

There are actually two issues with ED_imapaint_bucket_fill(), the undo and the call to paint_2d_bucket_fill().

The undo breaks because ED_imapaint_bucket_fill() calls BKE_undosys_step_push_init_with_type() and ED_image_undo_push_begin() which also tries to initialize the undo step with BKE_undosys_step_push_init_with_type(). Removing the BKE_undosys_step_push_init_with_type() in ED_imapaint_bucket_fill() would fix this problem. I'm not very familiar with the undo system, but the BKE_undosys_step_push() could probably be replaced with ED_image_undo_push_end().

The call to paint_2d_bucket_fill() has the last argument set to NULL which results in a NULL pointer dereferencing. The strength should therefore be set to 1.0f by default and only retrieve the brush alpha when both the pointer to the brush and the image paint state aren't NULL.