Inkscape

repeatable seg in Inkscape::Text::Layout::InputStreamTextSource::styleGetBlockProgression

Bug #1391374 reported by Dave Gilbert
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Inkscape
Fix Released
High
Mc
Inkscape 0.92 "0.92"

Bug Description

Repeatable seg (On FC21/x86-64) on bzr 13701 :

1 Open the attached SVG,
2 Double click on the LINK_ text in the middle of the image until you get the flashing vertical caret
3 move to the end of that text using right arrow
4 delete using backspace until it's an empty line
5 hit up arrow
   Segs

Program received signal SIGSEGV, Segmentation fault.
Inkscape::Text::Layout::InputStreamTextSource::styleGetBlockProgression (this=0x3286e00) at libnrtype/Layout-TNG-Input.cpp:188
188 if (this_style->block_progression.set)
Missing separate debuginfos, use: debuginfo-install GConf2-3.2.6-11.fc21.x86_64 ImageMagick-c++-6.8.8.10-5.fc21.x86_64 ImageMagick-libs-6.8.8.10-5.fc21.x86_64 adwaita-gtk2-theme-3.14.0-1.fc21.x86_64 atkmm-2.22.7-4.fc21.x86_64 avahi-glib-0.6.31-29.fc21.x86_64 avahi-libs-0.6.31-29.fc21.x86_64 bzip2-libs-1.0.6-14.fc21.x86_64 cairomm-1.10.0-9.fc21.x86_64 enchant-1.6.0-9.fc21.x86_64 fftw-libs-double-3.3.4-5.fc21.x86_64 gamin-0.1.10-17.fc21.x86_64 gc-7.4.2-2.fc21.x86_64 glibmm24-2.42.0-1.fc21.x86_64 gnome-vfs2-2.24.4-16.fc21.x86_64 gsl-1.16-15.fc21.x86_64 gtkmm24-2.24.4-4.fc21.x86_64 gtkspell-2.0.16-9.fc21.x86_64 gvfs-1.22.1-2.fc21.x86_64 jbigkit-libs-2.1-2.fc21.x86_64 keyutils-libs-1.5.9-4.fc21.x86_64 krb5-libs-1.12.2-9.fc21.x86_64 lcms2-2.6-4.fc21.x86_64 libacl-2.2.52-7.fc21.x86_64 libatomic_ops-7.4.2-4.fc21.x86_64 libattr-2.4.47-9.fc21.x86_64 libbluray-0.6.2-1.fc21.x86_64 libcom_err-1.42.11-3.fc21.x86_64 librevenge-0.0.1-3.fc21.x86_64 libsigc++20-2.4.0-1.fc21.x86_64 libtiff-4.0.3-18.fc21.x86_64 libtool-ltdl-2.4.2-31.fc21.x86_64 libwpd-0.10.0-3.fc21.x86_64 libwpg-0.3.0-3.fc21.x86_64 libxml2-2.9.1-6.fc21.x86_64 libxshmfence-1.1-3.fc21.x86_64 libxslt-1.1.28-8.fc21.x86_64 openjpeg-libs-1.5.1-13.fc21.x86_64 pangomm-2.34.0-4.fc21.x86_64 poppler-0.26.2-3.fc21.x86_64 poppler-glib-0.26.2-3.fc21.x86_64 popt-1.16-5.fc21.x86_64 xz-libs-5.1.2-14alpha.fc21.x86_64
(gdb) bt full
#0 0x000000000071b694 in Inkscape::Text::Layout::InputStreamTextSource::styleGetBlockProgression() const (this=0x3286e00) at libnrtype/Layout-TNG-Input.cpp:188
        this_style = 0x6569566c6c65436b
#1 0x000000000071feaa in Inkscape::Text::Layout::iterator::cursorUp(int) (this=<optimized out>) at libnrtype/Layout-TNG.h:660
        block_progression = <optimized out>
#2 0x000000000071feaa in Inkscape::Text::Layout::iterator::cursorUp(int) (this=0x9bb91f0, n=n@entry=1) at libnrtype/Layout-TNG-OutIter.cpp:979
        block_progression = <optimized out>
#3 0x0000000000aa2233 in Inkscape::UI::Tools::TextTool::root_handler(_GdkEvent*) (this=0x9bb9100, event=0x677ae60) at ui/tools/text-tool.cpp:1043
        old_start = {_parent_layout = 0x2b43608, _glyph_index = 0, _char_index = 0, _cursor_moving_vertically = <optimized out>, _x_coordinate = <optimized out>}
        old_end = {_parent_layout = 0x2b43608, _glyph_index = 0, _char_index = 0, _cursor_moving_vertically = <optimized out>, _x_coordinate = <optimized out>}
        cursor_moved = false
        screenlines = <optimized out>
        group0_keyval = 65362
        __PRETTY_FUNCTION__ = "virtual bool Inkscape::UI::Tools::TextTool::root_handler(GdkEvent*)"
#4 0x0000000000aa386a in Inkscape::UI::Tools::sp_event_context_virtual_root_handler(Inkscape::UI::Tools::ToolBase*, _GdkEvent*) (event_context=<optimized out>, event=0x677ae60) at ui/tools/tool-base.cpp:1000
        desktop = 0x1eb1c00
        ret = 0
#9 0x0000003d1262a3bf in <emit signal ??? on instance 0x328e000 [SPCanvasArena]> (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3365
        var_args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffffffca90, reg_save_area = 0x7fffffffc9d0}}
    #5 0x00000000006fee13 in sp_marshal_INT__POINTER_POINTER(GClosure*, GValue*, guint, GValue const*, gpointer, gpointer) (closure=0x3252760, return_value=0x7fffffffc8d0, n_param_values=<optimized out>, param_values=0x7fffffffc800, invocation_hint=<optimized out>, marshal_data=0x0) at helper/sp-marshal.cpp:247
