Core Image (OS X El Capitan): Crash when filter has 2 or more GL-based CIImage inputs.

Originator:raphael
Number:rdar://23855967 Date Originated:11-Dec-2015 10:25 AM
Status:Open Resolved:
Product:OS X SDK Product Version:10.11.2 (15C50)
Classification:Serious Bug Reproducible:Always
 
# Summary:
CIContext render: API to memory buffer crashes when provided with a filter taking 2+ GL-based CIImage.

# Steps to Reproduce:
Here's the sample code. (imageA & imageB are GL texture-based, GL context is active, etc). Crashes in CIContext render: call.

	CIImage *imageA = [simage CIImage];
	CIImage *imageB = [rimage CIImage];
	CIFilter *filter = [CIFilter filterWithName:@"CIAreaAverage"];
	
	CIFilter *diffblend = [CIFilter filterWithName:@"CISubtractBlendMode"];
	CIImage *image = imageA;
	
	[diffblend setDefaults];
	[diffblend setValue:imageA forKey:kCIInputImageKey];
	[diffblend setValue:imageB forKey:kCIInputBackgroundImageKey];
	
	image = diffblend.outputImage;
	
	[filter setDefaults];
	[filter setValue:image forKey:kCIInputImageKey];
	[filter setValue:[CIVector vectorWithCGRect:image.extent] forKey:kCIInputExtentKey];
	image = filter.outputImage;
	
	float rgba[4] = {0.0};
		
	[self.CIContext render:image toBitmap:rgba rowBytes:4*sizeof(float) bounds:image.extent format:kCIFormatRGBAf colorSpace:NULL];
	EXLog(@"mean value: %f %f %f %f", rgba[0], rgba[1], rgba[2], rgba[3]);


# Expected Results:
Should not crash, & should output values in rgba mem buffer.

# Actual Results:
Crashed in render: call. Here's the stack trace. 

Thread 8Queue : NSOperationQueue 0x60300009d300 :: NSOperation 0x60400024fc90 (QOS: LEGACY) (serial)
#0	0x00007fff87e6586b in std::__1::__tree<std::__1::__value_type<void*, CI::source_info_t*>, std::__1::__map_value_compare<void*, std::__1::__value_type<void*, CI::source_info_t*>, std::__1::less<void*>, true>, std::__1::allocator<std::__1::__value_type<void*, CI::source_info_t*> > >::erase(std::__1::__tree_const_iterator<std::__1::__value_type<void*, CI::source_info_t*>, std::__1::__tree_node<std::__1::__value_type<void*, CI::source_info_t*>, void*>*, long>) ()
#1	0x00007fff87e644c8 in CI::TextureManager::remove_lru() ()
#2	0x00007fff87e642ca in CI::TextureManager::remove_all() ()
#3	0x00007fff87e92fbd in CI::GLContext::after_render() ()
#4	0x00007fff87d67793 in CI::_get_bitmap(CI::Context*, CI::Image*, CGRect, CGColorSpace*, CI::Bitmap*) ()
#5	0x00007fff87d673b9 in CI::image_get_bitmap(CI::Context*, CI::Image*, CGRect, CGColorSpace*, CI::Bitmap*, unsigned long) ()
#6	0x00007fff87d49c54 in -[CIContext render:toBitmap:rowBytes:bounds:format:colorSpace:] ()
#7	0x000000010016dae1 in -[HYRenderContext _measurePerfsSourceImage:renderedImage:context:] at /Users/raf/WorkArea/Creacode/Hydra/Hydra/Sources/HYRenderContext.m:1416
#8	0x0000000100178c55 in -[HYRenderContext _flatten:exposureRange:context:] at /Users/raf/WorkArea/Creacode/Hydra/Hydra/Sources/HYRenderContext.m:1772
#9	0x000000010017d2cd in __60-[HYRenderContext flattenImageForProject:completionHandler:]_block_invoke_2 at /Users/raf/WorkArea/Creacode/Hydra/Hydra/Sources/HYRenderContext.m:1882
#10	0x0000000100201f84 in __41-[HYOpenGLRenderContext renderWithBlock:]_block_invoke at /Users/raf/WorkArea/Creacode/Hydra/Hydra/Sources/HYOpenGLRenderContext.m:266
#11	0x000000010023767f in __29-[GLQueue executeBlock:wait:]_block_invoke at /Users/raf/WorkArea/Creacode/CeedGL/Sources/GLQueue.m:66
#12	0x00007fff8cfae29c in __NSBLOCKOPERATION_IS_CALLING_OUT_TO_A_BLOCK__ ()
#13	0x00007fff8cfae00c in -[NSBlockOperation main] ()
#14	0x00007fff8cfad2fb in -[__NSOperationInternal _start:] ()
#15	0x00007fff8cfacde7 in __NSOQSchedule_f ()
#16	0x00000001012105ce in asan_dispatch_call_block_and_release ()

Description of the image being rendered at the time of the crash.

(lldb) po image
<CIImage: 0x603000154810 extent [0 0 1 1]>
  color_matrix r=(1 0 0 0) g=(0 1 0 0) b=(0 0 1 0) a=(0 0 0 1.67167) extent=[0 0 1 1]
    kernel _areaAvg8(image) extent=[0 0 1 1]
      kernel _areaAvg8(image) extent=[0 0 8 6]
        kernel _areaAvg8(image) extent=[0 0 61 41]
          kernel _areaAvg8(image) extent=[0 0 484 324]
            colorkernel _subtractBlendMode(uCf,uCb) extent=[0 0 3872 2592]
              unpremultiply extent=[0 0 3872 2592]
                GLTexture 10 extent=[0 0 3872 2592]
              unpremultiply extent=[0 0 3872 2592]
                GLTexture 26 extent=[0 0 3872 2592]

(lldb) po self.CIContext
<CIContext: 0x60200003c0d0 (2) GLContext=0x628000000100>


# Regression:
Any Mac running OS El Capitan.

# Notes:
Both GL textures are perfectly valid at the time of render, and appropriate context is active (single thread).
If I use only one GL texture-based CIImage -> it does not crash.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!