Entering '+' into "stroke width" dialog crashes Inkscape

Bug #1587311 reported by Edd Barrett on 2016-05-31
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
High
Rafael Sadowski

Bug Description

1) Draw a line
2) Open the "fill and stroke" dialog
3) In the "stroke style" tab, type "+" into the "stroke width" box
4) Press enter, boom.

This is Inkscape-0.91 on OpenBSD.

Trace is not very useful, I am afraid.

(gdb) run
Starting program: /usr/local/bin/inkscape
terminate called after throwing an instance of 'Inkscape::Util::EvaluatorException'
  what(): Expression evaluator error: Expected number or '(' at ''

Program received signal SIGABRT, Aborted.
0x000004b59123589a in thrkill () at <stdin>:2
2 <stdin>: No such file or directory.
        in <stdin>
Current language: auto; currently asm
(gdb) bt
#0 0x000004b59123589a in thrkill () at <stdin>:2
#1 0x000004b591215309 in *_libc_abort () at /usr/src/lib/libc/stdlib/abort.c:52
#2 0x000004b4febc436c in __gnu_cxx::__verbose_terminate_handler ()
    at /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++/vterminate.cc:98
#3 0x000004b4febe0d87 in __cxxabiv1::__terminate (handler=Variable "handler" is not available.
) at /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++/eh_terminate.cc:43
#4 0x000004b4febe0dc3 in std::terminate () at /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++/eh_terminate.cc:53
#5 0x000004b4febc449e in __cxa_throw (obj=Variable "obj" is not available.
) at /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++/eh_throw.cc:76
Die: DW_TAG_unspecified_type (abbrev = 86, offset = 105207902)
        has children: FALSE
        attributes:
                DW_AT_name (DW_FORM_strp) string: "decltype(nullptr)"
Dwarf Error: Cannot find type of die [in module /usr/local/bin/inkscape]

jazzynico (jazzynico) on 2016-06-02
Changed in inkscape:
importance: Undecided → High
jazzynico (jazzynico) wrote :

Crash not reproduced on Xubuntu 16.04, Inkscape 0.91 and trunk rev. 14942.
The "Expression evaluator error: Expected number or '(' at ''" message shows on the console, but it doesn't trigger a crash here.

su_v (suv-lp) wrote :

Crash not reproduced on OS X 10.7.5 either (tested with 0.91 r13725 and latest trunk r14949).

Possible OpenBSD-specific issue (?) - AFAICT latest downstream OpenBSD port for inkscape now includes custom patch to address the crashes experienced by inkscape users on OpenBSD:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/graphics/inkscape/patches/patch-src_util_expression-evaluator_cpp?rev=1.2&content-type=text/x-cvsweb-markup

Source:
https://twitter.com/OpenBSD_ports/status/738995526444535809

Edd Barrett (edd-6) wrote :

Yes, I posted this bug on the ports mailing list, and someone devised a fix:
http://marc.info/?l=openbsd-ports&m=146502357225601&w=2

If you think it is correct, please consider including this patch.

jazzynico (jazzynico) wrote :

Did you test the patch on OpenBSD? If not, we can test on Windows, OS X and various GNU/Linux distros, but as far as I can tell, nobody's on OpenBSD in the Inkcape dev team. So we can only test for regressions, but not the fix itself.

Changed in inkscape:
status: New → In Progress
jazzynico (jazzynico) wrote :

Attaching patch here for convenience.

Tested on Windows XP (32-bit), Inkscape trunk rev. 14949. No regression found so far.
The error message no longer shows when using the "+" or "-" keys, but still appears when typing other characters such as "=", "*" or "/". So I'm not sure all cases are fixed for OpenBSD.

jazzynico (jazzynico) wrote :

And thanks for the link and the patch BTW!

jazzynico (jazzynico) on 2016-06-04
Changed in inkscape:
milestone: none → 0.92
jazzynico (jazzynico) wrote :

Rafael - I've added you account to the notification list so that you can see that you patch is currently being tested.
Did you check if it works with other characters? As explained in comment #5, I still see the error message (but no crash on my Windows XP, 7 and Xubuntu 16.04 test computers) when using "=", "*" or "/". So there are risks that Inkscape still crashes on OpenBSD in those cases.
That said if the tests show no regression, I will very probably commit the patch anyway.

Thanks!

jazzynico (jazzynico) wrote :

Tested again on Xubuntu 16.04 and fixed in the trunk rev. 14952.

Don't hesitate to test and comment here if you notice regressions.
Thanks for the patch!

Changed in inkscape:
assignee: nobody → Rafael Sadowski (rafael-g)
status: In Progress → Fix Committed
Bryce Harrington (bryce) on 2017-01-10
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers