Inkscape

Crash resizing a object in style.cpp:1974

Bug #167350 reported by Trio151
2
Affects Status Importance Assigned to Milestone
Inkscape
Fix Released
Critical
Unassigned

Bug Description

I am editing this graphic im working on and i resize
the shape that i had just resized and it crashes.
when you open the svg and look at the bottom tail of
the talking bubble you see the part that i was
resizing. so i grab that objet and drag the bottom up
until its within the bubble and looks ok. i let go and
it crashes.

attached the .svg and will attach the screenshot of the
error popup.

im using a nightly build of ishmals from last friday or
saturday.

heres the bt

Program received signal SIGTRAP, Trace/breakpoint trap.
0x0099fceb in libxml2_dll_iname ()
   from C:\Program Files\Inkscape\libglib-2.0-0.dll
(gdb)
(gdb) bt
#0 0x0099fceb in libxml2_dll_iname ()
   from C:\Program Files\Inkscape\libglib-2.0-0.dll
#1 0x00000000 in ?? () from
#2 0x035d9d18 in ?? ()
#3 0x00000000 in ?? () from
#4 0x00010010 in ?? ()
#5 0x00000000 in ?? () from
#6 0x0022ccd8 in ?? ()
#7 0x7c926a44 in ntdll!iswdigit () from ntdll.dll
#8 0x02d20000 in ?? ()
#9 0x7c94a1f5 in ntdll!RtlInsertElementGenericTableAvl
() from ntdll.dll
#10 0x0022ce2c in ?? ()
#11 0x00000006 in ?? ()
#12 0x009a0442 in libxml2_dll_iname ()
   from C:\Program Files\Inkscape\libglib-2.0-0.dll
#13 0x00000002 in ?? ()
#14 0x00000000 in ?? () from
#15 0x00000000 in ?? () from
#16 0x00000000 in ?? () from
#17 0x04d32150 in ?? ()
#18 0x02fe0000 in ?? ()
#19 0x40000161 in ?? ()
#20 0x0022cd14 in ?? ()
---Type <return> to continue, or q <return> to quit---
#21 0x00000188 in ?? ()
#22 0x04d32148 in ?? ()
#23 0x04d322a8 in ?? ()
#24 0x0022cd28 in ?? ()
#25 0x00000018 in ?? ()
#26 0x02d20000 in ?? ()
#27 0x04d9efc0 in ?? ()
#28 0x0000137f in ?? ()
#29 0x0022cc74 in ?? ()
#30 0x7c911bff in ntdll!RtlInitializeHandleTable ()
from ntdll.dll
#31 0x02d20000 in ?? ()
#32 0x04d9efc0 in ?? ()
#33 0x04d9efc0 in ?? ()
#34 0x02d20000 in ?? ()
#35 0x04420000 in ?? ()
#36 0x04420000 in ?? ()
#37 0x05fe0000 in ?? ()
#38 0x0022ccbc in ?? ()
#39 0x7c911dac in ntdll!RtlInitializeHandleTable ()
from ntdll.dll
#40 0x0000137f in ?? ()
#41 0x00d9efc0 in ?? ()
#42 0x00000000 in ?? () from
#43 0x02d20000 in ?? ()
---Type <return> to continue, or q <return> to quit---
#44 0x04d9efc0 in ?? ()
#45 0x00000000 in ?? () from
#46 0x00000bb8 in ?? ()
#47 0x04da8000 in ?? ()
#48 0x7c949b34 in ntdll!RtlInsertElementGenericTableAvl
() from ntdll.dll
#49 0x04420000 in ?? ()
#50 0x00000000 in ?? () from
#51 0x00000000 in ?? () from
#52 0x00000000 in ?? () from
#53 0x00000008 in ?? ()
#54 0x00000000 in ?? () from
#55 0x00000177 in ?? ()
#56 0x0022cda4 in ?? ()
#57 0x7c92a67e in
ntdll!RtlEnableEarlyCriticalSectionEventCreation ()
   from ntdll.dll
#58 0x04d9f000 in ?? ()
#59 0x00009000 in ?? ()
#60 0x7c926abe in ntdll!iswdigit () from ntdll.dll
#61 0x04d9efc0 in ?? ()
#62 0x02d20000 in ?? ()
#63 0x04d9efc8 in ?? ()