                cc = 0x3252760
                data1 = 0x328e000
                __PRETTY_FUNCTION__ = "void sp_marshal_INT__POINTER_POINTER(GClosure*, GValue*, guint, const GValue*, gpointer, gpointer)"
                callback = <optimized out>
                data2 = <optimized out>
                v_return = <optimized out>
    #6 0x0000003d1260fd35 in g_closure_invoke (closure=0x3252760, return_value=return_value@entry=0x7fffffffc8d0, n_param_values=3, param_values=param_values@entry=0x7fffffffc800, invocation_hint=invocation_hint@entry=0x7fffffffc7a0)
    at gclosure.c:768
                marshal = <optimized out>
                marshal_data = <optimized out>
                in_marshal = 0
                real_closure = 0x3252740
                __FUNCTION__ = "g_closure_invoke"
    #7 0x0000003d12621a52 in signal_emit_unlocked_R (node=node@entry=0x328b9d0, detail=detail@entry=0, instance=instance@entry=0x328e000, emission_return=emission_return@entry=0x7fffffffc8d0, instance_and_params=instance_and_params@entry=0x7fffffffc800) at gsignal.c:3553
                tmp = <optimized out>
                handler = 0x3233090
                accumulator = 0x0
                emission = {next = 0x7fffffffcce0, instance = 0x328e000, ihint = {signal_id = 207, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
                handler_list = <optimized out>
                return_accu = 0x7fffffffc8d0
                accu =
                      {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                signal_id = 207
                max_sequential_handler_number = 27354
                return_value_altered = 0
    #8 0x0000003d12629d68 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffffffc9b0) at gsignal.c:3319
                return_value =
                      {g_type = 24, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                error = 0x0
                rtype = 24
                static_scope = 0
                instance_and_params = 0x7fffffffc800
                signal_return_type = <optimized out>
                param_values = 0x7fffffffc818
                node = <optimized out>
                i = <optimized out>
                n_params = <optimized out>
                __FUNCTION__ = "g_signal_emit_valist"
#10 0x00000000005ecf43 in sp_canvas_arena_send_event(SPCanvasArena*, GdkEvent*) (arena=arena@entry=0x328e000 [SPCanvasArena], event=event@entry=0x677ae60) at display/canvas-arena.cpp:323
        ret = 0
---Type <return> to continue, or q <return> to quit---
#11 0x00000000005ed1e0 in sp_canvas_arena_event(SPCanvasItem*, GdkEvent*) (item=<optimized out>, event=0x677ae60) at display/canvas-arena.cpp:310
        new_arena = <optimized out>
        arena = 0x328e000 [SPCanvasArena]
        ret = 0
#16 0x0000003d1262a3bf in <emit signal ??? on instance 0x328e000 [SPCanvasArena]> (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3365
        var_args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffcfc0, reg_save_area = 0x7fffffffcf00}}
    #12 0x00000000006febff in sp_marshal_BOOLEAN__POINTER(GClosure*, GValue*, guint, GValue const*, gpointer, gpointer) (closure=0x31766a0, return_value=0x7fffffffce00, n_param_values=<optimized out>, param_values=0x7fffffffcd50, invocation_hint=<optimized out>, marshal_data=0x5ecfd0 <sp_canvas_arena_event(SPCanvasItem*, GdkEvent*)>) at helper/sp-marshal.cpp:124
                cc = 0x31766a0
                data1 = 0x328e000
                __PRETTY_FUNCTION__ = "void sp_marshal_BOOLEAN__POINTER(GClosure*, GValue*, guint, const GValue*, gpointer, gpointer)"
                callback = <optimized out>
                data2 = <optimized out>
                v_return = <optimized out>
    #13 0x0000003d1260fd35 in g_closure_invoke (closure=closure@entry=0x31766a0, return_value=return_value@entry=0x7fffffffce00, n_param_values=2, param_values=param_values@entry=0x7fffffffcd50, invocation_hint=invocation_hint@entry=0x7fffffffccf0) at gclosure.c:768
                marshal = <optimized out>
                marshal_data = <optimized out>
                in_marshal = 0
                real_closure = 0x3176680
                __FUNCTION__ = "g_closure_invoke"
    #14 0x0000003d1262194a in signal_emit_unlocked_R (node=node@entry=0x317ed50, detail=detail@entry=0, instance=instance@entry=0x328e000, emission_return=emission_return@entry=0x7fffffffce00, instance_and_params=instance_and_params@entry=0x7fffffffcd50) at gsignal.c:3591
                accumulator = 0x0
                emission = {next = 0x7fffffffd190, instance = 0x328e000, ihint = {signal_id = 148, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 53000016}
                handler_list = <optimized out>
                return_accu = 0x7fffffffce00
                accu =
                      {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                signal_id = 148
                max_sequential_handler_number = 27354
                return_value_altered = 0
    #15 0x0000003d12629d68 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffffffcee0) at gsignal.c:3319
                return_value =
                      {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                error = 0x0
                rtype = 20
                static_scope = 0
                instance_and_params = 0x7fffffffcd50
                signal_return_type = <optimized out>
                param_values = 0x7fffffffcd68
                node = <optimized out>
                i = <optimized out>
                n_params = <optimized out>
                __FUNCTION__ = "g_signal_emit_valist"
#17 0x000000000063ea11 in SPCanvasImpl::emitEvent(SPCanvas*, _GdkEvent*) (canvas=<optimized out>, event=0x677c9e0) at display/sp-canvas.cpp:1515
        parent = <optimized out>
        ev = 0x677c970
        item = 0x328e000 [SPCanvasArena]
        finished = 0
        event = 0x677c9e0
        canvas = <optimized out>
#22 0x0000003d1262a3bf in <emit signal ??? on instance 0x317f000 [SPCanvas]> (instance=instance@entry=0x317f000, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3365
        var_args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffd470, reg_save_area = 0x7fffffffd3b0}}
    #18 0x000000379f54780d in _gtk_marshal_BOOLEAN__BOXED (closure=0x14c6810, return_value=0x7fffffffd150, n_param_values=<optimized out>, param_values=0x7fffffffd200, invocation_hint=<optimized out>, marshal_data=<optimized out>)
    at gtkmarshalers.c:86
                callback = 0x63ebc0 <SPCanvasImpl::handleKeyEvent(_GtkWidget*, _GdkEventKey*)>
                cc = 0x14c6810
                data1 = 0x317f000
                data2 = 0x1302ef0
                v_return = <optimized out>
---Type <return> to continue, or q <return> to quit---
                __FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED"
    #19 0x0000003d1260fc8f in g_closure_invoke (closure=closure@entry=0x14c6810, return_value=return_value@entry=0x7fffffffd150, n_param_values=2, param_values=param_values@entry=0x7fffffffd200, invocation_hint=invocation_hint@entry=0x7fffffffd1a0) at gclosure.c:768
                marshal = <optimized out>
                marshal_data = <optimized out>
                in_marshal = 1
                real_closure = 0x14c67f0
                __FUNCTION__ = "g_closure_invoke"
    #20 0x0000003d1262194a in signal_emit_unlocked_R (node=node@entry=0x14c6860, detail=detail@entry=0, instance=instance@entry=0x317f000, emission_return=emission_return@entry=0x7fffffffd2b0, instance_and_params=instance_and_params@entry=0x7fffffffd200) at gsignal.c:3591
                accumulator = 0x14c68d0
                emission = {next = 0x7fffffffd690, instance = 0x317f000, ihint = {signal_id = 43, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 51864608}
                handler_list = <optimized out>
                return_accu = 0x7fffffffd150
                accu =
                      {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                signal_id = 43
                max_sequential_handler_number = 27354
                return_value_altered = 0
    #21 0x0000003d12629d68 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffffffd390) at gsignal.c:3319
                return_value =
                      {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                error = 0x0
                rtype = 20
                static_scope = 0
                instance_and_params = 0x7fffffffd200
                signal_return_type = <optimized out>
                param_values = 0x7fffffffd218
                node = <optimized out>
                i = <optimized out>
                n_params = <optimized out>
                __FUNCTION__ = "g_signal_emit_valist"
#23 0x000000379f67709c in gtk_widget_event_internal (widget=widget@entry=0x317f000 [SPCanvas], event=event@entry=0x677c9e0) at gtkwidget.c:5017
        signal_num = <optimized out>
        return_val = 0
#24 0x000000379f677391 in IA__gtk_widget_event (widget=widget@entry=0x317f000 [SPCanvas], event=event@entry=0x677c9e0) at gtkwidget.c:4814
        __FUNCTION__ = "IA__gtk_widget_event"
#25 0x000000379f68c90b in IA__gtk_window_propagate_key_event (window=window@entry=0x3821960 [gtkmm__GtkWindow], event=event@entry=0x677c9e0) at gtkwindow.c:5199
        parent = <optimized out>
        handled = 0
        widget = 0x3821960 [gtkmm__GtkWindow]
        focus = 0x317f000 [SPCanvas]
        __FUNCTION__ = "IA__gtk_window_propagate_key_event"
#26 0x000000379f68f493 in gtk_window_key_press_event (widget=0x3821960 [gtkmm__GtkWindow], event=0x677c9e0) at gtkwindow.c:5229
        window = 0x3821960 [gtkmm__GtkWindow]
        handled = <optimized out>
#31 0x0000003d1262a3bf in <emit signal ??? on instance 0x3821960 [gtkmm__GtkWindow]> (instance=instance@entry=0x3821960, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3365
        var_args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffd970, reg_save_area = 0x7fffffffd8b0}}
    #27 0x000000379f54780d in _gtk_marshal_BOOLEAN__BOXED (closure=0x14c6810, return_value=0x7fffffffd650, n_param_values=<optimized out>, param_values=0x7fffffffd700, invocation_hint=<optimized out>, marshal_data=<optimized out>)
    at gtkmarshalers.c:86
                callback = 0x37a4906ff0 <Gtk::Widget_Class::key_press_event_callback(_GtkWidget*, _GdkEventKey*)>
                cc = 0x14c6810
                data1 = 0x3821960
                data2 = 0x1302ef0
                v_return = <optimized out>
                __FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED"
    #28 0x0000003d1260fd35 in g_closure_invoke (closure=closure@entry=0x14c6810, return_value=return_value@entry=0x7fffffffd650, n_param_values=2, param_values=param_values@entry=0x7fffffffd700, invocation_hint=invocation_hint@entry=0x7fffffffd6a0) at gclosure.c:768
                marshal = <optimized out>
                marshal_data = <optimized out>
                in_marshal = 0
---Type <return> to continue, or q <return> to quit---
                __FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED"
    #19 0x0000003d1260fc8f in g_closure_invoke (closure=closure@entry=0x14c6810, return_value=return_value@entry=0x7fffffffd150, n_param_values=2, param_values=param_values@entry=0x7fffffffd200, invocation_hint=invocation_hint@entry=0x7fffffffd1a0) at gclosure.c:768
                marshal = <optimized out>
                marshal_data = <optimized out>
                in_marshal = 1
                real_closure = 0x14c67f0
                __FUNCTION__ = "g_closure_invoke"
    #20 0x0000003d1262194a in signal_emit_unlocked_R (node=node@entry=0x14c6860, detail=detail@entry=0, instance=instance@entry=0x317f000, emission_return=emission_return@entry=0x7fffffffd2b0, instance_and_params=instance_and_params@entry=0x7fffffffd200) at gsignal.c:3591
                accumulator = 0x14c68d0
                emission = {next = 0x7fffffffd690, instance = 0x317f000, ihint = {signal_id = 43, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 51864608}
                handler_list = <optimized out>
                return_accu = 0x7fffffffd150
                accu =
                      {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                signal_id = 43
                max_sequential_handler_number = 27354
                return_value_altered = 0
    #21 0x0000003d12629d68 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffffffd390) at gsignal.c:3319
                return_value =
                      {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                error = 0x0
                rtype = 20
                static_scope = 0
                instance_and_params = 0x7fffffffd200
                signal_return_type = <optimized out>
                param_values = 0x7fffffffd218
                node = <optimized out>
                i = <optimized out>
                n_params = <optimized out>
                __FUNCTION__ = "g_signal_emit_valist"
#23 0x000000379f67709c in gtk_widget_event_internal (widget=widget@entry=0x317f000 [SPCanvas], event=event@entry=0x677c9e0) at gtkwidget.c:5017
        signal_num = <optimized out>
        return_val = 0
#24 0x000000379f677391 in IA__gtk_widget_event (widget=widget@entry=0x317f000 [SPCanvas], event=event@entry=0x677c9e0) at gtkwidget.c:4814
        __FUNCTION__ = "IA__gtk_widget_event"
#25 0x000000379f68c90b in IA__gtk_window_propagate_key_event (window=window@entry=0x3821960 [gtkmm__GtkWindow], event=event@entry=0x677c9e0) at gtkwindow.c:5199
        parent = <optimized out>
        handled = 0
        widget = 0x3821960 [gtkmm__GtkWindow]
        focus = 0x317f000 [SPCanvas]
        __FUNCTION__ = "IA__gtk_window_propagate_key_event"
#26 0x000000379f68f493 in gtk_window_key_press_event (widget=0x3821960 [gtkmm__GtkWindow], event=0x677c9e0) at gtkwindow.c:5229
        window = 0x3821960 [gtkmm__GtkWindow]
        handled = <optimized out>
#31 0x0000003d1262a3bf in <emit signal ??? on instance 0x3821960 [gtkmm__GtkWindow]> (instance=instance@entry=0x3821960, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3365
        var_args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffd970, reg_save_area = 0x7fffffffd8b0}}
    #27 0x000000379f54780d in _gtk_marshal_BOOLEAN__BOXED (closure=0x14c6810, return_value=0x7fffffffd650, n_param_values=<optimized out>, param_values=0x7fffffffd700, invocation_hint=<optimized out>, marshal_data=<optimized out>)
    at gtkmarshalers.c:86
                callback = 0x37a4906ff0 <Gtk::Widget_Class::key_press_event_callback(_GtkWidget*, _GdkEventKey*)>
                cc = 0x14c6810
                data1 = 0x3821960
                data2 = 0x1302ef0
                v_return = <optimized out>
                __FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED"
    #28 0x0000003d1260fd35 in g_closure_invoke (closure=closure@entry=0x14c6810, return_value=return_value@entry=0x7fffffffd650, n_param_values=2, param_values=param_values@entry=0x7fffffffd700, invocation_hint=invocation_hint@entry=0x7fffffffd6a0) at gclosure.c:768
                marshal = <optimized out>
                marshal_data = <optimized out>
                in_marshal = 0
---Type <return> to continue, or q <return> to quit---
                real_closure = 0x14c67f0
                __FUNCTION__ = "g_closure_invoke"
    #29 0x0000003d1262194a in signal_emit_unlocked_R (node=node@entry=0x14c6860, detail=detail@entry=0, instance=instance@entry=0x3821960, emission_return=emission_return@entry=0x7fffffffd7b0, instance_and_params=instance_and_params@entry=0x7fffffffd700) at gsignal.c:3591
                accumulator = 0x14c68d0
                emission = {next = 0x0, instance = 0x3821960, ihint = {signal_id = 43, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 20114512}
                handler_list = <optimized out>
                return_accu = 0x7fffffffd650
                accu =
                      {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                signal_id = 43
                max_sequential_handler_number = 27354
                return_value_altered = 1
    #30 0x0000003d12629d68 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffffffd890) at gsignal.c:3319
                return_value =
                      {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
                error = 0x0
                rtype = 20
                static_scope = 0
                instance_and_params = 0x7fffffffd700
                signal_return_type = <optimized out>
                param_values = 0x7fffffffd718
                node = <optimized out>
                i = <optimized out>
                n_params = <optimized out>
                __FUNCTION__ = "g_signal_emit_valist"
#32 0x000000379f67709c in gtk_widget_event_internal (widget=widget@entry=0x3821960 [gtkmm__GtkWindow], event=event@entry=0x677c9e0) at gtkwidget.c:5017
        signal_num = <optimized out>
        return_val = 0
#33 0x000000379f677391 in IA__gtk_widget_event (widget=widget@entry=0x3821960 [gtkmm__GtkWindow], event=event@entry=0x677c9e0) at gtkwidget.c:4814
        __FUNCTION__ = "IA__gtk_widget_event"
#34 0x000000379f545b8f in IA__gtk_propagate_event (widget=0x3821960 [gtkmm__GtkWindow], event=0x677c9e0) at gtkmain.c:2464
        window = 0x3821960 [gtkmm__GtkWindow]
        handled_event = <optimized out>
        __FUNCTION__ = "IA__gtk_propagate_event"
#35 0x000000379f545f5b in IA__gtk_main_do_event (event=0x677c9e0) at gtkmain.c:1685
        event_widget = <optimized out>
        grab_widget = 0x3821960 [gtkmm__GtkWindow]
        window_group = <optimized out>
        rewritten_event = <optimized out>
        tmp_list = <optimized out>
        __FUNCTION__ = "IA__gtk_main_do_event"
#36 0x00000037a985ffbc in gdk_event_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at gdkevents-x11.c:2403
        display = <optimized out>
        event = 0x677c9e0
#37 0x0000003d10a49afb in g_main_context_dispatch (context=0x1467000) at gmain.c:3111
        dispatch = 0x37a985ff70 <gdk_event_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x0
        callback = 0x0
        cb_funcs = 0x0
        cb_data = 0x0
        need_destroy = <optimized out>
        source = 0x1461e60
        current = 0x3235d30
        i = 0
#38 0x0000003d10a49afb in g_main_context_dispatch (context=context@entry=0x1467000) at gmain.c:3710
#39 0x0000003d10a49e98 in g_main_context_iterate (context=0x1467000, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3781
        max_priority = 2147483647
        timeout = 26
---Type <return> to continue, or q <return> to quit---
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 2
        fds = 0x364deb0
#40 0x0000003d10a4a1c2 in g_main_loop_run (loop=0x67884f0) at gmain.c:3975
        __FUNCTION__ = "g_main_loop_run"
#41 0x000000379f544ea7 in IA__gtk_main () at gtkmain.c:1257
        tmp_list = 0x0
        functions = 0x0
        init = <optimized out>
        loop = 0x67884f0
#42 0x00000000004763ac in sp_main_gui(int, char const**) (argc=2, argv=0x7fffffffddf8) at main.cpp:1075
        main_instance = <incomplete type>
        fl = 0x0
        retVal = <optimized out>
        __PRETTY_FUNCTION__ = "int sp_main_gui(int, const char**)"
        dataDirs =
            std::vector of length 4, capacity 4 = {{static npos = 18446744073709551615, string_ = "/home/dg/.local/share"}, {static npos = 18446744073709551615, string_ = "/usr/share/kde-settings/kde-profile/default/share"}, {static npos = 18446744073709551615, string_ = "/usr/local/share"}, {static npos = 18446744073709551615, string_ = "/usr/share"}}
        usericondir = <optimized out>
        create_new = <optimized out>
#43 0x0000003d0de1ffe0 in __libc_start_main (main=0x457220 <main(int, char**)>, argc=2, argv=0x7fffffffddf8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdde8) at libc-start.c:289
        result = <optimized out>
        unwind_buf =
              {cancel_jmp_buf = {{jmp_buf = {0, 2237656736471186528, 4664150, 140737488346608, 0, 0, -2237657337942770592, 2267521446977731680}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0xc61d00 <__libc_csu_init>, 0x7fffffffddf8}, data = {prev = 0x0, cleanup = 0x0, canceltype = 12983552}}}
        not_first_call = <optimized out>
#44 0x0000000000472b7f in _start ()

