LebedevRI/gist:3e7e0a6bb20264869bf0

## gistfile1.txt
(openSUSE build flags)
cd ~/darktable/build/ && rm -rf * && LDFLAGS="-fsanitize=address -fno-omit-frame-pointer" CFLAGS="-fsanitize=address -fno-omit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fno-strict-aliasing" CXXFLAGS="-fsanitize=address -fno-omit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fno-strict-aliasing" CC=gcc CXX=g++ cmake -DUSE_OPENCL=OFF ../ && make -j9 && sudo make -j9 install && darktable

=================================================================
==30080==ERROR: AddressSanitizer: heap-use-after-free on address 0x62d0001b8400 at pc 0x7f1d7273397c bp 0x7f1d58b2ee50 sp 0x7f1d58b2ee48
READ of size 4 at 0x62d0001b8400 thread T5
    #0 0x7f1d7273397b in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:649
    #1 0x7f1d72711fd9 in dt_imageio_export_with_flags /home/lebedevri/darktable/src/common/imageio.c:526
    #2 0x7f1d72732619 in _init_8 /home/lebedevri/darktable/src/common/mipmap_cache.c:964
    #3 0x7f1d72732619 in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:630
    #4 0x7f1d727659a6 in dt_image_load_job_run /home/lebedevri/darktable/src/control/jobs/image_jobs.c:36
    #5 0x7f1d7275afd1 in dt_control_run_job /home/lebedevri/darktable/src/control/jobs.c:274
    #6 0x7f1d7275afd1 in dt_control_work /home/lebedevri/darktable/src/control/jobs.c:472
    #7 0x7f1d6ebf80a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
    #8 0x7f1d6ad2e04c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe604c)

0x62d0001b8400 is located 0 bytes inside of 36896-byte region [0x62d0001b8400,0x62d0001c1420)
freed by thread T3 here:
    #0 0x7f1d72d44527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
    #1 0x7f1d7272a727 in dt_mipmap_cache_deallocate_dynamic /home/lebedevri/darktable/src/common/mipmap_cache.c:352
    #2 0x7f1d7269f4de in dt_cache_gc /home/lebedevri/darktable/src/common/cache.c:275
    #3 0x7f1d7269fcb7 in dt_cache_get_with_caller /home/lebedevri/darktable/src/common/cache.c:176
    #4 0x7f1d72731245 in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:571
    #5 0x7f1d72711fd9 in dt_imageio_export_with_flags /home/lebedevri/darktable/src/common/imageio.c:526
    #6 0x7f1d72732619 in _init_8 /home/lebedevri/darktable/src/common/mipmap_cache.c:964
    #7 0x7f1d72732619 in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:630
    #8 0x7f1d727659a6 in dt_image_load_job_run /home/lebedevri/darktable/src/control/jobs/image_jobs.c:36
    #9 0x7f1d7275afd1 in dt_control_run_job /home/lebedevri/darktable/src/control/jobs.c:274
    #10 0x7f1d7275afd1 in dt_control_work /home/lebedevri/darktable/src/control/jobs.c:472
    #11 0x7f1d6ebf80a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)

previously allocated by thread T5 here:
    #0 0x7f1d72d44c9b in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54c9b)
    #1 0x7f1d726b5cfd in dt_alloc_align /home/lebedevri/darktable/src/common/darktable.c:1067
    #2 0x7f1d7272d56e in dt_mipmap_cache_alloc /home/lebedevri/darktable/src/common/mipmap_cache.c:179
    #3 0x7f1d72718795 in dt_imageio_open_png /home/lebedevri/darktable/src/common/imageio_png.c:173
    #4 0x7f1d72711809 in dt_imageio_open_ldr /home/lebedevri/darktable/src/common/imageio.c:447
    #5 0x7f1d727141ed in dt_imageio_open /home/lebedevri/darktable/src/common/imageio.c:874
    #6 0x7f1d72731571 in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:600
    #7 0x7f1d72711fd9 in dt_imageio_export_with_flags /home/lebedevri/darktable/src/common/imageio.c:526
    #8 0x7f1d72732619 in _init_8 /home/lebedevri/darktable/src/common/mipmap_cache.c:964
    #9 0x7f1d72732619 in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:630
    #10 0x7f1d727659a6 in dt_image_load_job_run /home/lebedevri/darktable/src/control/jobs/image_jobs.c:36
    #11 0x7f1d7275afd1 in dt_control_run_job /home/lebedevri/darktable/src/control/jobs.c:274
    #12 0x7f1d7275afd1 in dt_control_work /home/lebedevri/darktable/src/control/jobs.c:472
    #13 0x7f1d6ebf80a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)

Thread T5 created by T0 here:
    #0 0x7f1d72d13bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
    #1 0x7f1d7275b4fc in dt_control_jobs_init /home/lebedevri/darktable/src/control/jobs.c:498
    #2 0x7f1d727511f3 in dt_control_init /home/lebedevri/darktable/src/control/control.c:311
    #3 0x7f1d726b9412 in dt_init /home/lebedevri/darktable/src/common/darktable.c:803
    #4 0x400b9f in main /home/lebedevri/darktable/src/main.c:24
    #5 0x7f1d6ac69b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

Thread T3 created by T0 here:
    #0 0x7f1d72d13bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
    #1 0x7f1d7275b4fc in dt_control_jobs_init /home/lebedevri/darktable/src/control/jobs.c:498
    #2 0x7f1d727511f3 in dt_control_init /home/lebedevri/darktable/src/control/control.c:311
    #3 0x7f1d726b9412 in dt_init /home/lebedevri/darktable/src/common/darktable.c:803
    #4 0x400b9f in main /home/lebedevri/darktable/src/main.c:24
    #5 0x7f1d6ac69b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

SUMMARY: AddressSanitizer: heap-use-after-free /home/lebedevri/darktable/src/common/mipmap_cache.c:649 dt_mipmap_cache_get_with_caller
Shadow bytes around the buggy address:
  0x0c5a8002f030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a8002f040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a8002f050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a8002f060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a8002f070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c5a8002f080:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5a8002f090: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5a8002f0a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5a8002f0b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5a8002f0c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5a8002f0d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==30080==ABORTING
	(openSUSE build flags)
	cd ~/darktable/build/ && rm -rf * && LDFLAGS="-fsanitize=address -fno-omit-frame-pointer" CFLAGS="-fsanitize=address -fno-omit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fno-strict-aliasing" CXXFLAGS="-fsanitize=address -fno-omit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fno-strict-aliasing" CC=gcc CXX=g++ cmake -DUSE_OPENCL=OFF ../ && make -j9 && sudo make -j9 install && darktable

	=================================================================
	==30080==ERROR: AddressSanitizer: heap-use-after-free on address 0x62d0001b8400 at pc 0x7f1d7273397c bp 0x7f1d58b2ee50 sp 0x7f1d58b2ee48
	READ of size 4 at 0x62d0001b8400 thread T5
	#0 0x7f1d7273397b in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:649
	#1 0x7f1d72711fd9 in dt_imageio_export_with_flags /home/lebedevri/darktable/src/common/imageio.c:526
	#2 0x7f1d72732619 in _init_8 /home/lebedevri/darktable/src/common/mipmap_cache.c:964
	#3 0x7f1d72732619 in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:630
	#4 0x7f1d727659a6 in dt_image_load_job_run /home/lebedevri/darktable/src/control/jobs/image_jobs.c:36
	#5 0x7f1d7275afd1 in dt_control_run_job /home/lebedevri/darktable/src/control/jobs.c:274
	#6 0x7f1d7275afd1 in dt_control_work /home/lebedevri/darktable/src/control/jobs.c:472
	#7 0x7f1d6ebf80a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
	#8 0x7f1d6ad2e04c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe604c)

	0x62d0001b8400 is located 0 bytes inside of 36896-byte region [0x62d0001b8400,0x62d0001c1420)
	freed by thread T3 here:
	#0 0x7f1d72d44527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
	#1 0x7f1d7272a727 in dt_mipmap_cache_deallocate_dynamic /home/lebedevri/darktable/src/common/mipmap_cache.c:352
	#2 0x7f1d7269f4de in dt_cache_gc /home/lebedevri/darktable/src/common/cache.c:275
	#3 0x7f1d7269fcb7 in dt_cache_get_with_caller /home/lebedevri/darktable/src/common/cache.c:176
	#4 0x7f1d72731245 in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:571
	#5 0x7f1d72711fd9 in dt_imageio_export_with_flags /home/lebedevri/darktable/src/common/imageio.c:526
	#6 0x7f1d72732619 in _init_8 /home/lebedevri/darktable/src/common/mipmap_cache.c:964
	#7 0x7f1d72732619 in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:630
	#8 0x7f1d727659a6 in dt_image_load_job_run /home/lebedevri/darktable/src/control/jobs/image_jobs.c:36
	#9 0x7f1d7275afd1 in dt_control_run_job /home/lebedevri/darktable/src/control/jobs.c:274
	#10 0x7f1d7275afd1 in dt_control_work /home/lebedevri/darktable/src/control/jobs.c:472
	#11 0x7f1d6ebf80a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)

