Inkscape

Crash on choosing provided file in File selector dialog

Bug #1273244 reported by Vladimir Savic
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
Fix Released
High
Martin Owens

Bug Description

If I select provided file from File menu, Inkscape crashes. I believe it has started with r12978. I'm running Ubuntu 13.10. Here's a backtrace:

** (inkscape:26232): CRITICAL **: void SPObject::detach(SPObject*): assertion 'object->parent == this' failed
[Thread 0x7fffc6ffd700 (LWP 26280) exited]

Program received signal SIGSEGV, Segmentation fault.
SPObject::detach (this=0x56c8fb0, object=0xb4a) at sp-object.cpp:539
539 g_return_if_fail(object->parent == this);
(gdb) bt
#0 SPObject::detach (this=0x56c8fb0, object=0xb4a) at sp-object.cpp:539
#1 0x000000000056c5d4 in SPImage::clear_image (this=this@entry=0x56c8fb0) at sp-image.cpp:537
#2 0x000000000056d9e8 in SPImage::update (this=0x56c8fb0, ctx=<optimized out>, flags=<optimized out>)
    at sp-image.cpp:330
#3 0x0000000000594fbf in SPObject::updateDisplay (this=0x56c8fb0, ctx=0x7fffffffcf90, flags=91000752, flags@entry=28)
    at sp-object.cpp:1144
#4 0x00000000005768c7 in SPGroup::update (this=this@entry=0x549e800, ctx=ctx@entry=0x7fffffffd110,
    flags=flags@entry=27) at sp-item-group.cpp:186
#5 0x00000000005a3a14 in SPRoot::update (this=0x549e800, ctx=<optimized out>, flags=27) at sp-root.cpp:496
#6 0x0000000000594fbf in SPObject::updateDisplay (this=0x549e800, ctx=0x7fffffffd1f0, flags=91000752, flags@entry=0)
    at sp-object.cpp:1144
#7 0x00000000004a78a3 in SPDocument::_updateDocument (this=this@entry=0x1c77680) at document.cpp:1072
#8 0x00000000004a78c9 in sp_document_idle_handler (data=0x1c77680) at document.cpp:1140
#9 0x00007ffff110f3b6 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x00007ffff110f708 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#11 0x00007ffff110fb0a in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007ffff6b5ef62 in gtk_dialog_run () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#13 0x000000000086cdfd in Inkscape::UI::Dialog::FileOpenDialogImplGtk::show (this=0x465a800)
    at ui/dialog/filedialogimpl-gtkmm.cpp:907
#14 0x00000000004c423c in sp_file_open_dialog (parentWindow=...) at file.cpp:544
#15 0x00000000006e6062 in emit (impl=0x2bebe10) at /usr/include/sigc++-2.0/sigc++/signal.h:776
#16 emit (this=<optimized out>) at /usr/include/sigc++-2.0/sigc++/signal.h:2673
#17 sp_action_perform (action=<optimized out>) at helper/action.cpp:136
#18 0x00007ffff13d8188 in g_closure_invoke () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#19 0x00007ffff13e9b1d in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#20 0x00007ffff13f1829 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#21 0x00007ffff13f1ae2 in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#22 0x00007fffef9d2ca8 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#23 0x00007fffef9f1b11 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#24 0x00007ffff110f3b6 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007ffff110f708 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007ffff110fb0a in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#27 0x00007ffff6bd2277 in gtk_main () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#28 0x000000000047560c in sp_main_gui (argc=1, argv=0x7fffffffde78) at main.cpp:1075
#29 0x00007ffff02e5de5 in __libc_start_main (main=0x4594a0 <main(int, char**)>, argc=1, ubp_av=0x7fffffffde78,
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffde68)
    at libc-start.c:260
#30 0x0000000000471faf in _start ()
(gdb)

See original description
Revision history for this message
Vladimir Savic (vladimir-firefly-savic) wrote :
description: updated
Revision history for this message
su_v (suv-lp) wrote :

AFAICT this is the same as already tracked in
- Bug #1272649 “trunk: crashes related to <image> elements (rev 12978)”
  <https://bugs.launchpad.net/inkscape/+bug/1272649>

tags: added: crash
Revision history for this message
Vladimir Savic (vladimir-firefly-savic) wrote :

Sorry for noise! I've added "Me too" to mentioned report. Feel free to close this one!

Revision history for this message
su_v (suv-lp) wrote :

> Sorry for noise!

np (it's a rather serious regression imvho which interrupts and breaks even most basic tasks - can't hurt to have a little bit more noise about it)

Linking as duplicate to bug #1272649.

Revision history for this message
su_v (suv-lp) wrote :

Reverting duplicate link: actually, your file crashes on my system with earlier revisions too … possibly only if the linked images are not found (to be verified once bug #1272649 is fixed).

Testing with archived builds on OS X 10.7.5:
- opens without crash with rev <= 12953
- crashes with rev >= 12954

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x00000001001820bf in Inkscape::Pixbuf::create_from_data_uri ()
(gdb) bt
#0 0x00000001001820bf in Inkscape::Pixbuf::create_from_data_uri ()
#1 0x00000001000f70fa in SPImage::update ()
#2 0x0000000100122802 in SPObject::updateDisplay ()
#3 0x00000001001011c1 in SPGroup::update ()
#4 0x0000000100130f5f in SPRoot::update ()
#5 0x0000000100122802 in SPObject::updateDisplay ()
#6 0x000000010003618b in SPDocument::_updateDocument ()
#7 0x0000000100036270 in SPDocument::ensureUpToDate ()
#8 0x0000000100049b05 in sp_file_open ()
#9 0x000000010004a0ed in sp_file_open_dialog ()

tags: added: bitmap regression
Changed in inkscape:
milestone: none → 0.91
importance: Undecided → High
Revision history for this message
su_v (suv-lp) wrote :

> Testing with archived builds on OS X 10.7.5:
> - opens without crash with rev <= 12953
> - crashes with rev >= 12954
>
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
> 0x00000001001820bf in Inkscape::Pixbuf::create_from_data_uri ()

This crash with rev >= 12954 is triggered if the linked bitmap image is missing on the local system:

  <image
     sodipodi:absref="/home/vladimir/Poslovni/priprema/Jadzic rakije/Viljamovka.gif"
     xlink:href="Viljamovka.gif"
     transform="scale(-1,-1)"
     width="209.65282"
     height="209.65282"
     id="image4350"
     x="-303.164"
     y="-462.01871"
     inkscape:export-filename="/home/vladimir/Desktop/viljamovka.png"
     inkscape:export-xdpi="150"
     inkscape:export-ydpi="150" />

After having creating a local placeholder image with the same name ("Viljamovka.gif"), the file loads without crash (rev < 12978).

Changed in inkscape:
status: New → Triaged
Martin Owens (doctormo)
Changed in inkscape:
assignee: nobody → Martin Owens (doctormo)
Revision history for this message
su_v (suv-lp) wrote :

Crash on load if linked images are missing on the local system no longer reproduced with r12984 (reverts partial refactoring of sp-image) on OS X 10.7.5.

@Vlada - could you confirm after updating your local build?

Revision history for this message
Vladimir Savic (vladimir-firefly-savic) wrote :

@suv - Confirmed!

su_v (suv-lp)
Changed in inkscape:
milestone: 0.91 → none
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.