Bug #1636533 “paste into cloned group reproducably crashes inksc...” : Bugs : Inkscape

Revision history for this message

Jakub Steiner (jimmac-redhat) wrote on 2016-10-25:

#1

paper-sheets.svg Edit (2.1 MiB, image/svg+xml)

Revision history for this message

Jakub Steiner (jimmac-redhat) wrote on 2016-10-25:

#2

paper-sheet.svg Edit (2.0 MiB, image/svg+xml)

second example SVG required

Revision history for this message

Jakub Steiner (jimmac-redhat) wrote on 2016-10-25:

#3

Download full text (6.0 KiB)

Probably unlikely to be useful, but here's a backtrace:

Thread 1 "inkscape" received signal SIGSEGV, Segmentation fault.
0x0000555555c3b822 in SPObject::childList(bool, SPObject::Action) ()
(gdb) bt
#0 0x0000555555c3b822 in SPObject::childList(bool, SPObject::Action) ()
#1 0x0000555555c8b0a3 in Inkscape::URIReference::_acceptObject(SPObject*) const ()
#2 0x0000555555c8a1b3 in Inkscape::URIReference::_setObject(SPObject*) ()
#3 0x0000555555c8ab07 in Inkscape::URIReference::attach(Inkscape::URI const&) ()
#4 0x0000555555c76b4d in SPIFilter::read(char const*) ()
#5 0x0000555555c65f83 in SPStyle::_mergeDecl(_CRDeclaration const*) ()
#6 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#7 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#8 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#9 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#10 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#11 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#12 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#13 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#14 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#15 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#16 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#17 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#18 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#19 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#20 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
---Type <return> to continue, or q <return> to quit---
#21 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#22 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#23 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#24 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#25 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#26 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#27 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#28 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#29 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#30 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#31 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#32 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#33 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#34 0x0000555555c65fe9 in SPStyle::_mergeString(char const*) ()
#35 0x0000555555c6d8ab in SPStyle::read(SPObject*, Inkscape::XML::Node*) ()
#36 0x0000555555c3b30b in SPObject::set(unsigned int, char const*) ()
#37 0x0000555555c0c087 in SPItem::set(unsigned int, char const*) ()
#38 0x0000555555c21875 in SPLPEItem::set(unsigned int, char const*) ()
#39 0x0000555555c40638 i...

Probably unlikely to be useful, but here's a backtrace:

Thread 1 "inkscape" received signal SIGSEGV, Segmentation fault.
0x0000555555c3b822 in SPObject::childList(bool, SPObject::Action) ()
(gdb) bt
#0  0x0000555555c3b822 in SPObject::childList(bool, SPObject::Action) ()
#1  0x0000555555c8b0a3 in Inkscape::URIReference::_acceptObject(SPObject*) const ()
#2  0x0000555555c8a1b3 in Inkscape::URIReference::_setObject(SPObject*) ()
#3  0x0000555555c8ab07 in Inkscape::URIReference::attach(Inkscape::URI const&) ()
#4  0x0000555555c76b4d in SPIFilter::read(char const*) ()
#5  0x0000555555c65f83 in SPStyle::_mergeDecl(_CRDeclaration const*) ()
#6  0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#7  0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#8  0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#9  0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#10 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#11 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#12 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#13 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#14 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#15 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#16 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#17 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#18 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#19 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#20 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
---Type <return> to continue, or q <return> to quit---
#21 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#22 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#23 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#24 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#25 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#26 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#27 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#28 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#29 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#30 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#31 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#32 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#33 0x0000555555c65faa in SPStyle::_mergeDeclList(_CRDeclaration const*) ()
#34 0x0000555555c65fe9 in SPStyle::_mergeString(char const*) ()
#35 0x0000555555c6d8ab in SPStyle::read(SPObject*, Inkscape::XML::Node*) ()
#36 0x0000555555c3b30b in SPObject::set(unsigned int, char const*) ()
#37 0x0000555555c0c087 in SPItem::set(unsigned int, char const*) ()
#38 0x0000555555c21875 in SPLPEItem::set(unsigned int, char const*) ()
#39 0x0000555555c40638 in SPPath::set(unsigned int, char const*) ()
#40 0x0000555555c0bd39 in SPItem::build(SPDocument*, Inkscape::XML::Node*) ()
#41 0x0000555555c4f3f0 in SPShape::build(SPDocument*, Inkscape::XML::Node*) ()
#42 0x0000555555c40176 in SPPath::build(SPDocument*, Inkscape::XML::Node*) ()
#43 0x0000555555c38204 in SPObject::invoke_build(SPDocument*, Inkscape::XML::Nod---Type <return> to continue, or q <return> to quit---
e*, unsigned int) ()
#44 0x0000555555c3ac7c in SPObject::build(SPDocument*, Inkscape::XML::Node*) ()
#45 0x0000555555c38204 in SPObject::invoke_build(SPDocument*, Inkscape::XML::Node*, unsigned int) ()
#46 0x0000555555c3ab61 in SPObject::child_added(Inkscape::XML::Node*, Inkscape::XML::Node*) ()
#47 0x0000555555c21bb1 in SPLPEItem::child_added(Inkscape::XML::Node*, Inkscape::XML::Node*) ()
#48 0x0000555555c10be3 in SPGroup::child_added(Inkscape::XML::Node*, Inkscape::XML::Node*) ()
#49 0x0000555555f52182 in Inkscape::XML::CompositeNodeObserver::notifyChildAdded(Inkscape::XML::Node&, Inkscape::XML::Node&, Inkscape::XML::Node*) ()
#50 0x0000555555f60a8c in Inkscape::XML::SimpleNode::addChild(Inkscape::XML::Node*, Inkscape::XML::Node*) ()
#51 0x0000555555b53471 in sp_import_document(SPDesktop*, SPDocument*, bool) ()
#52 0x0000555555f675aa in Inkscape::UI::ClipboardManagerImpl::paste(SPDesktop*, bool) ()
#53 0x0000555555ba851f in sp_selection_paste(SPDesktop*, bool) ()
#54 0x0000555555db218a in sp_action_perform(SPAction*, void*) ()
#55 0x0000555555bd161d in sp_shortcut_invoke(unsigned int, Inkscape::UI::View::View*) ()
#56 0x00007ffff57e310d in (anonymous namespace)::Widget_signal_key_release_event_callback(_GtkWidget*, _GdkEventKey*, void*) () at /lib64/libgtkmm-2.4.so.1
---Type <return> to continue, or q <return> to quit---
#57 0x00007ffff48dfb9e in _gtk_marshal_BOOLEAN__BOXED ()
    at /lib64/libgtk-x11-2.0.so.0
#58 0x00007ffff05293e5 in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#59 0x00007ffff053b503 in signal_emit_unlocked_R ()
    at /lib64/libgobject-2.0.so.0
#60 0x00007ffff0543b8f in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#61 0x00007ffff054443f in g_signal_emit () at /lib64/libgobject-2.0.so.0
#62 0x00007ffff4a1018c in gtk_widget_event_internal ()
    at /lib64/libgtk-x11-2.0.so.0
#63 0x00007ffff48ddf2f in gtk_propagate_event () at /lib64/libgtk-x11-2.0.so.0
#64 0x00007ffff48de21b in gtk_main_do_event () at /lib64/libgtk-x11-2.0.so.0
#65 0x00007ffff453b49c in gdk_event_dispatch () at /lib64/libgdk-x11-2.0.so.0
#66 0x00007ffff0250e42 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#67 0x00007ffff02511c0 in g_main_context_iterate.isra ()
    at /lib64/libglib-2.0.so.0
#68 0x00007ffff02514e2 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#69 0x00007ffff48dd267 in gtk_main () at /lib64/libgtk-x11-2.0.so.0
#70 0x0000555555afedfb in sp_main_gui(int, char const**) ()
#71 0x00007fffef072401 in __libc_start_main () at /lib64/libc.so.6
#72 0x0000555555afae2a in _start ()

Revision history for this message

su_v (suv-lp) wrote on 2016-10-25:

#4

Based on tests with archived builds (on OS X 10.7.5):
- not reproduced with Inkscape 0.91 r13725,
- not reproduced with lp:inkscape rev <= 14244,
- reproduced with lp:inkscape rev >= 14245,
- reproduced with Inkscape 0.92pre2;
the reported crash on paste possibly was exposed with the changes in r14245:

Revision 14245: Fix for circular references detection in almost all cases, fixing bug #167247 and a few of its duplicates.
https://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/14245

tags:	added: clipboard crash regression
Changed in inkscape:
status:	New → Confirmed

Mc (mc...) on 2016-10-25

Changed in inkscape:
assignee:	nobody → Mc (mc...)
importance:	Undecided → High

Revision history for this message

su_v (suv-lp) wrote on 2016-10-25:

#5

Steps to reproduce crash from scratch:

1) launch inkscape (default prefs, default new doc)
2) draw a shape
3) apply a filter effect
4) group it (Ctrl+G), copy (Ctrl+C)
5) open new document (Ctrl+N)
6) draw a shape
7) group it (Ctrl+G), clone the group (Alt+D)
8) move clone aside
9) add a new layer (Ctrl+Shift+N)
10) move original group to new layer
11) enter group (Ctrl+Enter), paste (Ctrl+V)

Mc (mc...) on 2016-10-25

Changed in inkscape:
status:	Confirmed → In Progress

Revision history for this message

Mc (mc...) wrote on 2016-10-27:

#6

pushed in trunk r15193 and 0.92 r15138.

Changed in inkscape:
status:	In Progress → Fix Committed

Revision history for this message

Qantas94Heavy (qantas94heavy) wrote on 2019-03-06:

#7

Fix released in Inkscape 0.92.1.

Changed in inkscape:
status:	Fix Committed → Fix Released

Inkscape

paste into cloned group reproducably crashes inkscape

Bug Description

Related branches

Other bug subscribers

Bug attachments

Remote bug watches