trunk: Crashes with extensions from 'Generate from path'

Bug #1131165 reported by su_v on 2013-02-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
High
Unassigned

Bug Description

Steps to reproduce:

0) launch inkscape with default (new) preferences
1) open attached sample file
2) select both paths
3) open 'Extensions > Generate from Path > Extrude'
4) toggle Live Preview on and off repeatedly
-> sooner or later Inkscape crashes.

Optimized build (-O2):
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x000000090f5d3458
0x00000001002c0d4d in Geom::BezierCurve::finalPoint ()

Debug build (-g -O0):
Reason: KERN_INVALID_ADDRESS at address: 0x0000000944e2bd48
0x0000000101248cfb in Geom::Bezier::at1 (this=0x144e2bde8) at bezier.h:215
215 inline Coord at1() const { return c_[order()]; }

Reproduced with Inkscape 0.48+devel on
- Ubuntu 12.10 (64bit, VM, FSF GCC 4.7.2)
- Mac OS X 10.5.8 (32bit Intel, Apple GCC 4.2.1)
- OS X 10.7.4 (64bit, Apple llvm-gcc-4.2, Apple clang 3.1, FSF GCC 4.6.2)

Notes:
- Crash cannot consistently be reproduced with various local build setups, and may depend on the geometry of the paths (sometimes, after toggling the live preview off, the original paths may render noticeably corrputed, with stray nodes displaced outside the visual bbox).

- Likely affects other extensions, too: I also managed to reproduce the same crash (backtrace) e.g. with 'Extensions > Generate from Path > Interpolate', though it took far more 'Live Preview on|off' cycles to make inkscape crash.

- While with my local builds on OS X 10.7.4 the failure seems to be more easily reproducible with latest trunk builds (>= 12104), I failed to find a range of revisions which might have introduced a change triggering these crashes - similar to bug #1113635 and bug #1106031.

- Not reproduced with stable versions (0.48.3.1, 0.48.4)

su_v (suv-lp) wrote :
su_v (suv-lp) wrote :

Other steps to reproduce (as originally reported by AndyFitz on #inkscape irc channel):

01:46 andyfitz: weird, I can do the extrude extension once but the second time it crashes
01:46 andyfitz: anyone else have this bug in trunk ?
<…>
02:22 andyfitz: the whole document crashes and the recovery save is corrupted (as in not all svg gets written )
02:23 andyfitz: I'll get a backtrace
02:23 su_v: you apply it to two selected paths a second time?
02:23 andyfitz: correct, sometimes the first time but not as often. the second time almost always crashes
02:23 su_v: doesn't crash here if applied a second time (with two separate paths)
02:24 andyfitz: su_v: try sufficiently compex paths (type a few words . subset (ctrl+shift+c) ungroup and unify them and then dupicate and zoom down one of the paths
02:24 su_v: reproducible in a new document, with default prfs?
02:25 andyfitz: su_v: <…>. but yes it is reproducible with default prefs on a clean build. happens all the time
02:41 su_v: andyfitz: crash reproducible here after toggling Live Preview on and off again several times (number varies): before the crash, one or both path might not be restored correctly when toggling off the preview
02:41 su_v: backtrace: http://pastie.org/pastes/6266219/text?key=zumajq57d5me6jkn6vgdra (debug build r12137)
02:42 andyfitz: so this could be from the new extensions stuff? the extrude tool used to be rock solid
02:45 su_v: crash doesn't seem to occur in extension-specific area AFAICT - looks more like a some internal stuff going wrong

jazzynico (jazzynico) wrote :

Not reproduced on Windows XP, Inkscape trunk revision 12137.
I've stopped after 100 clicks on the check box. Restarted Inkscape, tested again, but no crash.
I'll try again later on Debian testing.

jazzynico (jazzynico) wrote :

Reproduced on Debian testing, Inkscape trunk revision 12137.

More or less the same trace as in comment #2 (Ubuntu). Relevant lines:
...
#6 ~valarray (this=0x5c1b1b8, __in_chrg=<optimized out>) at /usr/include/c++/4.7/valarray:705
#7 ~Bezier (this=0x5c1b1b8, __in_chrg=<optimized out>) at ./2geom/bezier.h:116
#8 Geom::D2<Geom::Bezier>::~D2 (this=0x5c1b1b8, __in_chrg=<optimized out>) at ./2geom/d2.h:52
#9 0x000000000048ebe4 in ~BezierCurve (this=0x5c1b1b0, __in_chrg=<optimized out>) at ./2geom/bezier-curve.h:46
#10 ~BezierCurveN (this=0x5c1b1b0, __in_chrg=<optimized out>) at ./2geom/bezier-curve.h:148
#11 Geom::BezierCurveN<1u>::~BezierCurveN (this=0x5c1b1b0, __in_chrg=<optimized out>) at ./2geom/bezier-curve.h:148

Changed in inkscape:
importance: Undecided → High
status: New → Triaged
jazzynico (jazzynico) wrote :

Note that I've crashed Inkscape twice: the first time after 30 actions, the second after only 3. Very unpredictable indeed.

su_v (suv-lp) wrote :

Still reproducible with r12585 (Ubuntu 13.04, VM) and r12586 (OS X 10.7.5).

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers