assert in std::vector<Inkscape::Text::Layout::Character, std::allocator<Inkscape::Text::Layout::Character> >::operator[](unsigned long) const () from /usr/bin/../lib/inkscape/libinkscape_base.so

Description of problem:
I double-clicked on a row of text and pressed Delete.

Version-Release number of selected component:
inkscape-0.92.2-6.fc28

Additional info:
reporter: libreport-2.9.4
backtrace_rating: 4
cmdline: inkscape /home/da/Pictures/download unique identifiers.svg
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=11ea4f5d97d143ffb85d769ed717ed00;i=2e109;b=6241f78103ff4b46a0f5080968c00404;m=16ac6d1f16;t=5696cc5e3e78d;x=64550c1b8eb55383
kernel: 4.16.0-300.fc28.x86_64
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

Created attachment 1419402
File: backtrace

Created attachment 1419403
File: cgroup

Created attachment 1419404
File: core_backtrace

Created attachment 1419405
File: cpuinfo

Created attachment 1419406
File: dso_list

Created attachment 1419407
File: environ

Created attachment 1419408
File: limits

Created attachment 1419409
File: maps

Created attachment 1419410
File: mountinfo

Created attachment 1419411
File: open_fds

Created attachment 1419412
File: proc_pid_status

Similar problem has been detected:

Started dragging a text selection around.

reporter: libreport-2.9.4
backtrace_rating: 4
cmdline: inkscape /home/da/Pictures/download unique identifiers-astroids.svg
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=11ea4f5d97d143ffb85d769ed717ed00;i=2e2da;b=6241f78103ff4b46a0f5080968c00404;m=16b96be6e0;t=5696cd2e2af57;x=8c7b7da040bf571
kernel: 4.16.0-300.fc28.x86_64
package: inkscape-0.92.2-6.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

I've got a very similar problem:

$ rpm -q inkscape
inkscape-0.92.3-1.fc28.x86_64

/usr/include/c++/8/bits/stl_vector.h:950: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) const [with _Tp = Inkscape::Text::Layout::Character; _Alloc = std::allocator<Inkscape::Text::Layout::Character>; std::vector<_Tp, _Alloc>::const_reference = const Inkscape::Text::Layout::Character&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.

Thread 1 "inkscape" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 return ret;
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007fffedcbe591 in __GI_abort () at abort.c:79
#2 0x00007ffff6eb4748 in std::__replacement_assert(char const*, int, char const*, char const*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#3 0x00007ffff75f63d3 in std::vector<Inkscape::Text::Layout::Character, std::allocator<Inkscape::Text::Layout::Character> >::operator[](unsigned long) const ()
   from /usr/bin/../lib/inkscape/libinkscape_base.so
#4 0x00007ffff75f090d in Inkscape::Text::Layout::sourceToIterator(void*) const () from /usr/bin/../lib/inkscape/libinkscape_base.so
#5 0x00007ffff75b1ea0 in SPText::rebuildLayout() () from /usr/bin/../lib/inkscape/libinkscape_base.so
#6 0x00007ffff75b2b65 in SPText::update(SPCtx*, unsigned int) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#7 0x00007ffff758fd48 in SPObject::updateDisplay(SPCtx*, unsigned int) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#8 0x00007ffff756b165 in SPGroup::update(SPCtx*, unsigned int) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#9 0x00007ffff758fd48 in SPObject::updateDisplay(SPCtx*, unsigned int) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#10 0x00007ffff756b165 in SPGroup::update(SPCtx*, unsigned int) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#11 0x00007ffff75a011c in SPRoot::update(SPCtx*, unsigned int) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#12 0x00007ffff758fd48 in SPObject::updateDisplay(SPCtx*, unsigned int) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#13 0x00007ffff7479e62 in SPDocument::_updateDocument() () from /usr/bin/../lib/inkscape/libinkscape_base.so
#14 0x00007ffff7479e9d in sp_document_idle_handler(void*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#15 0x00007ffff476d0eb in g_idle_dispatch () from /lib64/libglib-2.0.so.0
#16 0x00007ffff47707cd in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#17 0x00007ffff4770b98 in g_main_context_iterate.isra () from /lib64/libglib-2.0.so.0
#18 0x00007ffff4770ec2 in g_main_loop_run () from /lib64/libglib-2.0.so.0
#19 0x00007ffff0457703 in gtk_dialog_run () from /lib64/libgtk-x11-2.0.so.0
#20 0x00007ffff71e1560 in Inkscape::UI::Dialog::FileOpenDialogImplGtk::show() () from /usr/bin/../lib/inkscape/libinkscape_base.so
#21 0x00007ffff748d15b in sp_file_open_dialog(Gtk::Window&, void*, void*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
---Type <return> to continue, or q <return> to qui...

