inkscape crashed with SIGSEGV in pathv_to_linear_and_cubic_beziers()

Bug #1216167 reported by MohaMed Awd on 2013-08-24
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
High
Unassigned
inkscape (Ubuntu)
Medium
Unassigned

Bug Description

:(

ProblemType: Crash
DistroRelease: Ubuntu 13.10
Package: inkscape 0.48.4-1ubuntu3
ProcVersionSignature: Ubuntu 3.11.0-3.6-generic 3.11.0-rc6
Uname: Linux 3.11.0-3-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.12.1-0ubuntu2
Architecture: amd64
CrashCounter: 1
Date: Sat Aug 24 02:53:35 2013
ExecutablePath: /usr/bin/inkscape
InstallationDate: Installed on 2013-07-27 (27 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
MarkForUpload: True
ProcCmdline: inkscape
SegvAnalysis:
 Segfault happened at: 0x7c47ed <_Z33pathv_to_linear_and_cubic_beziersRKSt6vectorIN4Geom4PathESaIS1_EE+45>: mov (%rsi),%rdi
 PC (0x007c47ed) ok
 source "(%rsi)" (0x00000010) not located in a known VMA region (needed readable region)!
 destination "%rdi" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: inkscape
StacktraceTop:
 pathv_to_linear_and_cubic_beziers(std::vector<Geom::Path, std::allocator<Geom::Path> > const&) ()
 Inkscape::UI::PathManipulator::_createControlPointsFromGeometry() ()
 Inkscape::UI::PathManipulator::_externalChange(unsigned int) ()
 Inkscape::XML::CompositeNodeObserver::notifyAttributeChanged(Inkscape::XML::Node&, unsigned int, Inkscape::Util::ptr_shared<char>, Inkscape::Util::ptr_shared<char>) ()
 Inkscape::XML::SimpleNode::setAttribute(char const*, char const*, bool) ()
Title: inkscape crashed with SIGSEGV in pathv_to_linear_and_cubic_beziers()
UpgradeStatus: Upgraded to saucy on 2013-08-04 (19 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

MohaMed Awd (aples4attack) wrote :

StacktraceTop:
 pathv_to_linear_and_cubic_beziers (pathv=...) at helper/geom.cpp:469
 Inkscape::UI::PathManipulator::_createControlPointsFromGeometry (this=this@entry=0x87fce60) at ui/tool/path-manipulator.cpp:999
 Inkscape::UI::PathManipulator::_externalChange (this=0x87fce60, type=<optimized out>) at ui/tool/path-manipulator.cpp:963
 Inkscape::XML::CompositeNodeObserver::notifyAttributeChanged (this=0x5f6f050, node=..., name=3553, old_value=..., new_value=...) at xml/composite-node-observer.cpp:94
 Inkscape::XML::SimpleNode::setAttribute (this=0x5f6f000, name=<optimized out>, value=<optimized out>) at xml/simple-node.cpp:356

Changed in inkscape (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
information type: Private → Public
tags: added: crash
Kris (kris-degussem) on 2013-12-23
Changed in inkscape:
importance: Undecided → High
Johan Engelen (johanengelen) wrote :

I can't find anything obvious that is wrong in the code of the top 3 functions of the stack trace.
One thing to try is if pathv_to_linear_and_cubic_beziers is OK if the argument is a PathVector with an empty Path in it.
PathVector pv;
pv.push_back(Path());
pathv_to_linear_and_cubic_beziers(pv);

Windows build is broken so cannot try it right now.

Johan Engelen (johanengelen) wrote :

Perhaps this call
void PathManipulator::_createControlPointsFromGeometry()
{
//...
    Geom::PathVector pathv = pathv_to_linear_and_cubic_beziers(_spcurve->get_pathvector());

If the _spcurve has been deleted by someone else, the _spcurve->get_pathvector() will return a corrupted pointer and will crash the program on first use in pathv_to_linear_and_cubic_beziers.

?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers