Inkscape

Crash when attempting to select a 3D box with a broken perspective reference

Bug #256718 reported by dopelover on 2008-08-10

Affects		Status	Importance	Assigned to	Milestone
	Inkscape	Fix Released	Medium	Unassigned	Inkscape 0.91 "0.91"

Bug Description

I have encountered crash while fitting page to selection.
To reproduce crash open attached svg file, select all objects, then open document properties dialog and click "fit page to selection".
This bug is present in 0.46 version as well as in current cvs version.

Inkscape runs on x86-64 debian lenny/sid machine with 2.6.25.14 kernel with nvidia propietary drivers (version 173.14.12)

This is a GDB output:
--------------------------------
[Thread debugging using libthread_db enabled]
[New Thread 0x7fc0210a8780 (LWP 15291)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fc0210a8780 (LWP 15291)]
persp3d_has_all_boxes_in_selection (persp=0x0) at /usr/include/c++/4.3/bits/stl_iterator.h:683
683 __normal_iterator(const _Iterator& __i) : _M_current(__i) { }
(gdb) bt
#0 persp3d_has_all_boxes_in_selection (persp=0x0) at /usr/include/c++/4.3/bits/stl_iterator.h:683
#1 0x00000000004fcc92 in box3d_set_transform (item=0x36042e0, xform=@0x36043c0) at box3d.cpp:338
#2 0x0000000000498233 in sp_item_write_transform (item=0x36042e0, repr=<value optimized out>,
    transform=@0x36043c0, adv=0x7fff291f7e00, compensate=true) at sp-item.cpp:1420
#3 0x00000000004918aa in sp_item_move_rel (item=0x36042e0, tr=@0x7fff291f8170) at sp-item-transform.cpp:79
#4 0x000000000048f3fd in SPGroup::translateChildItems (this=<value optimized out>, tr=@0x7fff291f8170)
    at sp-item-group.cpp:576
#5 0x00000000004543eb in SPDocument::fitToRect (this=0x1437d80, rect=@0x7fff291f81a8) at document.cpp:564
#6 0x0000000000474dc8 in fit_canvas_to_selection (desktop=0x146acc0) at selection-chemistry.cpp:2914
#7 0x0000000000474eb3 in fit_canvas_to_selection_or_drawing (desktop=0x146acc0)
    at selection-chemistry.cpp:2967
#8 0x00000000007752eb in sp_action_perform (action=0x1483cb0, data=0x0) at helper/action.cpp:181
#9 0x00007fc01fea6c92 in Glib::SignalProxyNormal::slot0_void_callback () from /usr/lib/libglibmm-2.4.so.1
#10 0x00007fc01df3eebd in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#11 0x00007fc01df5229c in ?? () from /usr/lib/libgobject-2.0.so.0
#12 0x00007fc01df53116 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#13 0x00007fc01df53623 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#14 0x00007fc01ef96d9d in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#15 0x00007fc01df3eebd in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#16 0x00007fc01df51538 in ?? () from /usr/lib/libgobject-2.0.so.0
#17 0x00007fc01df53116 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
---Type <return> to continue, or q <return> to quit---
#18 0x00007fc01df53623 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#19 0x00007fc01ef95f3d in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#20 0x00007fc01f064688 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#21 0x00007fc01df3eebd in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#22 0x00007fc01df518fc in ?? () from /usr/lib/libgobject-2.0.so.0
#23 0x00007fc01df52f99 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#24 0x00007fc01df53623 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#25 0x00007fc01f17919e in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#26 0x00007fc01f05d203 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#27 0x00007fc01f05e24b in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#28 0x00007fc01ecbff8c in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#29 0x00007fc01d495892 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#30 0x00007fc01d49901d in ?? () from /usr/lib/libglib-2.0.so.0
#31 0x00007fc01d49954d in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#32 0x00007fc01f05e667 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#33 0x00000000004503b1 in sp_main_gui (argc=1, argv=0x7fff291f97e8) at main.cpp:800
#34 0x0000000000450835 in main (argc=1, argv=0x7fff291f97e8) at main.cpp:610

Tags:

Revision history for this message

dopelover (dopelover) wrote on 2008-08-10:

buggymoon.svg Edit (248.6 KiB, image/svg+xml)

Revision history for this message

sas (sas-sas) wrote on 2008-08-10:

Confirmed in SVN revision 19629.

The crash seems to be caused by a 3D box in which the paths all lack 'd' attributes. If this box (with id="g5142") is manually removed from the SVG file before opening in Inkscape, then the crash doesn't occur.

A crash can also be triggered like this:
  1) Open the file.
  2) Open the Find dialog (Ctrl+F).
  3) Type g5142 in the ID field.
  4) Click the Find button.

Both crashes produce the following message on stderr:

** (inkscape.exe:660): CRITICAL **: void box3d_add_to_selection(SPBox3D*): assertion `persp' failed

Changed in inkscape:
status:	New → Confirmed

Revision history for this message

Maximilian Albert (cilix) wrote on 2008-08-13:

Assigning to myself because it is caused by code I added. May take a (short?) while before I get around to fixing it, though.

Changed in inkscape:
assignee:	nobody → cilix

Revision history for this message

Johan Engelen (johanengelen) wrote on 2009-02-25:

unassigning as Max is occupied with other stuff at the moment.

Changed in inkscape:
assignee:	cilix → nobody

Revision history for this message

su_v (suv-lp) wrote on 2009-11-23:

256718-bt-crashlog.txt Edit (5.5 KiB, text/plain)

reproduced with Inkscape 0.46+devel r22575 on OS X 10.5.8 and the file 'buggymoon.svg '

Revision history for this message

Maximilian Albert (cilix) wrote on 2009-12-26:

The original bug is fixed in bzr rev. 8911. The crash described in comment #2 is still present, but it is due to the fact that there is a 3D box in the file whose perspective is _not_ present in the document defs. I'm surprised that such a constellation can occur at all because normally it shouldn't be possible to do this without manually manipulating the svg file. I'm closing this bug, but if the original poster can say something as to how the perspective might have vanished from the file, I'd be interested to hear it.

Changed in inkscape:
status:	Confirmed → Fix Released

su_v (suv-lp) on 2009-12-26

Changed in inkscape:
milestone:	none → 0.48
status:	Fix Released → Fix Committed

Revision history for this message

Krzysztof Kosinski (tweenk) wrote on 2010-03-28:

The second crash (Ctrl+F, type "g5142" in the ID field and press Find) still happens, so the issue is not fixed yet.

Changed in inkscape:
status:	Fix Committed → Confirmed
importance:	Undecided → Medium
summary:	- crash while fitting page to selection + Crash when attempting to select a 3D box with a broken perspective + reference

jazzynico (jazzynico) on 2010-07-13

Changed in inkscape:
milestone:	0.48 → none

Revision history for this message

Beluga (buovjaga) wrote on 2016-08-13:

No crash with find g5142. Please re-test.

Arch Linux 64-bit, KDE Plasma 5
Inkscape 0.92pre1 15054 (GTK3)

Revision history for this message

jazzynico (jazzynico) wrote on 2016-08-24:

Find crash reproduced on Windows XP (32-bit) with 0.48.5.
Not reproduced with 0.91.

Changed in inkscape:
milestone:	none → 0.91
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.