	previously allocated by thread T5 here:
	#0 0x7f1d72d44c9b in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54c9b)
	#1 0x7f1d726b5cfd in dt_alloc_align /home/lebedevri/darktable/src/common/darktable.c:1067
	#2 0x7f1d7272d56e in dt_mipmap_cache_alloc /home/lebedevri/darktable/src/common/mipmap_cache.c:179
	#3 0x7f1d72718795 in dt_imageio_open_png /home/lebedevri/darktable/src/common/imageio_png.c:173
	#4 0x7f1d72711809 in dt_imageio_open_ldr /home/lebedevri/darktable/src/common/imageio.c:447
	#5 0x7f1d727141ed in dt_imageio_open /home/lebedevri/darktable/src/common/imageio.c:874
	#6 0x7f1d72731571 in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:600
	#7 0x7f1d72711fd9 in dt_imageio_export_with_flags /home/lebedevri/darktable/src/common/imageio.c:526
	#8 0x7f1d72732619 in _init_8 /home/lebedevri/darktable/src/common/mipmap_cache.c:964
	#9 0x7f1d72732619 in dt_mipmap_cache_get_with_caller /home/lebedevri/darktable/src/common/mipmap_cache.c:630
	#10 0x7f1d727659a6 in dt_image_load_job_run /home/lebedevri/darktable/src/control/jobs/image_jobs.c:36
	#11 0x7f1d7275afd1 in dt_control_run_job /home/lebedevri/darktable/src/control/jobs.c:274
	#12 0x7f1d7275afd1 in dt_control_work /home/lebedevri/darktable/src/control/jobs.c:472
	#13 0x7f1d6ebf80a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)

	Thread T5 created by T0 here:
	#0 0x7f1d72d13bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
	#1 0x7f1d7275b4fc in dt_control_jobs_init /home/lebedevri/darktable/src/control/jobs.c:498
	#2 0x7f1d727511f3 in dt_control_init /home/lebedevri/darktable/src/control/control.c:311
	#3 0x7f1d726b9412 in dt_init /home/lebedevri/darktable/src/common/darktable.c:803
	#4 0x400b9f in main /home/lebedevri/darktable/src/main.c:24
	#5 0x7f1d6ac69b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

	Thread T3 created by T0 here:
	#0 0x7f1d72d13bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
	#1 0x7f1d7275b4fc in dt_control_jobs_init /home/lebedevri/darktable/src/control/jobs.c:498
	#2 0x7f1d727511f3 in dt_control_init /home/lebedevri/darktable/src/control/control.c:311
	#3 0x7f1d726b9412 in dt_init /home/lebedevri/darktable/src/common/darktable.c:803
	#4 0x400b9f in main /home/lebedevri/darktable/src/main.c:24
	#5 0x7f1d6ac69b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)

	SUMMARY: AddressSanitizer: heap-use-after-free /home/lebedevri/darktable/src/common/mipmap_cache.c:649 dt_mipmap_cache_get_with_caller
	Shadow bytes around the buggy address:
	0x0c5a8002f030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x0c5a8002f040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x0c5a8002f050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x0c5a8002f060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x0c5a8002f070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	=>0x0c5a8002f080:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c5a8002f090: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c5a8002f0a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c5a8002f0b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c5a8002f0c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c5a8002f0d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	Shadow byte legend (one shadow byte represents 8 application bytes):
	Addressable: 00
	Partially addressable: 01 02 03 04 05 06 07
	Heap left redzone: fa
	Heap right redzone: fb
	Freed heap region: fd
	Stack left redzone: f1
	Stack mid redzone: f2
	Stack right redzone: f3
	Stack partial redzone: f4
	Stack after return: f5
	Stack use after scope: f8
	Global redzone: f9
	Global init order: f6
	Poisoned by user: f7
	Contiguous container OOB:fc
	ASan internal: fe
	==30080==ABORTING