Created attachment 1430418
problem that reproduces this crash

*** Bug 1578869 has been marked as a duplicate of this bug. ***

Similar problem has been detected:

1. I added a png-image.
2. Then I added a text (with outline color).
3. duplicate the text and changed the text string
crash

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: inkscape
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=9c13e53b9a3b47fc9376cd07e773289f;i=16f9ad;b=c59ce21895414ac6a8b0b41fcc39794b;m=758990ad;t=56cc13daaed86;x=e86835e7e5e61888
kernel: 4.16.9-300.fc28.x86_64
package: inkscape-0.92.3-1.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

Similar problem has been detected:

Inkscape crashed when editing a file (imported pdf generated online from a website). A backup svg file was saved automatically after the crash. Opening the saved backup file causes crash each time, like the one I report here.

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: inkscape /home/rafal/Downloads/przebiegOC_25_05_2018.pdf.2018_05_25_17_30_46.0.svg
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=c99d1b39981a432291a786acbbdc0e55;i=39157;b=bb0586646de94fb6be6563af5412ea9e;m=338c402;t=56d308e2a9278;x=419cdad4deb0be21
kernel: 4.16.8-300.fc28.x86_64
package: inkscape-0.92.3-1.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

Similar problem has been detected:

Found the bug is surprisingly easy to reproduce in my version of inkscape:
1. Open inkscape (new file)
2. Create a text field
3. Type in some text and hit the Enter key
4. Crash

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: inkscape /home/rafal/Downloads/przebiegOC_25_05_2018.pdf
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=c99d1b39981a432291a786acbbdc0e55;i=39509;b=bb0586646de94fb6be6563af5412ea9e;m=54a697c7;t=56d30df98663d;x=ea393972f27e609d
kernel: 4.16.8-300.fc28.x86_64
package: inkscape-0.92.3-1.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

This has shown up on Fedora 28 (here) and on Alpine Linux. I found this bug from someone on Alpine Linux. https://bugs.launchpad.net/inkscape/+bug/1767518 Upstream hasn't (at time of writing) acknowledged it yet. I linked this bug to that ticket.

AfC

*** Bug 1589365 has been marked as a duplicate of this bug. ***

My report was rejected as duplicate of this after uploading everything...

It is specific to fedora's built of inkscape and cannot be reproduced with the same inkscape version on most other distributions. Nor does it show in a self-built one. The same bug reported directly to inkscape has there (at least) two issue ids:

https://bugs.launchpad.net/inkscape/+bug/1774888
https://bugs.launchpad.net/inkscape/+bug/1769662

These tickets also contain files to test the bug with and detailed instructions on how to reproduce.

Cheers.

*** Bug 1589452 has been marked as a duplicate of this bug. ***

*** Bug 1590078 has been marked as a duplicate of this bug. ***

*** Bug 1590231 has been marked as a duplicate of this bug. ***

*** Bug 1590590 has been marked as a duplicate of this bug. ***

Similar problem has been detected:

I pressed Enter while editing a piece of text.

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: inkscape
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=a8881ea714074758984c6044429742b5;i=2abe37;b=1c2eb2b34a17492598c1f23ae78743b3;m=824e60ad1;t=56eaca584c7c0;x=ff3340ebb8f897e9
kernel: 4.16.14-300.fc28.x86_64
package: inkscape-0.92.3-1.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

Similar problem has been detected:

I pressed Enter whileediting a piece of text.

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: inkscape
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=a8881ea714074758984c6044429742b5;i=2b13e8;b=1c2eb2b34a17492598c1f23ae78743b3;m=89787717c;t=56ead18262e6b;x=c93363b68c09d405
kernel: 4.16.14-300.fc28.x86_64
package: inkscape-0.92.3-1.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

Similar problem has been detected:

1. Open a new Inkscape document
2. Create a new Text
3. Start writing and press the Enter key, going to a new line

Inkscape crashes and, obviously, that's not the desired behaviour!

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: inkscape
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=6a7d75e9050e4d21b968109bfa0ed259;i=117816;b=d471da4fb6b747c1aba7e6a69d074660;m=3ad09365f6;t=56eb522abb110;x=9ce69f9f3289b8a5
kernel: 4.16.14-300.fc28.x86_64
package: inkscape-0.92.3-1.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

*** Bug 1592105 has been marked as a duplicate of this bug. ***

*** Bug 1592776 has been marked as a duplicate of this bug. ***

Description of problem:
The program execution is aborted every time you try to break the line of a text that the area was not defined by drag and drop of the cursor. Sometimes (often) this also happens with text boxes with defined area.

Steps to Reproduce:

- Open an empty document in Inkscape
- Select the text tool and click on the editing area
- Type any text, like "inkscape"
- Break the line by pressing enter.
- program closes immediately.

Version-Release number of selected component:
inkscape-0.92.3-1.fc28

Additional info:
reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: inkscape
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=789fb53797304b8082dd6fbe9c1e5cd4;i=5f59c;b=854a718609ba4f27afd9885e293b2d11;m=7fbdf3de;t=56e793dcd3bbb;x=ba593ebad498aa5
kernel: 4.16.14-300.fc28.x86_64
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

Similar problem has been detected:

I tried to open an SVG file created with Fedora 26 x86_64's version of Inkscape.
$ inkscape name.svg
/usr/include/c++/8/bits/stl_vector.h:950: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) const [with _Tp = Inkscape::Text::Layout::Character; _Alloc = std::allocator<Inkscape::Text::Layout::Character>; std::vector<_Tp, _Alloc>::const_reference = const Inkscape::Text::Layout::Character&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.

Emergency save activated!
Emergency save completed. Inkscape will close now.
If you can reproduce this crash, please file a bug at www.inkscape.org
with a detailed description of the steps leading to the crash, so we can fix it.
WARNING: Requested update while update in progress, counter = 5
... previous line repeated some 30 times ...
Aborted (core dumped)

Downgrading Inkscape in Fedora 28 x86_64 does not help.
Using a snap package helps.

Manually searching RHBZ during backtrace creation I found bug 1590279. It results in the same error message.

reporter: libreport-2.9.4
backtrace_rating: 4
cmdline: inkscape NewKineticModel_Phe3_Paper2.svg
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=98a34e76d77c49be8d0de8e32232c483;i=685;b=bc32455ec75a4ca5b0c7500c992e8b1f;m=21368039;t=56f16105e7ef6;x=e7f272cf6e05fdbf
kernel: 4.16.3-301.fc28.x86_64
package: inkscape-0.92.3-1.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

*** Bug 1590279 has been marked as a duplicate of this bug. ***

Similar problem has been detected:

Tried to open a bigger (~2 MB) SVG file & Inskcape crashed.

Reproducer:

$ git clone https://github.com/M4rtinK/modrana-graphics
Cloning into 'modrana-graphics'...
remote: Counting objects: 312, done.
remote: Total 312 (delta 0), reused 0 (delta 0), pack-reused 312
Receiving objects: 100% (312/312), 1.70 MiB | 1.89 MiB/s, done.
Resolving deltas: 100% (85/85), done.
$ cd modrana-graphics/
$ inkscape icons.svg
WARNING: unknown type: svg:foreignObject
WARNING: unknown type: svg:foreignObject
WARNING: unknown type: svg:foreignObject
/usr/include/c++/8/bits/stl_vector.h:950: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) const [with _Tp = Inkscape::Text::Layout::Character; _Alloc = std::allocator<Inkscape::Text::Layout::Character>; std::vector<_Tp, _Alloc>::const_reference = const Inkscape::Text::Layout::Character&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.

Emergency save activated!
Emergency save completed. Inkscape will close now.
If you can reproduce this crash, please file a bug at www.inkscape.org
with a detailed description of the steps leading to the crash, so we can fix it.
/usr/include/c++/8/bits/stl_vector.h:950: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) const [with _Tp = Inkscape::Text::Layout::Character; _Alloc = std::allocator<Inkscape::Text::Layout::Character>; std::vector<_Tp, _Alloc>::const_reference = const Inkscape::Text::Layout::Character&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.
Aborted (core dumped)

Additional information:

Krita can open the file just fine without crashing.

reporter: libreport-2.9.5
backtrace_rating: 3
cmdline: inkscape icons.svg
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=24a4982d27604ec2b64aad53527975d2;i=11333f;b=6d2dfc0ab313451dbf71ee3279337d19;m=a2b562f60a;t=56f2e5c83ef8c;x=faf9487880c1bf01
kernel: 4.15.17-300.fc27.x86_64
package: inkscape-0.92.3-1.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

*** Bug 1595764 has been marked as a duplicate of this bug. ***

A workaround is to install the Inkscape flatpak from Flathub, though that is currently an earlier version 0.92.2. If necessary you can manipulate text in the flatpak Inkscape, then copy and paste it into the Fedora version.

