Inkscape

Inkscape crash in symbols.cpp

Bug #1104326 reported by David Mathog on 2013-01-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Inkscape	Fix Released	High	Martin Owens	Inkscape 0.91 "0.91"

Bug Description

Inkscape (branch lp988601, updated yesterday, bzr revno = 11716, program says version r11679 in "about") started
crashing now and then on Ubuntu. Ran it in gdb until it blew up and then did a "bt". The memory error blew up in
symbols.cpp as shown below:

GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /usr/local/src/inkscape_lp988601/src/inkscape...done.
(gdb) run
Starting program: /usr/local/src/inkscape_lp988601/src/inkscape
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[New Thread 0xb5ed8b40 (LWP 3445)]
[New Thread 0xb54ffb40 (LWP 3446)]
[New Thread 0xb4cfeb40 (LWP 3447)]
[New Thread 0xb42ffb40 (LWP 3448)]
[Thread 0xb4cfeb40 (LWP 3447) exited]
[Thread 0xb42ffb40 (LWP 3448) exited]
[Thread 0xb5ed8b40 (LWP 3445) exited]
[Thread 0xb54ffb40 (LWP 3446) exited]
Program received signal SIGSEGV, Segmentation fault.
Inkscape::UI::Dialog::SymbolsDialog::symbols_in_doc_recursive (this=0xc3472a8, r=0x0, l=0x0) at ui/dialog/symbols.cpp:445
445 for (SPObject *child = r->firstChild(); child; child = child->getNext()) {
(gdb) bt
#0 Inkscape::UI::Dialog::SymbolsDialog::symbols_in_doc_recursive (this=0xc3472a8, r=0x0, l=0x0) at ui/dialog/symbols.cpp:445
#1 0x0847e842 in Inkscape::UI::Dialog::SymbolsDialog::symbols_in_doc (this=0xc3472a8, symbolDocument=0x909fae0)
    at ui/dialog/symbols.cpp:455
#2 0x0847f18b in Inkscape::UI::Dialog::SymbolsDialog::draw_symbols (this=0xc3472a8, symbolDocument=0x909fae0)
    at ui/dialog/symbols.cpp:509
#3 0x08482dd4 in Inkscape::UI::Dialog::SymbolsDialog::rebuild (this=0xc3472a8) at ui/dialog/symbols.cpp:231
#4 0x08482f18 in Inkscape::UI::Dialog::SymbolsDialog::setTargetDesktop (this=0xc3472a8, desktop=0x8bde100)
    at ui/dialog/symbols.cpp:703
#5 0x0837231d in emit (_A_a1=@0xbfffeac4: 0x90c22a0, impl=<optimized out>) at /usr/include/sigc++-2.0/sigc++/signal.h:1010
#6 emit (_A_a1=@0xbfffeac4: 0x90c22a0, this=<optimized out>) at /usr/include/sigc++-2.0/sigc++/signal.h:2781
#7 Inkscape::UI::Dialog::DesktopTracker::setDesktop (this=0xc347464, desktop=0x90c22a0) at ui/dialog/desktop-tracker.cpp:137
#8 0x08372441 in Inkscape::UI::Dialog::DesktopTracker::activateDesktopCB (desktop=0x90c22a0, self=0xc347464)
    at ui/dialog/desktop-tracker.cpp:100
#9 0x013884d3 in g_cclosure_marshal_VOID__POINTER () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#10 0x01385484 in g_closure_invoke () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#11 0x013970d9 in ?? () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#12 0x0139f2dc in g_signal_emit_valist () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#13 0x0139f453 in g_signal_emit () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#14 0x080cb359 in inkscape_activate_desktop (desktop=0x90c22a0) at inkscape.cpp:1048
#15 0x0831d9cd in SPDesktopWidget::onFocusInEvent (this=0xc38c430) at widgets/desktop-widget.cpp:1800
#16 0x00655d4d in ?? () from /usr/lib/i386-linux-gnu/libgtkmm-2.4.so.1
#17 0x00a5c8a2 in ?? () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#18 0x01385484 in g_closure_invoke () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#19 0x0139736a in ?? () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#20 0x0139eff5 in g_signal_emit_valist () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#21 0x0139f453 in g_signal_emit () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#22 0x00b96413 in ?? () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#23 0x00a5b034 in gtk_main_do_event () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#24 0x00e74758 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
---Type <return> to continue, or q <return> to quit---
#25 0x0140dd86 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
#26 0x0140e125 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#27 0x0140e56b in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
#28 0x00a59b8f in gtk_main () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#29 0x005cc194 in Gtk::Main::run_impl() () from /usr/lib/i386-linux-gnu/libgtkmm-2.4.so.1
#30 0x005ccbcf in Gtk::Main::run() () from /usr/lib/i386-linux-gnu/libgtkmm-2.4.so.1
#31 0x080a2715 in sp_main_gui (argc=1, argv=0xbffff6e4) at main.cpp:994
#32 0x0808a157 in main (argc=1, argv=0xbffff6e4) at main.cpp:725

I don't think this has anything to do with the modifications in this branch, as it blew up in this instance just opening
an SVG file.

Tags:

Related branches

lp:~inkscape.dev/inkscape/trunk

Revision history for this message

su_v (suv-lp) wrote on 2013-01-24:

On 24/01/2013 19:38, David Mathog wrote:
> Inkscape (branch lp988601, updated yesterday, bzr revno = 11716,

Note: as mentioned in the commit log for branch <lp:~inkscape.dev/inkscape/lp988601>:
r11716 corresponds to trunk r12051

Revision history for this message

jazzynico (jazzynico) wrote on 2013-01-24:

Confirmed on Windows XP, Inkscape trunk revision 12062.
The crash occurs when the Symbols dialog is already open before loading the document.

Changed in inkscape:
importance:	Undecided → High
milestone:	none → 0.49
status:	New → Triaged

su_v (suv-lp) on 2013-01-24

tags:

added: crash

Revision history for this message

Johan Engelen (johanengelen) wrote on 2013-01-24:

fixed in r12063.
not marking the bug as fixed, and assigning to Tav: please have a more thorough look through the file. If a function will crash on receiving a NULL pointer for one of its argument, the argument type should be redefined as "reference" (&), or a NULL check should be added at the start of the function. Thanks!

Changed in inkscape:
assignee:	nobody → Tavmjong Bah (tavmjong-free)

Revision history for this message

Martin Owens (doctormo) wrote on 2013-04-21:

I decided to warn if we get empty objects. I intend to track the warnings in future, testing at the moment produces no warnings so everyone be sure to specify your steps to reproduce if you see it.

Changed in inkscape:
assignee:	Tavmjong Bah (tavmjong-free) → Martin Owens (doctormo)
status:	Triaged → Fix Committed
tags:	added: symbols

Revision history for this message

su_v (suv-lp) wrote on 2014-02-17:

Related critical warnings (reproduced with trunk r13034 on OS X 10.7.5)

STR:
1) launch trunk (default new prefs, new default doc)
2) open Symbols dialog (Shift+Ctrl+Y)
3) close the dialog (Ctrl+W)
4) close the current document (Ctrl+W)
--> console messages:

** (inkscape:8187): CRITICAL **: GSList* Inkscape::UI::Dialog::SymbolsDialog::symbols_in_doc_recursive(SPObject*, GSList*): assertion 'r != NULL' failed

The warning then seems to be output every second time step 4 is repeated in the current inkscape session (with default prefs, closing the last remaining open document window opens a new default doc).

@Martin - do you want the critical warning tracked in a new report (since you closed this one)?

Revision history for this message

jazzynico (jazzynico) wrote on 2014-05-10:

@ ~suv - Do you still see the warnings? I've tested with r13347 on Crunchbang Waldorf and everything works as expected without any warning.

Revision history for this message

Martin Owens (doctormo) wrote on 2014-05-10:

~suv - If the issue still appears, then yes, we can do a new bug report to track the issue.

Revision history for this message

su_v (suv-lp) wrote on 2014-05-10:

The warnings seem to have been addressed in rev 13048:
<http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/13048>

(reproduced with archived builds rev <= 13047, not reproduced with rev >= 13048)

--
replaces comment #8 (fixes typo)

Bryce Harrington (bryce) on 2015-02-21

Changed in inkscape:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.