Tags: crash text
Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :
Revision history for this message
su_v (suv-lp) wrote :

Reproduced on OS X 10.7.5 with
- Inkscape 0.48.5 r10043
- Inkscape 0.91pre2 r13636
- Inkscape 0.91+devel r13697, r13702

The steps to reproduce and the backtrace is similar to the crash already tracked in
- Bug #1029690 “Crash while editing truncated flowed text”
  <https://bugs.launchpad.net/inkscape/+bug/1029690>

The difference is the structure of the <text> element: in this case, the text was not created with inkscape (no <tspan> element of regular text, no (truncated) flowed text either):

<text class='text' id='label' font-family="'Droid Sans'" stroke='none' stroke-width='0' fill='#000000' font-size='1.49931' x='11.5888' y='4.4391' text-anchor='middle'>LINK_</text>

Proposing to link as duplicate (a variation) to bug #1029690.

tags: added: crash text
Changed in inkscape:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Mc (mc...) wrote :

I can reproduce a similar bug with these simple steps :

-> draw a path (even a simple segment will do)
-> write something
-> put text on path
then,
- take the text tool
- click on the text on the path
- ctrl+a (select all the text)
- <bkspc> (should delete all the text, leaving the cursor) => SIGSEGV

backtrace attached

Revision history for this message
Mc (mc...) wrote :

I'm not really sure about the root cause of this... The attached patch removes the segfault and doesn't produce any unexpected behaviour that i could see in a few tests, but i cannot tell for sure in which contexts _input_stream would be empty and .front() would be able to return something usable.

Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :

Hi Mc,
  That's not fixed it quite; indeed hitting up arrow no longer dies, but hitting left arrow instead segs still.

Revision history for this message
Mc (mc...) wrote :

I can't reproduce this...

Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :
Download full text (10.0 KiB)

Hi Mc,
  Hmm ok, here's a backtrace then. This is with bzr up to date at rev 13806 with manually applied your patch:
bzr diff
=== modified file 'src/libnrtype/Layout-TNG.h'
--- src/libnrtype/Layout-TNG.h 2014-11-10 17:39:33 +0000
+++ src/libnrtype/Layout-TNG.h 2014-12-20 21:58:42 +0000
@@ -657,7 +657,12 @@

     /** The overall block-progression of the whole flow. */
     inline Direction _blockProgression() const
- {return static_cast<InputStreamTextSource*>(_input_stream.front())->styleGetBlockProgression();}
+ {
+ if(_input_stream.empty())return LEFT_TO_RIGHT;
+ return static_cast<InputStreamTextSource*>(_input_stream.front())->styleGetBlockProgression();
+ }
+
+

Program received signal SIGSEGV, Segmentation fault.
0x00000000007251f1 in Inkscape::Text::Layout::iterator::prevLineCursor (this=0x9c62d60, n=<optimized out>, n@entry=1) at libnrtype/Layout-TNG-OutIter.cpp:795
795 if (_parent_layout->_lines[line_index - n].in_shape != _parent_layout->_lines[line_index].in_shape) {
(gdb) bt full
#0 0x00000000007251f1 in Inkscape::Text::Layout::iterator::prevLineCursor(int) (this=0x9c62d60, n=<optimized out>, n@entry=1) at libnrtype/Layout-TNG-OutIter.cpp:795
        line_index = 4294967295
#1 0x0000000000725ece in Inkscape::Text::Layout::iterator::cursorLeft() (this=<optimized out>) at libnrtype/Layout-TNG-OutIter.cpp:1003
        block_progression = <optimized out>
#2 0x0000000000aac4cc in Inkscape::UI::Tools::TextTool::root_handler(_GdkEvent*) (this=0x9c62c70, event=0x676db50) at ui/tools/text-tool.cpp:995
        old_start = {_parent_layout = 0x2b3eff8, _glyph_index = 0, _char_index = 0, _cursor_moving_vertically = <optimized out>, _x_coordinate = <optimized out>}
        old_end = {_parent_layout = 0x2b3eff8, _glyph_index = 0, _char_index = 0, _cursor_moving_vertically = <optimized out>, _x_coordinate = <optimized out>}
        cursor_moved = false
        screenlines = <optimized out>
        group0_keyval = 65361
        __PRETTY_FUNCTION__ = "virtual bool Inkscape::UI::Tools::TextTool::root_handler(GdkEvent*)"
#3 0x0000000000aadaea in Inkscape::UI::Tools::sp_event_context_virtual_root_handler(Inkscape::UI::Tools::ToolBase*, _GdkEvent*) (event_context=<optimized out>, event=0x676db50) at ui/tools/tool-base.cpp:1000
        desktop = 0x1ebec00
        ret = 0
#4 0x0000000000704d23 in sp_marshal_INT__POINTER_POINTER(GClosure*, GValue*, guint, GValue const*, gpointer, gpointer) (closure=0x328a090, return_value=0x7fffffffc8c0, n_param_values=<optimized out>, param_values=0x7fffffffc7f0, invocation_hint=<optimized out>, marshal_data=0x0) at helper/sp-marshal.cpp:247
        cc = 0x328a090
        data1 = 0x3288000
        __PRETTY_FUNCTION__ = "void sp_marshal_INT__POINTER_POINTER(GClosure*, GValue*, guint, const GValue*, gpointer, gpointer)"
        callback = <optimized out>
        data2 = <optimized out>
        v_return = <optimized out>
#5 0x00007ffff6dd4d35 in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#6 0x00007ffff6de6a42 in signal_emit_unlocked_R () at /lib64/libgobject-2.0.so.0
#7 0x00007ffff6deed58 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#8 0x00007ffff6def3af in...

Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :

note the line_index value

Mc (mc...)
Changed in inkscape:
assignee: nobody → Mc (mc...)
status: Confirmed → Fix Committed
Revision history for this message
Mc (mc...) wrote :

Fixed in r14127

Revision history for this message
su_v (suv-lp) wrote :

(quoting Mc- on irc: "it may be easily backported if nothing is obviously wrong")

Changed in inkscape:
milestone: none → 0.92
tags: added: backport-proposed
Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :

Excellent, thank you.

Revision history for this message
su_v (suv-lp) wrote :

Fix backported to 0.91.x in rev 13791.

Changed in inkscape:
milestone: 0.92 → 0.91.1
tags: removed: backport-proposed
jazzynico (jazzynico)
Changed in inkscape:
milestone: 0.91.1 → 0.92
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.