*** Bug 1597066 has been marked as a duplicate of this bug. ***

A recent patch on Fedora 28 fixes this problem for me:
$ inkscape --version
Inkscape 0.92.3 (2405546, 2018-03-11)

(In reply to Rafal from comment #38)
> A recent patch on Fedora 28 fixes this problem for me:
> $ inkscape --version
> Inkscape 0.92.3 (2405546, 2018-03-11)

$ rpm -q inkscape
inkscape-0.92.3-2.fc28.x86_64

This version fixed my problem too:
$ rpm -q inkscape
inkscape-0.92.3-2.fc28.x86_64

Similar problem has been detected:

Writing Test in Inkscape

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: inkscape
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=0f11c5d751fa432bb70fe08f924c0361;i=2a4d;b=b1be82b2f89c4c609528a641747d872a;m=4a15e774;t=57078dcb3371b;x=a28eb204aac08077
kernel: 4.17.3-200.fc28.x86_64
package: inkscape-0.92.3-2.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

Similar problem has been detected:

Double clicked on text object and deleted a word

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: inkscape
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=0f11c5d751fa432bb70fe08f924c0361;i=54b5;b=b1be82b2f89c4c609528a641747d872a;m=1175b5b4f;t=57079a9f8aaf6;x=ec610c78a3c49f3a
kernel: 4.17.3-200.fc28.x86_64
package: inkscape-0.92.3-2.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

With July's inkscape-0.92.3-2.fc28.x86_64 I no longer get an immediate crash working within a text object (yay!). But I just experienced a crash with
  stl_vector.h:950: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _... : Assertion '__builtin_expect(__n < this->size(), true)' failed.
in the console and
  std::__replacement_assert(char const*, int, char const*, char const*) in the backtrace
possibly the same as comment #13 and comment #32, even though comment #40 reports this version fixed it.

I haven't been able to reproduce that crash, so the newer version seems better but not out of the woods.

This might be a wild shot, but if it's a Fedora specific issue, maybe it's related to [1], though inkscape itself is not listed in those identified packages. I can be complete wrong, it only reminded me of this [1] message. I'm sorry if this would mislead anyone.

[1] https://<email address hidden>/message/KECGQVOYOURLKFP4ZEM63JZDK32GADI4/

*** Bug 1607075 has been marked as a duplicate of this bug. ***

*** Bug 1610607 has been marked as a duplicate of this bug. ***

*** Bug 1631986 has been marked as a duplicate of this bug. ***

Similar problem has been detected:

Clicking on a text box to modify a letter.

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: inkscape
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=68a33e6f5a0549789b837fa9fb32861b;i=1ac09;b=700a9f5d39c04e7cbb1daf8d1995803f;m=288a6d18b;t=576b37dfa587e;x=bf84aa477a9bf4a7
kernel: 4.18.9-200.fc28.x86_64
package: inkscape-0.92.3-2.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

*** Bug 1632878 has been marked as a duplicate of this bug. ***

*** Bug 1634444 has been marked as a duplicate of this bug. ***

Similar problem has been detected:

Editing text in a complex SVG obtained from printing a PDF into SVG in Gnome

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: inkscape /home/ebousse/git/teaching/mde/slides-impress/example-scoping.svg
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=8fc6d50d055a4f7ebeab76b1380df5fb;i=530e;b=a71cc9aea5eb4bdd9090d8337e007401;m=1ed72cb95;t=577dc6d08a94b;x=79d85d8ebb67be17
kernel: 4.18.12-200.fc28.x86_64
package: inkscape-0.92.3-2.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

*** Bug 1641306 has been marked as a duplicate of this bug. ***

*** Bug 1644145 has been marked as a duplicate of this bug. ***

*** Bug 1645728 has been marked as a duplicate of this bug. ***

Same for me on fedora 29 :
/usr/include/c++/8/bits/stl_vector.h:950: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) const [with _Tp = Inkscape::Text::Layout::Character; _Alloc = std::allocator<Inkscape::Text::Layout::Character>; std::vector<_Tp, _Alloc>::const_reference = const Inkscape::Text::Layout::Character&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.

Emergency save activated!
Emergency save completed. Inkscape will close now.
If you can reproduce this crash, please file a bug at www.inkscape.org
with a detailed description of the steps leading to the crash, so we can fix it.
/usr/include/c++/8/bits/stl_vector.h:950: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) const [with _Tp = Inkscape::Text::Layout::Character; _Alloc = std::allocator<Inkscape::Text::Layout::Character>; std::vector<_Tp, _Alloc>::const_reference = const Inkscape::Text::Layout::Character&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.
[1] 17312 abort (core dumped) inkscape

Similar problem has been detected:

I was editing a file with a text element. I selected the element and clicked on it to try to edit the text. Inkscape encountered an internal error.

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: /usr/bin/inkscape
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=9505d5ca33fa4b4eb415a392b2e55fdc;i=3fdf0;b=9c20cc1e2a9244fcb1001f93a086b5d9;m=4e9fce76ca;t=579e8a774baee;x=b408e3211538c740
kernel: 4.18.16-200.fc28.x86_64
package: inkscape-0.92.3-2.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

This looks related to bug #1575842, but the previous comment contains inkscape-0.92.3-2.fc28, where the fix for the older bug is included, thus maybe this is not exactly the same issue or the issue is not completely fixed.

(in reply to my comment #40) my workflow did not trigger the bug anymore, but it seems to be still around.
Yesterday I encountered this bug on Fedora 28 (and today on 29) x86_64.
$ rpm -q inkscape
inkscape-0.92.3-5.fc29.x86_64
and
inkscape-0.92.3-2.fc28.x86_64

I found an easy and reliable way to trigger the bug with the packages from the Fedora repositories, I did not try the snap/flatpack package:
1. start inkscape
2. press F8 (to select text tool)
3. left click somewhere on the canvas
4. press enter
5. press up arrow, hold down shift, press down arrow
6. inkscape crashes

Here's an easier way to crash inkscape-0.92.3-2.fc28.x86_64:

1. Start inkscape.
2. Use the text tool and place a text box, then enter 3 characters.
3. With the text tool, click near the end of the text string.
4. Inkscape crashes

Interestingly, it does not crash if you click at the beginning of the text string in step 3.

Similar problem has been detected:

I double clicked on a text field. There was another text field covering the same area, but I think I clicked on the part outside of the shared space.

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: /usr/bin/inkscape
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=16b07eceedf843a7bc851054426219f9;i=1ab6;b=2d82545d4a6d46ec886108bb72c4b0bc;m=7c1b9dc15;t=57adcc77fc7e2;x=d5fde19a0c852aa8
kernel: 4.18.18-200.fc28.x86_64
package: inkscape-0.92.3-2.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

*** Bug 1653271 has been marked as a duplicate of this bug. ***

Similar problem has been detected:

Al seleccionar un texto de cualquier longitud y arrastrar el cursor hasta el último caracter se produce este error, perdiéndose los datos desde la última salvaguarda.

reporter: libreport-2.9.5
backtrace_rating: 4
cmdline: /usr/bin/inkscape
crash_function: std::__replacement_assert
executable: /usr/bin/inkscape
journald_cursor: s=7667baf7aa0849a2b6fa62ffa7a80051;i=9c02;b=2a8e5f45f5404bffb2bd74b1a9636c42;m=e678b648;t=583e84c86fa9b;x=bd268de4dd1481
kernel: 4.20.7-100.fc28.x86_64
package: inkscape-0.92.3-2.fc28
reason: inkscape killed by SIGABRT
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000

This message is a reminder that Fedora 28 is nearing its end of life.
On 2019-May-28 Fedora will stop maintaining and issuing updates for
Fedora 28. It is Fedora's policy to close all bug reports from releases
that are no longer maintained. At that time this bug will be closed as
EOL if it remains open with a Fedora 'version' of '28'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 28 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

Fedora 28 changed to end-of-life (EOL) status on 2019-05-28. Fedora 28 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

I see that the issue in Comment 0, my issue in Comment 59, and the issue in Comment 58 have been resolved in Fedora 29, Inkscape 0.92.4. I didn't test every sequence from every comment, but it does seem more stable now when fiddling with text.