Inkscape

Entering '+' into "stroke width" dialog crashes Inkscape

Bug #1587311 reported by Edd Barrett on 2016-05-31

8

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Inkscape	Fix Released	High	Rafael Sadowski	Inkscape 0.92 "0.92"

Bug Description

1) Draw a line
2) Open the "fill and stroke" dialog
3) In the "stroke style" tab, type "+" into the "stroke width" box
4) Press enter, boom.

This is Inkscape-0.91 on OpenBSD.

Trace is not very useful, I am afraid.

(gdb) run
Starting program: /usr/local/bin/inkscape
terminate called after throwing an instance of 'Inkscape::Util::EvaluatorException'
what(): Expression evaluator error: Expected number or '(' at ''

Program received signal SIGABRT, Aborted.
0x000004b59123589a in thrkill () at <stdin>:2
2 <stdin>: No such file or directory.
        in <stdin>
Current language: auto; currently asm
(gdb) bt
#0 0x000004b59123589a in thrkill () at <stdin>:2
#1 0x000004b591215309 in *_libc_abort () at /usr/src/lib/libc/stdlib/abort.c:52
#2 0x000004b4febc436c in __gnu_cxx::__verbose_terminate_handler ()
    at /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++/vterminate.cc:98
#3 0x000004b4febe0d87 in __cxxabiv1::__terminate (handler=Variable "handler" is not available.
) at /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++/eh_terminate.cc:43
#4 0x000004b4febe0dc3 in std::terminate () at /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++/eh_terminate.cc:53
#5 0x000004b4febc449e in __cxa_throw (obj=Variable "obj" is not available.
) at /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++/eh_throw.cc:76
Die: DW_TAG_unspecified_type (abbrev = 86, offset = 105207902)
        has children: FALSE
        attributes:
                DW_AT_name (DW_FORM_strp) string: "decltype(nullptr)"
Dwarf Error: Cannot find type of die [in module /usr/local/bin/inkscape]

Tags:

Related branches

lp:~inkscape.dev/inkscape/trunk

jazzynico (jazzynico) on 2016-06-02

Changed in inkscape:
importance:	Undecided → High

Revision history for this message

jazzynico (jazzynico) wrote on 2016-06-02:

#1

Crash not reproduced on Xubuntu 16.04, Inkscape 0.91 and trunk rev. 14942.
The "Expression evaluator error: Expected number or '(' at ''" message shows on the console, but it doesn't trigger a crash here.

Revision history for this message

su_v (suv-lp) wrote on 2016-06-04:

#2

Crash not reproduced on OS X 10.7.5 either (tested with 0.91 r13725 and latest trunk r14949).

Possible OpenBSD-specific issue (?) - AFAICT latest downstream OpenBSD port for inkscape now includes custom patch to address the crashes experienced by inkscape users on OpenBSD:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/graphics/inkscape/patches/patch-src_util_expression-evaluator_cpp?rev=1.2&content-type=text/x-cvsweb-markup

Source:
https://twitter.com/OpenBSD_ports/status/738995526444535809

Revision history for this message

Edd Barrett (edd-6) wrote on 2016-06-04:

#3

Yes, I posted this bug on the ports mailing list, and someone devised a fix:
http://marc.info/?l=openbsd-ports&m=146502357225601&w=2

If you think it is correct, please consider including this patch.

Revision history for this message

jazzynico (jazzynico) wrote on 2016-06-04:

#4

Did you test the patch on OpenBSD? If not, we can test on Windows, OS X and various GNU/Linux distros, but as far as I can tell, nobody's on OpenBSD in the Inkcape dev team. So we can only test for regressions, but not the fix itself.

Changed in inkscape:
status:	New → In Progress

Revision history for this message

jazzynico (jazzynico) wrote on 2016-06-04:

#5

1587311-ExpressionEvaluator-Crash.diff Edit (684 bytes, text/plain)

Attaching patch here for convenience.

Tested on Windows XP (32-bit), Inkscape trunk rev. 14949. No regression found so far.
The error message no longer shows when using the "+" or "-" keys, but still appears when typing other characters such as "=", "*" or "/". So I'm not sure all cases are fixed for OpenBSD.

Revision history for this message

jazzynico (jazzynico) wrote on 2016-06-04:

#6

And thanks for the link and the patch BTW!

jazzynico (jazzynico) on 2016-06-04

Changed in inkscape:
milestone:	none → 0.92

Revision history for this message

jazzynico (jazzynico) wrote on 2016-06-04:

#7

Rafael - I've added you account to the notification list so that you can see that you patch is currently being tested.
Did you check if it works with other characters? As explained in comment #5, I still see the error message (but no crash on my Windows XP, 7 and Xubuntu 16.04 test computers) when using "=", "*" or "/". So there are risks that Inkscape still crashes on OpenBSD in those cases.
That said if the tests show no regression, I will very probably commit the patch anyway.

Thanks!

Revision history for this message

jazzynico (jazzynico) wrote on 2016-06-05:

#8

Tested again on Xubuntu 16.04 and fixed in the trunk rev. 14952.

Don't hesitate to test and comment here if you notice regressions.
Thanks for the patch!

Changed in inkscape:
assignee:	nobody → Rafael Sadowski (rafael-g)
status:	In Progress → Fix Committed

Bryce Harrington (bryce) on 2017-01-10

Changed in inkscape:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

1587311-ExpressionEvaluator-Crash.diff Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.