r12830, drag deleting a guide causes a crash

Bug #1255791 reported by Cojnel on 2013-11-28
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Inkscape
High
Martin Owens

Bug Description

When dragging a guide from a ruler onto the page and then
dragging it on or past the ruler to delete it,
causes inkscape to crash.

when starting inkscape with the terminal commands:
gdb /usr/bin/inkscape
...
and typing run here:
(gdb) run

everytime it crashes it shows this message:

Program received signal SIGSEGV, Segmentation fault.
0x081d51b2 in ?? ()

once it crashed with this message:

**
ERROR:sp-namedview.cpp:1063:SPNamedView* sp_document_namedview(SPDocument*, const gchar*): assertion failed: (nv != NULL)

Program received signal SIGABRT, Aborted.
0xb7fdd424 in __kernel_vsyscall ()

Tested with:
inkscape_0.49~devel+12830+12~ubuntu12.10.1_i386.deb
on linux mint 15 cinnamon 32bit

Cojnel (cojnel) on 2013-11-28
tags: added: ui
su_v (suv-lp) on 2013-11-28
tags: added: crash guides
su_v (suv-lp) wrote :

- Not reproduced with Inkscape 0.48.4 on OS X 10.7.5: does not crash, but outputs a warning when dropping the guide outside the canvas:
** (inkscape:36691): CRITICAL **: void sp_ctrlpoint_set_color(SPCtrlPoint *, guint32): assertion 'SP_IS_CTRLPOINT (cp)' failed

- Reproduced with trunk r12832 (full backtrace attached)

su_v (suv-lp) wrote :

Reminds me of
- Bug #1006032 “Crash dragging guide back to ruler”
  <https://bugs.launchpad.net/inkscape/+bug/1006032>

Changed in inkscape:
importance: Undecided → High
milestone: none → 0.49
status: New → Confirmed
tags: added: regression
jazzynico (jazzynico) wrote :

Also reproduced on Crunchbang Waldorf (a Debian stable based distro) with trunk revision 12832 (same backtrace).

Not reproduced on Windows XP (virtualboxed) with the official devlibs and devlibs-gtk3.

Changed in inkscape:
status: Confirmed → Triaged
Martin Owens (doctormo) wrote :

After quite a bit of testing I can say these things about this bug:

 * It's intermittent, happening once in a while under certain circumstances.
 * It's actually a couple of different crashes caused by the same problem
 * Looks like the sp_guide is not being deleted and cleaned up in time or properly.

There's two main deaths, one is when the mouse enters over the now deleted guide and inkscape tries to get the description. At this point sometimes guide->document has been emptied and it shows 'Guideline: Deleted', othertimes guide->document still looks valid... up until it get's cleaned up. Sometimes a crash happens on mouse up when it's trying to figure out what events need to go where.

What I found most interesting is that I could get the backtrace to be as long or short as I wanted by adding in a little bit more code. The more code, the sooner it crashed. Leading me to believe it's a race condition where the guide has not been deleted in time for the mouse events.

Finding a solution is the next priority.

Martin Owens (doctormo) wrote :

Fixed in r12911. I've added 5 letters, 'break' ;-)

Basically the switch case for the event handler has the mouse release event gate crashing into the enter notify event. Causing all sorts of nasty.

The problem is intermittent, so I've just been creating and deleting 45 guides without a crash. Before the longest line of non-crashing was 7 and most within 3. Please test your versions and report if you spot a crash after 12911.

Changed in inkscape:
assignee: nobody → Martin Owens (doctormo)
status: Triaged → Fix Committed
Johan Engelen (johanengelen) wrote :

Great catch!
Very obvious bug if you know where to look. I've added another break that was missing (technically not necessary there, but who knows in future what people add below...)

Bryce Harrington (bryce) on 2015-02-21
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers