Inkscape

trunk: crash in Inkscape::UI::Dialog::FilterEffectsDialog::FilterModifier::on_filter_reorder ()

Bug #1220143 reported by su_v on 2013-09-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Inkscape	Fix Released	High	Martin Owens

Bug Description

Steps to reproduce
1) launch inkscape with default prefs, default template
2) draw rectangle
3) apply a filter (e.g. 'Filters > Bevels > Bloom')
4) open filter editor
5) select filter and duplicate it (via context menu)
6) close filter editor ('Ctrl+W')
7) close document window ('Ctrl+W', discard changes)
-> crash

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x0000000100b216e4 in Inkscape::UI::Dialog::FilterEffectsDialog::FilterModifier::on_filter_reorder (this=0x134c72ef0, path=@0x7fff5fbfdef8) at filter-effects-dialog.cpp:1313
1313 object->getRepr()->setPosition(0);

System info:
Reproduced on Ubuntu 13.04 (VM 64bit, trunk PPA) and OS X 10.7.5.

Based on tests with archived build on OS X 10.7.5:
- not reproduced with r12393
- reproduced with r12395 and later revisions
the regression was likely introduced in r12394:
<http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/12394>

Follow-up report to:
Bug #1168814 “allow reordering and saving of filter order”

See original description

Tags:

Related branches

lp:~inkscape.dev/inkscape/trunk

Revision history for this message

su_v (suv-lp) wrote on 2013-09-03:

1220143-bt-full-r12500-debug-osx-quartz-64bit.txt Edit (17.3 KiB, text/plain)

description:	updated
Changed in inkscape:
milestone:	none → 0.49

Revision history for this message

jazzynico (jazzynico) wrote on 2013-09-06:

Reproduced on Windows XP, Inkscape trunk revision 12501.

Changed in inkscape:
status:	New → Triaged

Revision history for this message

jazzynico (jazzynico) wrote on 2013-09-06:

filtersTest.svg Edit (670 bytes, image/svg+xml)

Minimal test file attached.

1. Open the SVG file.
2. Open the filters editor.
3. Close Inkscape with File>Close (File>Quit doesn't lead to a crash).

Revision history for this message

jazzynico (jazzynico) wrote on 2013-09-07:

@Martin - The bug was introduced with the new drag and drop feature in the filters list. Would you be willing to take a look?

Changed in inkscape:
assignee:	nobody → Martin Owens (doctormo)

su_v (suv-lp) on 2013-09-07

description:

updated

Revision history for this message

Martin Owens (doctormo) wrote on 2013-09-08:

Fixed in trunk, see r12504. It looks like a race condition between the elements being destroyed and the dialog list being cleared. When one item is cleared, it reorders the list (event) but of course all the other elements in the list have already gone. So it crashes.

su_v (suv-lp) on 2013-09-08