Inkscape

Inkscape crashing in Ctrl+Z

Bug #1313431 reported by Sergio Benjamim
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Inkscape
Fix Released
High
Liam P. White

Bug Description

Crashing when i undo something in the attached file.

Steps to reproduce (in special prefs, stroke off, other 3 enabled, take a look in the screenshot i attached):

- Select all with Ctrl+A
- Click in that padlock icon to keeping aspect ratio
- Increases the size with that arrow of the spinbutton, hold it (1 or 2 seconds for example)
- Ctrl+Z, and crashes

Or:

- Deletes that invisible thing in left bottom
- Select all with Ctrl+A
- Click in that padlock icon to keeping aspect ratio
- Increases the size with that arrow of the spinbutton, hold it (1 or 2 seconds for example) (sometimes it will crashes here)
- Increases again the size with that arrow of the spinbutton, hold it (1 or 2 seconds for example)
- It will crashes

Ubuntu 13.10 - Linux 3.11.0-19-generic #33-Ubuntu SMP Tue Mar 11 18:48:34 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Inkscape compiled from lp:inkscape
bzr commit 13290

Happens too with 13309 from PPA:
Installed: 1:0.48+devel+13309+47~ubuntu13.10.1

See original description
Revision history for this message
Sergio Benjamim (sergio-br2) wrote :
Revision history for this message
Sergio Benjamim (sergio-br2) wrote :

(gdb) run
Starting program: /home/sergio/opt/local/bin/./inkscape
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffea947700 (LWP 26753)]
[New Thread 0x7fffea146700 (LWP 26754)]
[New Thread 0x7fffe1cbe700 (LWP 26755)]
[New Thread 0x7fffd8c5e700 (LWP 26759)]
[New Thread 0x7fffd3fff700 (LWP 26760)]
[Thread 0x7fffd8c5e700 (LWP 26759) exited]
[New Thread 0x7fffd8c5e700 (LWP 26762)]
[New Thread 0x7fffd37fe700 (LWP 26763)]
[New Thread 0x7fffd2ffd700 (LWP 26764)]
[New Thread 0x7fffd27fc700 (LWP 26765)]
[Thread 0x7fffd3fff700 (LWP 26760) exited]
[Thread 0x7fffd27fc700 (LWP 26765) exited]
[Thread 0x7fffd8c5e700 (LWP 26762) exited]
[Thread 0x7fffd37fe700 (LWP 26763) exited]
[New Thread 0x7fffd37fe700 (LWP 26773)]
[New Thread 0x7fffd8c5e700 (LWP 26774)]
[New Thread 0x7fffd27fc700 (LWP 26775)]
[New Thread 0x7fffd3fff700 (LWP 26776)]
[Thread 0x7fffd3fff700 (LWP 26776) exited]
[Thread 0x7fffd2ffd700 (LWP 26764) exited]
[Thread 0x7fffd27fc700 (LWP 26775) exited]
[Thread 0x7fffd8c5e700 (LWP 26774) exited]
[New Thread 0x7fffd8c5e700 (LWP 26782)]
[New Thread 0x7fffd27fc700 (LWP 26783)]
[Thread 0x7fffd8c5e700 (LWP 26782) exited]
[Thread 0x7fffd37fe700 (LWP 26773) exited]
[New Thread 0x7fffd37fe700 (LWP 26784)]
[New Thread 0x7fffd8c5e700 (LWP 26785)]
[New Thread 0x7fffd2ffd700 (LWP 26786)]
[Thread 0x7fffd8c5e700 (LWP 26785) exited]
[Thread 0x7fffd2ffd700 (LWP 26786) exited]
[Thread 0x7fffd27fc700 (LWP 26783) exited]
[New Thread 0x7fffd27fc700 (LWP 26797)]
[New Thread 0x7fffd2ffd700 (LWP 26798)]
[Thread 0x7fffd2ffd700 (LWP 26798) exited]
[Thread 0x7fffd27fc700 (LWP 26797) exited]
[New Thread 0x7fffd27fc700 (LWP 26802)]
[New Thread 0x7fffd2ffd700 (LWP 26803)]
[New Thread 0x7fffd8c5e700 (LWP 26804)]
[Thread 0x7fffd2ffd700 (LWP 26803) exited]
[Thread 0x7fffd37fe700 (LWP 26784) exited]
[Thread 0x7fffd8c5e700 (LWP 26804) exited]
[New Thread 0x7fffd8c5e700 (LWP 26805)]
[New Thread 0x7fffd37fe700 (LWP 26806)]
[Thread 0x7fffd8c5e700 (LWP 26805) exited]
[Thread 0x7fffd27fc700 (LWP 26802) exited]
[New Thread 0x7fffd27fc700 (LWP 26810)]
[Thread 0x7fffd37fe700 (LWP 26806) exited]
[New Thread 0x7fffd37fe700 (LWP 26811)]
[New Thread 0x7fffd8c5e700 (LWP 26812)]
[Thread 0x7fffd27fc700 (LWP 26810) exited]
[Thread 0x7fffd8c5e700 (LWP 26812) exited]
[New Thread 0x7fffd8c5e700 (LWP 26816)]
[Thread 0x7fffd8c5e700 (LWP 26816) exited]
[Thread 0x7fffd37fe700 (LWP 26811) exited]
**
ERROR:document-undo.cpp:158:static void Inkscape::DocumentUndo::maybeDone(SPDocument*, const gchar*, unsigned int, const Glib::ustring&): assertion failed: (doc->priv->sensitive)

Program received signal SIGABRT, Aborted.
0x00007ffff121df77 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.

Revision history for this message
Sergio Benjamim (sergio-br2) wrote :
Revision history for this message
Liam P. White (liampwhite) wrote :

- Not reproduced on Windows 8.1 (bzr rev 13295)
Could you be more specific about how to reproduce your issue?

Sergio Benjamim (sergio-br2)
description: updated
description: updated
su_v (suv-lp)
tags: added: crash undo
Revision history for this message
Sergio Benjamim (sergio-br2) wrote :
Sergio Benjamim (sergio-br2)
description: updated
description: updated
Revision history for this message
jazzynico (jazzynico) wrote :

Reproduced on Crunchbang Waldorf, Inkscape trunk revision 13313.

Note that the trace is not the same depending on the steps used to crash the application.
Both GDB traces attached.

Changed in inkscape:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
jazzynico (jazzynico) wrote :
Revision history for this message
jazzynico (jazzynico) wrote :
jazzynico (jazzynico)
tags: added: groups regression
Revision history for this message
jazzynico (jazzynico) wrote :

Not reproduced on Crunchbang Waldorf, Inkscape 0.48.3.1.

tags: removed: groups
Revision history for this message
jazzynico (jazzynico) wrote :

Reduced test case, and new alternative steps to reproduce the crash consistently:
1. Select all (just a path and its clone).
2. Increase the selection's width with the control bar (no need to lock the ratio).
3. Decrease the selection's width with the control bar.
4. Undo with Ctrl + Z.
5. Increase the selection's width with the control bar again.
-> Crash with Undo backtrace.

Revision history for this message
su_v (suv-lp) wrote :

On OS X 10.7.5, with various different trunk builds (same trunk revision, but different versions of the dependencies), crash not consistently reproduced with the original test case (as discussed on irc), nor with JazzyNico's reduced test case & steps.

One variation of a possibly related crash happened a couple of times on quit, after having tried to reproduce the crash several times based on the original description (without success) - but I failed to figure out what triggered it.

Revision history for this message
Liam P. White (liampwhite) wrote :

Seems to be related to the fix in r12727 for object reference counting — my guess is that there are these little things all over the place that used to work, but now no longer work due to attempts to dynamic_cast<> and otherwise operate on freed pointers, often in cases to test their plausibility for use in the situation.

Revision history for this message
jazzynico (jazzynico) wrote :

Both crashes reproduced (and some others related but not mentioned in the report) on Windows XP, Inkscape trunk revision 13445.
Not reproduced with revision 13484 (tested with both the original and the minimal SVG test files).

Probably fixed by Liam's patch revision 13474.

Changed in inkscape:
assignee: nobody → Liam P. White (inkscapebrony)
milestone: none → 0.91
status: Confirmed → Fix Committed
jazzynico (jazzynico)
Changed in inkscape:
status: Fix Committed → Fix Released
milestone: 0.91 → none
Revision history for this message
Liam P. White (liampwhite) wrote :

Reproduced with 13472, not with 13474. The assumption that my patch fixed it seems correct.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.