Internal error on closing or saving

Bug #1670688 reported by wixkkomi on 2017-03-07
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Inkscape
High
wixkkomi
0.92.x
High
Unassigned

Bug Description

Version: 0.92.1-1 (actually it happens with versions start from 0.92.0-3)
Platform: 64-bit Arch, kernel version is 4.9.11
Locale: en_US

Steps to reproduce:
Start Inkscape, leave the untitled window as it is and opens another file (any file is OK). Draw something in the opened window and try to save or close it w/o saving. Inkscape will crash afterwards. However, if multiple files are opened, the error will not be triggered unless the last opened file gets saved/closed.

Downgrading to 0.91 r13725 eliminates the error.

Related branches

wixkkomi (wixkkomi) wrote :

Thread 1 "inkscape" received signal SIGSEGV, Segmentation fault.
0x00000000006c8645 in Inkscape::CompositeUndoStackObserver::notifyClearUndoEvent() ()

Please check the attachment for details.

wixkkomi (wixkkomi) on 2017-03-08
Changed in inkscape:
assignee: nobody → Minglangjun Li (mljli)
Jabiertxof (jabiertxof) wrote :

Trying to review but couldent reproduce the error. (Dont undertand the steps too well)
Im using Debian Stretch.
Cheers, Jabier.

jazzynico (jazzynico) on 2017-03-08
tags: added: crash regression
Changed in inkscape:
importance: Undecided → High
wixkkomi (wixkkomi) wrote :

Reproduced on 64-bit WIN 7. The error does not happen every time though.

1. start Inkscape
2. open $INKSCAPE_DIR/doc/architecture.svg
3. draw a rectangle somewhere
4. press CTRL-W and click "close without saving"
Repeat step 2-4 several times and Inkscape occasionally crashes.

jazzynico (jazzynico) wrote :

Also reproduced on Windows 7 (64-bit) with lp:inkscape 32 and 64-bit versions rev. 15583 (experimentally built with MSYS2).

The 64-bit version doesn't give any GDB trace, but the 32-bit version crashes in Inkscape::ObjectSet::clear().

Changed in inkscape:
status: New → In Progress
jazzynico (jazzynico) wrote :

Patch from the attached branch tested successfully on Windows 7 (64-bit) with lp:inkscape 32 and 64-bit versions rev. 15590 (experimentally built with MSYS2).

No obvious regression found for now, but I'm not expert in that part of the code. So I would be nice if someone else could review it.

@Minglangjun Li - Thanks for working on it!

wixkkomi (wixkkomi) wrote :

@jazzynico Thanks for testing the patch on Windows. I haven't set up the development environment on Windows, so I just tested it on Linux. Neither am I 100% sure about the cause of the bug. I just followed the call stack and found an undefined behavior. The bug is strange and doesn't always happen.

Eman Modnar (eman-mod) wrote :

I've tested the patch with r15592 on Linux. No crash anymore.

This report (https://bugs.launchpad.net/inkscape/+bug/1667622) could be related to the bug.

wixkkomi (wixkkomi) wrote :

There's also a remaining reported bug (https://bugs.launchpad.net/inkscape/+bug/1071082) related to it. It has been there for 4 years. I will look into the code later and see if I can shed any light on this issue then.

  • sigsegv.diff Edit (737 bytes, text/plain; charset=US-ASCII; name="sigsegv.diff")

Through debugging, I can confirm that this bug is caused by accessing a
deleted pointer which is an undefined behaviour. The reason that it does
not happen every time is we immediately allocate a new EventLog after
deleting an older one. And for most of the time, the new EventLog is
allocated from the same address where the deleted one resided. Thus
accessing that address in the destructor of the replaced document doesn't
trigger SIGSEGV. I've tested it by deleting the older pointer after
allocating the new one and Inkscape crashes every time now. I've attached
the modified code for your review.

The line "doc->removeUndoObserver(*event_log);" has no effect now because
bug lp:1071082 has been fixed in rev.13127. I'll update the branch later.

On Tue, Mar 14, 2017 at 4:38 AM, Eman Modnar <email address hidden>
wrote:

> I've tested the patch with r15592 on Linux. No crash anymore.
>
> This report (https://bugs.launchpad.net/inkscape/+bug/1667622) could be
> related to the bug.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1670688
>
> Title:
> Internal error on closing or saving
>
> Status in Inkscape:
> In Progress
>
> Bug description:
> Version: 0.92.1-1 (actually it happens with versions start from 0.92.0-3)
> Platform: 64-bit Arch, kernel version is 4.9.11
> Locale: en_US
>
> Steps to reproduce:
> Start Inkscape, leave the untitled window as it is and opens another
> file (any file is OK). Draw something in the opened window and try to save
> or close it w/o saving. Inkscape will crash afterwards. However, if
> multiple files are opened, the error will not be triggered unless the last
> opened file gets saved/closed.
>
> Downgrading to 0.91 r13725 eliminates the error.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/inkscape/+bug/1670688/+subscriptions
>

jazzynico (jazzynico) on 2017-03-19
Changed in inkscape:
milestone: none → 0.93
Mc (mc...) wrote :

Approved and Merged in r15608.
Thanks for the fix!

jazzynico (jazzynico) on 2017-03-27
Changed in inkscape:
status: In Progress → Fix Committed
tags: added: backport-proposed
Patrick Storz (ede123) wrote :
tags: removed: backport-proposed
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers