Inkscape

Segmentation fault in sp_filter_get_image_name

Bug #1474350 reported by Renata Hodovan on 2015-07-14

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Inkscape	Triaged	Medium	Unassigned

Bug Description

OS: Ubunu 15.04, x86_64

Inkscape version:
revno: 14243
branch nick: inkscape

Test case:

Extra flags:
-z // run without GUI

Backtrace:
Program received signal SIGSEGV, Segmentation fault.
sp_filter_get_image_name (filter=0x0, name=name@entry=0x17af800 "foo") at sp-filter.cpp:454
454 map<gchar *, int, ltstr>::iterator result = filter->_image_name->find(name_copy);
(gdb) bt
#0 0x000000000055f7e8 in sp_filter_get_image_name(SPFilter*, char const*) (filter=0x0, name=name@entry=0x17af800 "foo") at sp-filter.cpp:454
#1 0x00000000005610e2 in sp_filter_primitive_read_in(SPFilterPrimitive*, char const*) (prim=<optimized out>, name=<optimized out>,
    name@entry=0x17af800 "foo") at sp-filter-primitive.cpp:221
#2 0x000000000072409b in SPFeMergeNode::set(unsigned int, char const*) (this=0x1778770, key=158, value=0x17af800 "foo") at filters/mergenode.cpp:52
#3 0x00000000005a95ca in SPObject::invoke_build(SPDocument*, Inkscape::XML::Node*, unsigned int) (this=0x1778770, document=0x17bbea0, repr=0x17b9a30, cloned=<optimized out>) at sp-object.cpp:758
#4 0x00000000005abb98 in SPObject::build(SPDocument*, Inkscape::XML::Node*) (this=0x1773150, document=0x17bbea0, repr=<optimized out>) at sp-object.cpp:698
#5 0x00000000005a95ca in SPObject::invoke_build(SPDocument*, Inkscape::XML::Node*, unsigned int) (this=0x1773150, document=0x17bbea0, repr=0x17b9b20, cloned=<optimized out>) at sp-object.cpp:758
#6 0x00000000005abb98 in SPObject::build(SPDocument*, Inkscape::XML::Node*) (this=this@entry=0x17734f0, document=document@entry=0x17bbea0, repr=repr@entry=0x17b9c10) at sp-object.cpp:698
#7 0x000000000058024b in SPItem::build(SPDocument*, Inkscape::XML::Node*) (this=this@entry=0x17734f0, document=document@entry=0x17bbea0, repr=repr@entry=0x17b9c10) at sp-item.cpp:409
#8 0x0000000000593829 in SPLPEItem::build(SPDocument*, Inkscape::XML::Node*) (this=this@entry=0x17734f0, document=document@entry=0x17bbea0, repr=repr@entry=0x17b9c10) at sp-lpe-item.cpp:80
#9 0x0000000000583689 in SPGroup::build(SPDocument*, Inkscape::XML::Node*) (this=this@entry=0x17734f0, document=document@entry=0x17bbea0, repr=repr@entry=0x17b9c10) at sp-item-group.cpp:71
#10 0x00000000005b943c in SPRoot::build(SPDocument*, Inkscape::XML::Node*) (this=0x17734f0, document=0x17bbea0, repr=0x17b9c10) at sp-root.cpp:73
#11 0x00000000005a95ca in SPObject::invoke_build(SPDocument*, Inkscape::XML::Node*, unsigned int) (this=0x17734f0, document=0x17bbea0, repr=0x17b9c10, cloned=<optimized out>) at sp-object.cpp:758
#12 0x00000000004af7a1 in SPDocument::createDoc(Inkscape::XML::Document*, char const*, char const*, char const*, unsigned int, SPDocument*) (rdoc=rdoc@entry=
    0x17a9a60, uri=uri@entry=0x14138b0 "inkscape/sp_filter_get_image_name/crash.svg", base=base@entry=0x1774c40 "inkscape/sp_filter_get_image_name/", name=name@entry=0x15573f0 "crash.svg", keepalive=keepalive@entry=1, parent=parent@entry=0x0) at document.cpp:383
#13 0x00000000004b0bee in SPDocument::createNewDoc(char const*, unsigned int, bool, SPDocument*) (uri=0x14138b0 "inkscape/sp_filter_get_image_name/crash.svg", keepalive=1, make_new=<optimized out>, parent=0x0) at document.cpp:558
#14 0x0000000000676d21 in Inkscape::Extension::Input::open(char const*) (this=
    0x14ea9e0, uri=uri@entry=0x14138b0 "inkscape/sp_filter_get_image_name/crash.svg") at extension/input.cpp:153
#15 0x0000000000674886 in Inkscape::Extension::open(Inkscape::Extension::Extension*, char const*) (key=key@entry=0x0, filename=filename@entry=0x14138b0 "inkscape/sp_filter_get_image_name/crash.svg") at extension/system.cpp:117
Python Exception <class 'TypeError'> iter() returned non-iterator of type '_iterator':
#16 0x0000000000472377 in sp_process_file_list(GSList*) (fl=0x14cb3b0) at main.cpp:1107
#17 0x00000000004738dd in sp_main_console(int, char const**) (argc=3, argv=0x7fffffffd918) at main.cpp:1341
#18 0x00007fffefe49a40 in __libc_start_main (main=
    0x459690 <main(int, char**)>, argc=3, argv=0x7fffffffd918, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd908) at libc-start.c:289
#19 0x0000000000470569 in _start ()

Tags: