Inkscape

trunk: crash in in cc_generic_knot_handler() after tool-switch (connector -> select) (rev >= 12532)

Bug #1273510 reported by su_v
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
Triaged
Low
Unassigned

Bug Description

Steps to reproduce:
1) launch current trunk (default prefs, default new (not localized) doc)
2) draw a rectangle
3) switch to the connector tool 'O'
4) click once on an empty area to start a connector line
5) connect the line to the connection point of the rectangle
   (do not move the cursor after the connector line is done)
6) switch to select tool with 'S'
7) click once with the LMB to select the rectangle

--> crash:
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000150
0x0000000100ee0b31 in cc_generic_knot_handler (unnamed_arg=0x112971e90, event=0x14c2cba50, knot=0x11297ac60) at connector-tool.cpp:1083
1083 cc->active_handle = NULL;

Notes:
The same steps with older trunk builds (rev >= 12015) produce these console warnings, but no crash:
(inkscape-12531:14989): GLib-GObject-WARNING **: invalid cast from 'SPSelectContext' to 'SPConnectorContext'

(inkscape-12531:14989): GLib-GObject-WARNING **: invalid cast from 'SPSelectContext' to 'SPConnectorContext'

First encountered while testing r12982 on OS X 10.7.5.

Based on tests with archived builds:
- not reproduced with rev <= 12531
- reproduced with rev >= 12532
the crash seems to be triggered by changes from the merge of the C++ification branch:
<http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/12532>

See original description
Revision history for this message
su_v (suv-lp) wrote :
tags: added: crash ui
removed: selection
description: updated
Revision history for this message
jazzynico (jazzynico) wrote :

Confirmed on Windows XP, Inkscape trunk revision 12982.

Changed in inkscape:
status: New → Triaged
Revision history for this message
jazzynico (jazzynico) wrote :

Workaround attached.
A real patch would require some investigations (it seems that a signal is not correctly disconnected, maybe something missing in cc_clear_active_conn()).

Revision history for this message
su_v (suv-lp) wrote :

Not sure what is better: prevent crash at the cost of keeping apparently buggy code in and hidden (because it no longer crashes), or wait for real fix. Maybe commit the workaround with a comment in the code, add a console warning (something's wrong), and keep this report open, with lowered importance?

If the critical warnings from earlier builds are related, the investigation should probably start at the connector cleanup in
<http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/12015>

Revision history for this message
su_v (suv-lp) wrote :

Workaround patch tested successfully with r12975 on OS X 10.7.5

Revision history for this message
jazzynico (jazzynico) wrote :

> If the critical warnings from earlier builds are related

They are. When activating the selector, the context changes but some desktop events from the connector tool are still active and try to get connector context related data from the selector context.

Revision history for this message
jazzynico (jazzynico) wrote :

> Maybe commit the workaround with a comment in the code, add a console warning (something's wrong), and keep this report open, with lowered importance?

Agreed. I'm going to work on a cleaner workaround and see how we can handle the report (probably low priority then).

Changed in inkscape:
status: Triaged → In Progress
assignee: nobody → jazzynico (jazzynico)
Revision history for this message
jazzynico (jazzynico) wrote :

Workaround committed revision 12996.
Now that the crash is fixed, I'm lowering the bug importance to low.

Changed in inkscape:
assignee: jazzynico (jazzynico) → nobody
importance: High → Low
milestone: 0.91 → none
status: In Progress → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.