#64 0x02fe0000 in ?? ()
#65 0x7c91b5f4 in wcsncat () from ntdll.dll
---Type <return> to continue, or q <return> to quit---
#66 0x7c91b686 in wcsncat () from ntdll.dll
#67 0x00000018 in ?? ()
#68 0x02d20000 in ?? ()
#69 0x00000001 in ?? ()
#70 0x00000001 in ?? ()
#71 0x7c94a1f5 in ntdll!RtlInsertElementGenericTableAvl
() from ntdll.dll
#72 0x0022cf24 in ?? ()
#73 0x7c91b5f4 in wcsncat () from ntdll.dll
#74 0x7c91b686 in wcsncat () from ntdll.dll
#75 0x0000000c in ?? ()
#76 0x02d20000 in ?? ()
#77 0x02d201c0 in ?? ()
#78 0x00000000 in ?? () from
#79 0x04d32238 in ?? ()
#80 0x00000048 in ?? ()
#81 0x7c91b5f4 in wcsncat () from ntdll.dll
#82 0x02d20000 in ?? ()
#83 0x7c94a1f5 in ntdll!RtlInsertElementGenericTableAvl
() from ntdll.dll
#84 0x0022cf54 in ?? ()
#85 0x7c91b5f4 in wcsncat () from ntdll.dll
#86 0x04d9efc0 in ?? ()
#87 0x00001018 in ?? ()
#88 0x02d20000 in ?? ()
---Type <return> to continue, or q <return> to quit---
#89 0x00000001 in ?? ()
#90 0x00000001 in ?? ()
#91 0x7c94a1f5 in ntdll!RtlInsertElementGenericTableAvl
() from ntdll.dll
#92 0x0022cf74 in ?? ()
#93 0x7c91b5f4 in wcsncat () from ntdll.dll
#94 0x7c91b686 in wcsncat () from ntdll.dll
#95 0x00000013 in ?? ()
#96 0x00000000 in ?? () from
#97 0x00000001 in ?? ()
#98 0x0591b686 in ?? ()
#99 0x00000018 in ?? ()
#100 0x02d20000 in ?? ()
#101 0x7c926abe in ntdll!iswdigit () from ntdll.dll
#102 0x0022cda8 in ?? ()
#103 0x7c96cde9 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#104 0x02d20000 in ?? ()
#105 0x00000000 in ?? () from
#106 0x04d9efc0 in ?? ()
#107 0x02d20000 in ?? ()
#108 0x04d9efc8 in ?? ()
#109 0x0022cda4 in ?? ()
#110 0x0022ce08 in ?? ()
#111 0x7c90ee18 in strchr () from ntdll.dll
---Type <return> to continue, or q <return> to quit---
#112 0x00000000 in ?? () from
#113 0x02d20000 in ?? ()
#114 0x00000000 in ?? () from
#115 0x0022ce18 in ?? ()
#116 0x7c96e0f0 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#117 0x02d20608 in ?? ()
#118 0x7c96e0d4 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#119 0x02d20000 in ?? ()
#120 0x04d9efc8 in ?? ()
#121 0x40000060 in ?? ()
#122 0x00000014 in ?? ()
#123 0x02d201b0 in ?? ()
#124 0x04d32270 in ?? ()
#125 0x04d32238 in ?? ()
#126 0x04d32270 in ?? ()
#127 0x0000004e in ?? ()
#128 0x04d322b8 in ?? ()
#129 0x04d322a0 in ?? ()
#130 0x02d20220 in ?? ()
#131 0x00001018 in ?? ()
#132 0x04d9efc0 in ?? ()
#133 0x02d20000 in ?? ()
#134 0x02d20260 in ?? ()
---Type <return> to continue, or q <return> to quit---
#135 0x00000080 in ?? ()
#136 0x01010002 in ?? ()
#137 0x0022cdb8 in ?? ()
#138 0x02d201c8 in ?? ()
#139 0x0022cef0 in ?? ()
#140 0x7c90ee18 in strchr () from ntdll.dll
#141 0x7c96e0f8 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#142 0xffffffff in ?? ()
#143 0x7c96e0d4 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#144 0x7c94a5d0 in
ntdll!RtlInsertElementGenericTableAvl () from ntdll.dll
#145 0x02d20000 in ?? ()
#146 0x50000061 in ?? ()
#147 0x7c926abe in ntdll!iswdigit () from ntdll.dll
#148 0x02d20000 in ?? ()
#149 0x04d9efc8 in ?? ()
#150 0x40000060 in ?? ()
#151 0x02fe0000 in ?? ()
#152 0x7c96d886 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#153 0x00000038 in ?? ()
#154 0x00000150 in ?? ()
#155 0x7c94a1f5 in
ntdll!RtlInsertElementGenericTableAvl () from ntdll.dll
#156 0x04d32270 in ?? ()
#157 0x7c91b5f4 in wcsncat () from ntdll.dll
---Type <return> to continue, or q <return> to quit---
#158 0x04d32270 in ?? ()
#159 0x04d32278 in ?? ()
#160 0x00000028 in ?? ()
#161 0x00000001 in ?? ()
#162 0x02d20000 in ?? ()
#163 0x7c94a1f5 in
ntdll!RtlInsertElementGenericTableAvl () from ntdll.dll
#164 0x0022d094 in ?? ()
#165 0x7c91b5f4 in wcsncat () from ntdll.dll
#166 0x0091b686 in hname ()
#167 0x00000000 in ?? () from
#168 0x00000000 in ?? () from
#169 0x7c96cde9 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#170 0x04030000 in ?? ()
#171 0x02d201b0 in ?? ()
#172 0x00000038 in ?? ()
#173 0x02d20000 in ?? ()
#174 0x0022cc90 in ?? ()
#175 0x00000020 in ?? ()
#176 0x0022cf20 in ?? ()
#177 0x7c90ee18 in strchr () from ntdll.dll
#178 0x7c91b690 in wcsncat () from ntdll.dll
#179 0xffffffff in ?? ()
#180 0x7c91b686 in wcsncat () from ntdll.dll
---Type <return> to continue, or q <return> to quit---
#181 0x0022cf30 in ?? ()
#182 0x0022cf30 in ?? ()
#183 0x7c96d6cc in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#184 0x7c96d886 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#185 0x02d20000 in ?? ()
#186 0x00000000 in ?? () from
#187 0x02d20000 in ?? ()
#188 0x02d20000 in ?? ()
#189 0x00000070 in ?? ()
#190 0x00000013 in ?? ()
#191 0x00000000 in ?? () from
#192 0x00000006 in ?? ()
#193 0x000000b0 in ?? ()
#194 0x7c926abe in ntdll!iswdigit () from ntdll.dll
#195 0x0022ce2c in ?? ()
#196 0x00000006 in ?? ()
#197 0x0022cfc0 in ?? ()
#198 0x7c90ee18 in strchr () from ntdll.dll
#199 0x7c926ac8 in ntdll!iswdigit () from ntdll.dll
#200 0xffffffff in ?? ()
#201 0x7c926abe in ntdll!iswdigit () from ntdll.dll
#202 0x7c9268ad in ntdll!iswdigit () from ntdll.dll
#203 0x02d20000 in ?? ()
---Type <return> to continue, or q <return> to quit---
#204 0x40000060 in ?? ()
#205 0x7c91056d in
ntdll!RtlFreeThreadActivationContextStack () from ntdll.dll
#206 0x00000000 in ?? () from
#207 0x04d9efc8 in ?? ()
#208 0x0442e100 in ?? ()
#209 0x0022d150 in ?? ()
#210 0x7c90ee18 in strchr () from ntdll.dll
#211 0x7c96d8a8 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#212 0xffffffff in ?? ()
#213 0x7c96d886 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#214 0x7c949d18 in
ntdll!RtlInsertElementGenericTableAvl () from ntdll.dll
#215 0x02d20000 in ?? ()
#216 0x50000161 in ?? ()
#217 0x7c91b686 in wcsncat () from ntdll.dll
#218 0x00000000 in ?? () from
#219 0x04a02170 in ?? ()
#220 0x02d20000 in ?? ()
#221 0x02d201f8 in ?? ()
#222 0x00000030 in ?? ()
#223 0x02d20000 in ?? ()
#224 0x0022cd58 in ?? ()
#225 0x02d20608 in ?? ()
#226 0x0022cfe8 in ?? ()
---Type <return> to continue, or q <return> to quit---
#227 0x7c90ee18 in strchr () from ntdll.dll
#228 0x7c91b690 in wcsncat () from ntdll.dll
#229 0xffffffff in ?? ()
#230 0x7c91b686 in wcsncat () from ntdll.dll
#231 0x0022cff8 in ?? ()
#232 0x7c96d8a2 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#233 0x02d20608 in ?? ()
#234 0x7c96d886 in ntdll!RtlpNtMakeTemporaryKey () from
ntdll.dll
#235 0x02d20000 in ?? ()
#236 0x00000000 in ?? () from
#237 0x02d20000 in ?? ()
#238 0x0000002c in ?? ()
#239 0x02d20000 in ?? ()
#240 0x04d32318 in ?? ()
#241 0x00000009 in ?? ()
#242 0x02d20000 in ?? ()
#243 0x02d20000 in ?? ()
#244 0x7c94c48f in
ntdll!RtlInsertElementGenericTableAvl () from ntdll.dll
#245 0x000123a4 in ?? ()
#246 0x00000010 in ?? ()
#247 0x0022cf14 in ?? ()
#248 0x02d20000 in ?? ()
#249 0x0022d008 in ?? ()
---Type <return> to continue, or q <return> to quit---
#250 0x7c90ee18 in strchr () from ntdll.dll
#251 0x7c910570 in
ntdll!RtlFreeThreadActivationContextStack () from ntdll.dll
#252 0xffffffff in ?? ()
#253 0x7c91056d in
ntdll!RtlFreeThreadActivationContextStack () from ntdll.dll
#254 0x77c2c2de in msvcrt!free () from
C:\WINDOWS\system32\msvcrt.dll
#255 0x02d20000 in ?? ()
#256 0x00000000 in ?? () from
#257 0x77c2c2e3 in msvcrt!free () from
C:\WINDOWS\system32\msvcrt.dll
#258 0x00000000 in ?? () from
#259 0x00000003 in ?? ()
#260 0x0442e100 in ?? ()
#261 0x00000002 in ?? ()
#262 0x02fe0000 in ?? ()
#263 0x0000001e in ?? ()
#264 0x02d20000 in ?? ()
#265 0x0022cfe4 in ?? ()
#266 0x02fe0000 in ?? ()
#267 0x0022ffe0 in ?? ()
#268 0x00000000 in ?? () from
#269 0x00000001 in ?? ()
#270 0x00000001 in ?? ()
#271 0x00000001 in ?? ()
#272 0x02dcde58 in ?? ()
---Type <return> to continue, or q <return> to quit---
#273 0x00000001 in ?? ()
#274 0x0442e2f0 in ?? ()
#275 0x0022d088 in ?? ()
#276 0x004a5e66 in sp_gradient_modified (object=0x0,
flags=4)
    at sp-gradient.cpp:600
#277 0x0099fd78 in libxml2_dll_iname ()
   from C:\Program Files\Inkscape\libglib-2.0-0.dll
#278 0x00000000 in ?? () from
#279 0x00000004 in ?? ()
#280 0x009cfc50 in libxml2_dll_iname ()
#281 0x0022d07c in ?? ()
#282 0x00000000 in ?? () from
#283 0x0442e2f0 in ?? ()
#284 0x0022d098 in ?? ()
#285 0x0099fe27 in libxml2_dll_iname ()
   from C:\Program Files\Inkscape\libglib-2.0-0.dll
#286 0x00000000 in ?? () from
#287 0x00000004 in ?? ()
#288 0x009cfc50 in libxml2_dll_iname ()
#289 0x0086e029 in
ZZ46sp_style_merge_rel_enum_prop_from_dying_parentR7SPIEnumRK
S_jjE19__PRETTY_FUNCTION__ ()
#290 0x000007b6 in ?? ()
#291 0x0086e070 in
ZZ46sp_style_merge_rel_enum_prop_from_dying_parentR7SPIEnumRK
---Type <return> to continue, or q <return> to quit---
S_jjE19__PRETTY_FUNCTION__ ()
#292 0x00000000 in ?? () from
#293 0x0022d4c0 in ?? ()
#294 0x04ac2318 in ?? ()
#295 0x0022d4c0 in ?? ()
#296 0x0022d0b8 in ?? ()
#297 0x00461e2b in sp_style_paint_server_modified
(server=0x0, flags=4,
    style=0x9cfc50) at style.cpp:1974
Previous frame inner to this frame (corrupt stack?)
(gdb)

