inkscape crashed with SIGABRT in __gnu_cxx::__verbose_terminate_handler()

Bug #1204732 reported by Hans Schepker on 2013-07-25
22
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Inkscape
High
jazzynico
inkscape (Ubuntu)
Medium
Unassigned

Bug Description

I am trying to run an eggbot from inkscape. Everytime I want to setup the eggbot through the extensions the program reports an internal error and needs to close. I have updated and re-installed all software according to instructions (I think!) but the problem is always the same and persistent.

ProblemType: Crash
DistroRelease: Ubuntu 13.10
Package: inkscape 0.48.4-1ubuntu2
ProcVersionSignature: Ubuntu 3.10.0-4.13-generic 3.10.1
Uname: Linux 3.10.0-4-generic x86_64
ApportVersion: 2.11-0ubuntu1
Architecture: amd64
CrashCounter: 1
Date: Wed Jul 24 21:18:34 2013
ExecutablePath: /usr/bin/inkscape
InstallationDate: Installed on 2010-03-03 (1239 days ago)
InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Alpha amd64 (20130624)
MarkForUpload: True
ProcCmdline: inkscape
ProcEnviron:
 LANGUAGE=en_US
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
Signal: 6
SourcePackage: inkscape
StacktraceTop:
 raise () from /lib/x86_64-linux-gnu/libc.so.6
 abort () from /lib/x86_64-linux-gnu/libc.so.6
 __gnu_cxx::__verbose_terminate_handler() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
Title: inkscape crashed with SIGABRT in raise()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dialout dip lpadmin plugdev sambashare sudo

Hans Schepker (hschepker) wrote :

StacktraceTop:
 __gnu_cxx::__verbose_terminate_handler() () from /tmp/apport_sandbox_LvZEis/usr/lib/x86_64-linux-gnu/libstdc++.so.6
 ?? () from /tmp/apport_sandbox_LvZEis/usr/lib/x86_64-linux-gnu/libstdc++.so.6
 std::terminate() () from /tmp/apport_sandbox_LvZEis/usr/lib/x86_64-linux-gnu/libstdc++.so.6
 __cxa_throw () from /tmp/apport_sandbox_LvZEis/usr/lib/x86_64-linux-gnu/libstdc++.so.6
 std::__throw_logic_error(char const*) () from /tmp/apport_sandbox_LvZEis/usr/lib/x86_64-linux-gnu/libstdc++.so.6

Changed in inkscape (Ubuntu):
importance: Undecided → Medium
summary: - inkscape crashed with SIGABRT in raise()
+ inkscape crashed with SIGABRT in
+ __gnu_cxx::__verbose_terminate_handler()
tags: removed: need-amd64-retrace
information type: Private → Public
tags: added: crash
su_v (suv-lp) on 2013-08-01
tags: added: extensions-plugins
Changed in inkscape:
importance: Undecided → High
su_v (suv-lp) wrote :

Reproduced eggbot extension with Inkscape 0.48.4 and 0.48+devel r12442 on OS X 10.7.5 - if using Inkscape with most recent versions of dependencies (same inkscape versions compiled and running with older versions of dependencies do not crash):

$ port installed glib2 glibmm gtk2 gtkmm gettext intltool libsigcxx2 | grep active
  gettext @0.18.3_0 (active)
  glib2 @2.36.3_2 (active)
  glibmm @2.36.2_0 (active)
  gtk2 @2.24.20_103+git_patches+no_x11+quartz (active)
  gtkmm @2.24.4_0+quartz (active)
  intltool @0.50.2_2+perl5_12 (active)
  libsigcxx2 @2.2.11_0 (active)

Backtrace from current trunk (12442) attached.

su_v (suv-lp) wrote :

Crash not reproduced on OS X 10.7.5 with these versions of dependencies (same Inkscape versions, same eggbot extension installation):

$ port installed glib2 glibmm gtk2 gtkmm gettext intltool libsigcxx2 | grep active
  gettext @0.18.1.1_2 (active)
  glib2 @2.32.4_0+debug_symbols (active)
  glibmm @2.32.1_0 (active)
  gtk2 @2.24.13_0+custom+x11 (active)
  gtkmm @2.24.2_0 (active)
  intltool @0.50.2_0 (active)
  libsigcxx2 @2.2.10_0 (active)

and:

$ port installed glib2 glibmm gtk2 gtkmm gettext intltool libsigcxx2 | grep active
  gettext @0.18.1.1_2 (active)
  glib2 @2.34.3_100 (active)
  glibmm @2.34.1_100+debug_symbols (active)
  gtk2 @2.24.17_100+custom+debug_symbols+no_x11+quartz (active)
  gtkmm @2.24.2_0 (active)
  intltool @0.50.2_0 (active)
  libsigcxx2 @2.2.10_0 (active)

Changed in inkscape:
status: New → Confirmed

AFAICT the trigger on Inkscape's side is an empty 'description' parameter (see attached demos):
   <param name="empty_desc_1" type="description" xml:space="preserve"></param>
or:
   <param name="empty_desc_1" type="description" xml:space="preserve"> </param>
or:
   <param name="empty_desc_1" type="description" xml:space="preserve">
</param>

This one with minimal content works:
   <param name="empty_desc_1" type="description" xml:space="preserve">.</param>

The parameter element in the Egg-Bot extension which triggers the crash:
<http://code.google.com/p/eggbotcode/source/browse/trunk/inkscape_driver/eggbot.inx?r=220#32>

su_v (suv-lp) wrote :

Related upstream issue for Hersey text:
- Issue 62 - eggbotcode - Hershey Text causes Inkscape Trunk to crash
  <http://code.google.com/p/eggbotcode/issues/detail?id=62>

su_v (suv-lp) wrote :

@Windell Oskay - subscribing you to this report since this Inkscape regression affects 'Hershey Text' (now included with inkscape trunk) as well as the 'Eggbot Control' extension.

Windell Oskay (windell) wrote :

@~suv
Thank you for the notice, and for verifying the cause. This issue (crashing with an empty param) does not seem to affect Inkscape prior to 0.48.4.

@Hans Schepker (hschepker)
Would have appreciated you filing the bug report with the Eggbot project directly, so that we could have gotten you up and running a couple of weeks sooner. (And so that we weren't adding to the load over here.)

Please try the new version and let me know if that fixes it; we do not presently have a system that can reproduce this crash.
http://code.google.com/p/eggbotcode/downloads/detail?name=eggbot_2013_08_11_2.3.4.zip

jazzynico (jazzynico) wrote :

Confirmed on Windows XP, Inkscape trunk revision 12473 with example 1 from comment #7 (examples 2 and 3 doesn't crash the application).

Changed in inkscape:
assignee: nobody → JazzyNico (jazzynico)
milestone: none → 0.49
status: Confirmed → In Progress
jazzynico (jazzynico) wrote :

Attached is a patch that tests empty strings (in that case the description widget is removed).
Please test!

The attachment "1204732-EmptyDescription.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
su_v (suv-lp) wrote :

On 2013-08-12 14:11 +0200, JazzyNico wrote:
> Confirmed on Windows XP, Inkscape trunk revision 12473 with example 1
> from comment #7 (examples 2 and 3 doesn't crash the application).

Thanks for noticing - I failed to catch that this particular crash with
a completely empty description also affects the builds with older
versions of the dependencies on OS X 10.7.5 (see comment #6).

> Attached is a patch that tests empty strings (in that case the
> description widget is removed).
> Please test!

r12473+patch tested on OS X 10.7.5 with
A - GTK+/Quartz 2.24.17, glib 2.34.3, libxml2 2.8.0
B - GTK+/Quartz 2.24.20, glib 2.36.4, libxml2 2.9.1

using these test cases:
1) empty description parameter (affects A, B)
2) space (" ") as description content (affects B)
3) newline as description content (affects B)

While the patch does prevent all known variants of the crash, it's still
unclear to me what kind of change in which external library causes the
crashes of type 2) and 3) - the proposed fix doesn't address this
specifically.

The rendered result of the INX file with patched builds differs
depending on this yet unknown difference: description parameters with a
space or newline as content are now omitted too with those patched
builds which otherwise crash (the actual issue & example reported here):

Please have a look at the attached sample INX and the screenshot - on
the left the dialog from a patched build which didn't crash before, on
the right from a patched build with newer libs which now no longer
crashes but (somewhat unexpectedly) omits description parameters with
not-quite-empty content (used as spacer elements).

<off-topic>
Since the crashes of type 2) and 3) are triggered (at least in the
examples I have encountered) by using an "not-quite-empty" description
parameter (with space or newline as content) as spacer element in custom
extension dialogs - are there other (crash-proof) INX options which
could be used instead for such purposes?
</off-topic>

Windell Oskay (windell) wrote :

It seems like the suggested patch fixes the symptom, not the underlying cause; I would have guessed that the "description" inx element would be the correct place to include desired whitespace.

While we have removed the empty parameters in the Eggbot and Hershey Text extensions that caused the crash, we were indeed using them to provide whitespace, so the "off-topic" question is relevant for finding a workaround.

jazzynico (jazzynico) wrote :

Inkscape crashes when passing a NULL parameter to gettext. The check just make sure the value is not NULL and if it fails, doesn't create the description widget. I don't know if gettext should check, but it doesn't hurt to check in Inkscape directly.

~suv>The rendered result of the INX file with patched builds differs depending on this yet unknown difference: description parameters with a space or newline as content are now omitted too with those patched builds which otherwise crash

On Windows, only the real NULL description failed. Newlines and fake spaces don't crash the application and the values are rendered as expected (as newlines and spaces). Yes, there must be something wrong with the most recent gettext version.

jazzynico (jazzynico) wrote :

Also tested on Debian stable (Crunchbang flavor): with gettext 0.18.1.1-9, extensions fail1a, fail2 and fail3 don't crash and render as expected.

su_v (suv-lp) wrote :

On 2013-08-12 20:37 +0200, JazzyNico wrote:
> Also tested on Debian stable (Crunchbang flavor): with gettext
> 0.18.1.1-9, extensions fail1a, fail2 and fail3 don't crash and render as
> expected.

Ubuntu 13.10 "Saucy Salamander" also has gettext 1.18.1.1 installed according to <https://launchpad.net/gettext> - is it possible that a different external library is triggering this regression (glib, libxml2, …)?

jazzynico (jazzynico) wrote :

~suv> is it possible that a different external library is triggering this regression (glib, libxml2, …)?

Since we use xml to get the element's content (defaultval = xml->firstChild()->content();), yes, it could be due to some changes in libxml2.
In the Win32 devlibs, we have libxml2-2.7.8 and in Debian stable 2.8, both working correctly. Referring to your comment #14, it fails with 2.9.1.

su_v (suv-lp) wrote :

Another (external) extension affected by this crash triggered by description parameters with newlines only (used as visual spacer):

Original Extension:
- “Inkscape to OpenSCAD converter v5”
  <http://www.thingiverse.com/thing:25036>
  <http://www.thingiverse.com/download:209973>

Patch (e.g. to be able to run it on Fedora 18):
- “paths2openscad Fedora 18 patch”
  <http://www.thingiverse.com/thing:40603>
  <http://www.thingiverse.com/download:114963>

By now a newer version of the 'OpenSCAD converter' extensions has been released (v6), which no longer uses the empty description parameter as spacing element:
<http://www.thingiverse.com/download:270026>

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in inkscape (Ubuntu):
status: New → Confirmed
Changed in inkscape (Ubuntu):
status: Confirmed → Triaged
jazzynico (jazzynico) wrote :

From comment #19> In the Win32 devlibs, we have libxml2-2.7.8 and in Debian stable 2.8, both working correctly. Referring to your comment #14, it fails with 2.9.1.

Tested again on Windows XP with the experimental gtk3 devlibs (with libxml2-2.9), and I confirm it fails with the first 3 test files from comment #7 (only the first file fails with libxml2 < 2.9).

I'm going to commit the patch. It doesn't solve the libxml2 issue, and thus the dialog ignores invalid spacings (don't hesitate to open a new -lower priority- bug report), but it fixes the crash.

jazzynico (jazzynico) wrote :

Fixed in the trunk, revision 12861.

Changed in inkscape:
status: In Progress → Fix Committed
Changed in inkscape:
status: Fix Committed → Fix Released
Changed in inkscape (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.