Inkscape

Crashes when inserting nodes

Bug #1617615 reported by kaspar
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
Fix Released
High
Shlomi Fish
Inkscape 1.0

Bug Description

Inkscape crashes on attached svg when selecting node tool, selecting all nodes (Ctrl-A) and then pressing the insert nodes button.

This happens in stable and current trunk builds from PPA: 0.91.0+52~ubuntu14.04.1

Backtrace from trunk:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7578acd in sp_object_unref(SPObject*, SPObject*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
(gdb) bt
#0 0x00007ffff7578acd in sp_object_unref(SPObject*, SPObject*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#1 0x00007ffff7104109 in Inkscape::UI::PathManipulator::writeXML() () from /usr/bin/../lib/inkscape/libinkscape_base.so
#2 0x00007ffff70f26d9 in Inkscape::UI::MultiPathManipulator::_done(char const*, bool) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#3 0x00007ffff32613b8 in g_closure_invoke () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#4 0x00007ffff3272fd1 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5 0x00007ffff327aa29 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-

Revision history for this message
kaspar (kaspar-emanuel) wrote :
Revision history for this message
kaspar (kaspar-emanuel) wrote :

I just found out it will not crash if the single node in the bottom right of the drawing is deleted.

Revision history for this message
Alvin Penner (apenner) wrote :

crash confirmed on Windows 10, Inkscape 0.91 r13725 (Jan 30 2015) (32 bit build)
no exit message in DOS

Changed in inkscape:
status: New → Confirmed
Revision history for this message
Alvin Penner (apenner) wrote :

crash confirmed on Windows XP, Inkscape 0.92pre1 (Aug 25 2016) (0.92.x branch)

backtrace:
C:\InkscapeBZR\inkscape>gdb inkscape
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-mingw32"...
(no debugging symbols found)
(gdb) symbol-file inkscape.dbg
Reading symbols from C:\InkscapeBZR\inkscape/inkscape.dbg...done.
(gdb) run
Starting program: C:\InkscapeBZR\inkscape/inkscape.exe
[New thread 3364.0x204]
[New thread 3364.0x6ac]
[New thread 3364.0x41c]
[New thread 3364.0xd38]
[New thread 3364.0xecc]
[New thread 3364.0xed0]
[New thread 3364.0xed4]
[New thread 3364.0xed8]
[New thread 3364.0xedc]
warning: Lowest section in C:\WINDOWS\system32\xpsp2res.dll is .rsrc at 00011000

Program received signal SIGSEGV, Segmentation fault.
0x0096ee33 in sp_object_unref ()
(gdb) bt
#0 0x0096ee33 in sp_object_unref ()
#1 0x09807ec0 in ?? ()
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x0096ee33 in sp_object_unref ()
(gdb) c
Continuing.

Revision history for this message
jazzynico (jazzynico) wrote :

Also reproduced on Xubuntu 16.04, Inkscape trunk rev. 15082. Same backtrace as in the original report.

tags: added: crash node-editing
Changed in inkscape:
importance: Undecided → High
status: Confirmed → Triaged
Revision history for this message
su_v (suv-lp) wrote :

Trigger of the crash AFAICT are "empty" paths selected with 'Ctrl+A':
path3409, path3407, path3405

If they are not part of the selection, inserting nodes with all nodes selected works as expected. The stack / selection order may play a role, too.

Attached is a reduced test case with two paths (one with empty path data, one closed filled path). To reproduce the crash:
1) 'Ctrl+A' to select all elements
2) switch to node tool ('N')
3) 'Ctrl+A' to select all nodes
4) <Insert> to add nodes

To avoid the crash:
1) click on the visible path
2) switch to node tool ('N')
3) 'Ctrl+A' to select all nodes
4) <Insert> to add nodes

To avoid the crash with the original file:
1) select one of the visible filled paths
2) Edit > Select same > Fill and Stroke
3) switch to node tool ('N')
4) 'Ctrl+A' to select all nodes
5) <Insert> to add nodes
(the empty paths have a black fill color and are not part of the selection)

Revision history for this message
Shlomi Fish (shlomif-gmail) wrote :

Here is a symptomatic patch to the problem. Apparently _path->deleteObject(true, true); in path-manipulator.cpp ends up deleting the PathManipulator object itself because the shared_ptr is destroyed. This prevents it from happening but note that:

1. The patch currently does not contain comments.

2. There is another, similar invokeForAll method that wasn't patched accordingly as well.

Revision history for this message
Shlomi Fish (shlomif-gmail) wrote :

The same patch with more comments per Mc's request.

Revision history for this message
Mc (mc...) wrote :

Pushed up to revision 15479.

Changed in inkscape:
assignee: nobody → Shlomi Fish (shlomif-gmail)
status: Triaged → Fix Committed
milestone: none → 0.93
Max Gaukler (mgmax)
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.