Revision history for this message
Trio151 (trio151) wrote :
Revision history for this message
Trio151 (trio151) wrote : the error popup

Other attachments

Revision history for this message
Trio151 (trio151) wrote : object that crashes. i move it or resize and it crashes.

Other attachments

Revision history for this message
Trio151 (trio151) wrote :

ok so if you compare badsvg and badsvg-fixedstroke thats the
difference. i changed the stroke on badsvg to solid and back
to gradient and the fixedstroke one does not crash on move
or resize.

so you figure out the difference between the two files and
you can fix the bug i hope.

Revision history for this message
Rwst (rwst) wrote :
Download full text (6.5 KiB)

confirmed with recent svn on OpenSuSE, so
platform-independent. thanks for the report. first, the
crash is because the never_reached_assert in style.cpp:1974
is reached. the reason for this is not clear from the
backtrace alone. I'll append my backtrace anyway.

Program received signal SIGABRT, Aborted.
[Switching to Thread 1092720896 (LWP 13467)]
0xffffe410 in __kernel_vsyscall ()
#0 0xffffe410 in __kernel_vsyscall ()
#1 0x41101541 in raise () from /lib/tls/libc.so.6
#2 0x41102dbb in abort () from /lib/tls/libc.so.6
#3 0x40f8c120 in g_logv () from /opt/gnome/lib/libglib-2.0.so.0
#4 0x40f8c165 in g_log () from /opt/gnome/lib/libglib-2.0.so.0
#5 0x40f8c1e1 in g_assert_warning () from
/opt/gnome/lib/libglib-2.0.so.0
#6 0x081a1fc8 in sp_style_paint_server_modified
(server=0x349b, flags=1,
    style=0x6) at style.cpp:1974
#7 0x40f3395b in g_cclosure_marshal_VOID ()
   from /opt/gnome/lib/libgobject-2.0.so.0
#8 0x40f26d19 in g_closure_invoke () from
/opt/gnome/lib/libgobject-2.0.so.0
#9 0x40f36816 in g_signal_stop_emission ()
   from /opt/gnome/lib/libgobject-2.0.so.0
#10 0x40f37e80 in g_signal_emit_valist ()
   from /opt/gnome/lib/libgobject-2.0.so.0
#11 0x40f381f5 in g_signal_emit () from
/opt/gnome/lib/libgobject-2.0.so.0
#12 0x0818411e in SPObject::emitModified (this=0x9c7cfd0,
flags=0)
    at sp-object.cpp:1301
#13 0x081685c3 in sp_defs_modified (object=0x85b8f9c, flags=2)
    at sp-defs.cpp:124
#14 0x40f3395b in g_cclosure_marshal_VOID ()
   from /opt/gnome/lib/libgobject-2.0.so.0
#15 0x40f26637 in g_cclosure_new_swap ()
   from /opt/gnome/lib/libgobject-2.0.so.0
#16 0x40f26d19 in g_closure_invoke () from
/opt/gnome/lib/libgobject-2.0.so.0
#17 0x40f36447 in g_signal_stop_emission ()
   from /opt/gnome/lib/libgobject-2.0.so.0
#18 0x40f37e80 in g_signal_emit_valist ()
   from /opt/gnome/lib/libgobject-2.0.so.0
#19 0x40f381f5 in g_signal_emit () from
/opt/gnome/lib/libgobject-2.0.so.0
#20 0x0818411e in SPObject::emitModified (this=0x85b8f9c,
flags=0)
    at sp-object.cpp:1301
#21 0x081775e3 in sp_group_modified (object=0x85c63dc, flags=2)
    at sp-item-group.cpp:291
#22 0x08190dd4 in sp_root_modified (object=0x85c63dc, flags=2)
    at sp-root.cpp:564
#23 0x40f3395b in g_cclosure_marshal_VOID ()
   from /opt/gnome/lib/libgobject-2.0.so.0
#24 0x40f26637 in g_cclosure_new_swap ()
   from /opt/gnome/lib/libgobject-2.0.so.0
#25 0x40f26d19 in g_closure_invoke () from
/opt/gnome/lib/libgobject-2.0.so.0
#26 0x40f36447 in g_signal_stop_emission ()
   from /opt/gnome/lib/libgobject-2.0.so.0
#27 0x40f37e80 in g_signal_emit_valist ()
   from /opt/gnome/lib/libgobject-2.0.so.0
#28 0x40f381f5 in g_signal_emit () from
/opt/gnome/lib/libgobject-2.0.so.0
#29 0x0818411e in SPObject::emitModified (this=0x85c63dc,
flags=0)
    at sp-object.cpp:1301
#30 0x08151dd7 in SPDocument::_emitModified (this=0x862de10)
    at document.cpp:587
#31 0x08152002 in sp_document_ensure_up_to_date (doc=0x862de10)
    at document.cpp:706
#32 0x081d4c80 in sp_document_maybe_done (doc=0x862de10,
key=0x0)
    at document-undo.cpp:132
#33 0x081d4dd1 in sp_document_done (doc=0x862de10) at
document-undo.cpp:113
#34 0x08204108 in Inkscape::SelTrans::ungrab (this=0x8778998)
    a...

Read more...

Revision history for this message
Mental-users (mental-users) wrote :

I can't seem to replicate this one with SVN trunk.

For what it's worth, reaching that assertion implies either:

1) there are leftover signal handlers still conencted to one
gradient after another gradient has already been set as the
object's new gradient

2) memory corruption of the SPStyle structure

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.