inkscape coredumps on opening SVG files with gradients (FreeBSD amd64)

> Inkscape 0.48 (…)

Inkscape 0.48.0 r9654 or Inkscape 0.48.1 r9760?

> (…) coredumps

Not reproduced with Inkscape 0.48.0, 0.48.1 and 0.48+devel r10129 on OS X 10.5.8 (i386)
The file opens quickly and without any error messages.

Perhaps this is amd64 specific problem, since I'm running FreeBSD amd64

Could you launch Inkscape from gdb, type 'bt' after the segfault occurred and attach the backtrace here?
(Note: needs debug symbols for Inkscape installed)

> Perhaps this is amd64 specific problem

- Do other older files created with Inkscape 0.46, or more recent files created with 0.47 or 0.48, open fine in your currently installed Inkscape?
- Which version of Inkscape is it - 0.48.0 r9654 or 0.48.1 r9760?

Yes, I have other files made with same (older) version, that crashes Inkscape....
Some even crash Inkscape when I click on them in Open dialog to see preview

About gdb, will post shortly

Please clarify:
Do all files (old and newer) crash at some point when opening in your currently installed inkscape version?
or:
Do all _older_ files crash in your currently installed inkscape version and newer files open fine?
or:
Do only certain files (old, newer) crash inkscape at some point?

Also:
- Please provide information about your current inkscape version (take the version string from menu 'Help > About Inkscape').
- Did you compile Inkscape yourself or is it a pre-built binary installed via package manager?

I reinstalled inkscape from ports (0.48.1 r9760)

Some older files and some new files crash inkscape, but not all.

I think files, that have gradient crash inkscape...
I've just created svg with simple box and added gradient...
When I open this files in inkscape it crashes

I also checked older files, and really, older files containing gradient crash inkscape, while older files without gradient do not.

Right now I added -g flag to CPPFLAGS in freebsd port... hopefully it will build Inkscape with debug symbols

Needs additional information (backtrace).

Possibly you could get the backtrace from the coredump, but building inkscape with -g (and not stripping it) would be required to retrieve meaningful information, AFAIU also when using a coredump.

See also:
<http://www.freebsd.org/doc/en/books/developers-handbook/debugging.html#AEN1011>
<http://www.gentoo.org/proj/en/qa/backtraces.xml#doc_chap1_pre9>

I've been seeing this problem with inkscape on FreeBSD-amd64 for about a year now. It's followed me across several different systems so I don't think it's a local problem. FreeBSD-i386 works fine -- it seems to be a 64-bit only issue.

I can reproduce it easily -- new document, create a rectangle. Set the fill to linear gradient. Set the fill to radial gradient -> Crash.

Backtrace attached. I've tried to track it down, but don't know enough about the Inkscape codebase to make heads or tails out of it. Please let me know if there's any more information I can provide that would be helpful.

@Craig - your 'steps to reproduce' fit bug #778441 “Gradients crashing Inkscape 0.48 on OpenBSD” more than this report (bug #743530).

@suv: Ah, I didn't see that one since I was searching for FreeBSD.

I think it's very likely that these two bugs are the same problem, or at least related.

Attached is a backtrace from "Opening an svg containing a box with a simple gradient", as the OP described the steps (this results in a crash for me as well).

I believe I've tracked it down. In sp-paint-server.cpp, the gobject type of the paint server is stored in painter->type. However painter->type is an enum. On 64-bit platforms, this enum is 32 bits wide. glib appears to be using some pointer masking for quick reference to certain gobject types. When it's shoved into the 32-bit field, the type reference is being truncated, causing glib to access unallocated memory when the mask is later reversed.

I believe this may supposed to be using SPPainter::server_type instead, which is a GType and looks to be otherwise unused.

The attached patch fixes the crash on my system (as well as the issue in bug #778441).

On Mon, May 16, 2011 at 6:18 PM, Craig Boston <email address hidden> wrote:
> I believe I've tracked it down. In sp-paint-server.cpp, the gobject type
> of the paint server is stored in painter->type. However painter->type is
> an enum. On 64-bit platforms, this enum is 32 bits wide. glib appears to
> be using some pointer masking for quick reference to certain gobject
> types. When it's shoved into the 32-bit field, the type reference is
> being truncated, causing glib to access unallocated memory when the mask
> is later reversed.
>
> I believe this may supposed to be using SPPainter::server_type instead,
> which is a GType and looks to be otherwise unused.
>
> The attached patch fixes the crash on my system (as well as the issue in
> bug #778441).
>
> ** Attachment added: "patch-sp-paint-server.cpp"
>   https://bugs.launchpad.net/inkscape/+bug/743530/+attachment/2130982/+files/patch-sp-paint-server.cpp
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/743530
>
> Title:
>  inkscape coredumps on opening SVG files with gradients (FreeBSD amd64)
>
> Status in Inkscape: A Vector Drawing Tool:
>  Confirmed
>
> Bug description:
>  When I try to open some of my svg (which were created with Inkscape about year or two ago)
>  Inkscape 0.48 coredumps
>
>
>  $ uname -a
>  FreeBSD desktop.pc 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011     <email address hidden>:/usr/obj/usr/src/sys/GENERIC  amd64
>
>  I've attached file, that I tried to open last time, Inkscape crashed....
>  I tried to open it few times, and it crashed always after rendering svg in about <= second
>
>  There was no usable console output, that could help indicating bug:
>
>  Emergency save activated!
>  Emergency save completed. Inkscape will close now.
>  If you can reproduce this crash, please file a bug at www.inkscape.org
>  with a detailed description of the steps leading to the crash, so we can fix it.
>  Segmentation fault (core dumped)
>
>
>  You can get coredump from:
>  http://files.bsdroot.lv/my/coredumps/inkscape.core-2011.03.27.xz
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/inkscape/+bug/743530/+subscribe
>

This patch seam to fix my problem.
Incscape doesn't crash any-more when I open my old svg files :)

There are some subtleties involved in the code here that might require a little tuning on the patch. I'm looking into that now.

Inkscape trunk: r10242
Inkscape 0.48.x: r9781