Inkscape

Crash on create/drag object with certain snap settings

Bug #167426 reported by Hans Nieser
4
Affects Status Importance Assigned to Milestone
Inkscape
Fix Released
Undecided
Unassigned

Bug Description

When I have a document with certain snap settings,
creating or dragging a shape will make Inkscape crash
(Segmentation Fault). These are the steps to reproduce:

a) Create new document (or open existing one)

b) Set snap settings as follows:

Everything off, except:
  Object snapping:
    Snap nodes to object
    Snap to object paths
  Grid snapping:
    Snap nodes to grid
    Always snap
  Guide snapping:
    Snap points to guides

(Illustrated in this screenshot:
http://www.aphax.nl/images/inkscape/snapcrash.png)

c) Create new, or drag shape

d) Observe crash (internal error/segmentation fault),
if not, then tick off all snapping settings and go back
to step b) (I had to do this once).

Backtrace of SVN April 13, 11:00 CEST:

$ gdb /home/hans/dev/inkscape/bin/inkscape
GNU gdb 6.4
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public
License, and you are
welcome to change it and/or distribute copies of it
under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show
warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using
host libthread_db library "/lib/libthread_db.so.1".

(gdb) run
Starting program: /home/hans/dev/inkscape/bin/inkscape
[Thread debugging using libthread_db enabled]
[New Thread -1227856208 (LWP 407)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1227856208 (LWP 407)]
0x08392ea6 in Path::PointToCurvilignPosition (this=0x0,
pos=@0x0) at livarot/PathCutting.cpp:914
914 {
(gdb) bt
#0 0x08392ea6 in Path::PointToCurvilignPosition
(this=0x0, pos=@0x0) at livarot/PathCutting.cpp:914
#1 0x0821d473 in get_nearest_position_on_Path
(path=0x0, p=Cannot access memory at address 0x0) at
splivarot.cpp:1573
#2 0x08211a6f in Inkscape::ObjectSnapper::_snapPaths
(this=0x85f10c8, s=@0xbf9c1da0, p=@0xbf9c2000,
cand=@0xbf9c1d00) at nr-point.h:47
#3 0x082122ec in Inkscape::ObjectSnapper::_doFreeSnap
(this=0x85f10c8, p=@0xbf9c2000, it=@0x0) at
object-snapper.cpp:155
#4 0x0816a807 in Inkscape::Snapper::freeSnap
(this=0x85f10c8, t=0, p=@0xbf9c2000, it=@0x0) at
snapper.cpp:120
#5 0x08210dfb in SnapManager::freeSnap (this=0x0, t=3,
p=@0xbf9c2000, it=@0xbf9c1e50) at stl_list.h:212
#6 0x082110f7 in SnapManager::freeSnap (this=0x0, t=0,
p=@0x0) at snap.cpp:51
#7 0x082040f4 in sp_rect_context_root_handler
(event_context=0xbf9c1ff0, event=0x89be344) at
nr-point.h:52
#8 0x081e2fe1 in sp_event_context_root_handler
(event_context=0x9647e98, event=0x89be344) at
event-context.cpp:826
#9 0x08331ec4 in sp_marshal_BOOLEAN__POINTER
(closure=0x87d0190, return_value=0xbf9c2260,
n_param_values=0, param_values=0xbf9c22d0,
invocation_hint=0xbf9c21b8, marshal_data=0x0) at
helper/sp-marshal.cpp:350
#10 0xb6fa4146 in g_closure_invoke () from
/usr/lib/libgobject-2.0.so.0
#11 0xb6fb54c5 in g_signal_emit_by_name () from
/usr/lib/libgobject-2.0.so.0
#12 0xb6fb4375 in g_signal_emit_valist () from
/usr/lib/libgobject-2.0.so.0
#13 0xb7954103 in gtk_signal_emit () from
/usr/lib/libgtk-x11-2.0.so.0
#14 0x0832ca00 in emit_event (canvas=0x0,
event=0x85c9fe0) at display/sp-canvas.cpp:1241
#15 0x0832cfa3 in sp_canvas_button (widget=0x0,
event=0x89be2f8) at display/sp-canvas.cpp:1434
#16 0xb79062a0 in gtk_marshal_VOID__UINT_STRING () from
/usr/lib/libgtk-x11-2.0.so.0
#17 0xb6fa4409 in g_cclosure_new_swap () from
/usr/lib/libgobject-2.0.so.0
#18 0xb6fa4146 in g_closure_invoke () from
/usr/lib/libgobject-2.0.so.0
#19 0xb6fb4f3b in g_signal_emit_by_name () from
/usr/lib/libgobject-2.0.so.0
#20 0xb6fb4375 in g_signal_emit_valist () from
/usr/lib/libgobject-2.0.so.0
#21 0xb6fb4806 in g_signal_emit () from
/usr/lib/libgobject-2.0.so.0
#22 0xb79fe836 in gtk_widget_activate () from
/usr/lib/libgtk-x11-2.0.so.0
#23 0xb7904797 in gtk_propagate_event () from
/usr/lib/libgtk-x11-2.0.so.0
#24 0xb7904abf in gtk_main_do_event () from
/usr/lib/libgtk-x11-2.0.so.0
#25 0xb779ef32 in gdk_event_get_graphics_expose () from
/usr/lib/libgdk-x11-2.0.so.0
#26 0xb6f3c31f in g_main_depth () from
/usr/lib/libglib-2.0.so.0
#27 0xb6f3d312 in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#28 0xb6f3d64b in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#29 0xb6f3dbc1 in g_main_loop_run () from
/usr/lib/libglib-2.0.so.0
#30 0xb7903d43 in gtk_main () from
/usr/lib/libgtk-x11-2.0.so.0
#31 0xb7e6a547 in Gtk::Main::run_impl () from
/usr/lib/libgtkmm-2.4.so.1
#32 0xb7e6a3f2 in Gtk::Main::run () from
/usr/lib/libgtkmm-2.4.so.1
#33 0x0814ddba in sp_main_gui (argc=1, argv=0xbf9c2cf4)
at main.cpp:642
#34 0x0822ad1c in
Inkscape::NSApplication::Application::run
(this=0xbf9c2c20) at application/application.cpp:117
#35 0x0814d8ad in main (argc=1, argv=0xbf9c2cf4) at
main.cpp:477
(gdb) quit
The program is running. Exit anyway? (y or n) y

Revision history for this message
Hans Nieser (hnsr) wrote : Backtrace

Other attachments

Revision history for this message
Knutux-users (knutux-users) wrote :

Commited a quick fix to Inkscape::ObjectSnapper::_snapPaths,
did not test all the options to be sure fix is complete

Revision history for this message
Hans Nieser (hnsr) wrote :

Thanks for the quick fix! I can't get it to crash again
after fiddling with various snap settings for a few minutes
(though I haven't tried every possible combination).

Revision history for this message
Buliabyak-users (buliabyak-users) wrote :

thanks for the fix knutux!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.