Inkscape

Inkscape crashes when hitting Ctrl + Z after unifying two specific objects

Bug #1803398 reported by nusushika
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
Fix Released
High
Unassigned

Bug Description

Inkscape version: Inkscape 0.92.3 (d244b95, 2018-08-02)
Operating System: Ubuntu 18.10 (64-bit)
Inkcape installed from Ubuntu Software Center, the source is Snap Store.

The crash only happens on certain objects with certain object creating order which are an ellipse and a star:

 1. Create an ellipse.
 2. Create a star.
 3. Unify them by clicking Path -> Union.
 4. Hit Ctrl + Z.
 5. Inkscape crashes.

 (The ellipse must be created first, otherwise the crash won't occur.)

It will also crash if you:

 1. Create an ellipse.
 2. Create a rectangle.
 3. Unify the two objects.
 4. Hit Ctrl + Z.
 5. Create a star.
 6. Unify the star and the ellipse.
 7. Hit Ctrl + Z.

It will crash if you:

 1. Create an ellipse.
 2. Create a rectangle.
 3. Unify the two objects.
 4. Hit Ctrl + Z.
 5. Delete the rectangle.
 6. Create a star.
 7. Unify the star and the ellipse.

It won't crash if you:

 1. Create an ellipse.
 2. Create a star.
 3. Save the document.
 4. Close the document.
 5. Reopen the saved document.
 6. Unify the two objects.
 7. Hit Ctrl + Z.

It won't crash if you convert the objects into paths.

It won't crash if a star and a rectangle are involved.

Revision history for this message
nusushika (nusushika-s) wrote :
Revision history for this message
Alvin Penner (apenner) wrote :

not reproduced on Windows 10, Inkscape 0.92.3 (2405546, 2018-03-11)

possibly related to the fact that this was a snap installation?

Revision history for this message
nusushika (nusushika-s) wrote :

No, it also affect on normal installation. That's why I tried the Snap version, but the problem still exists.

Revision history for this message
Alvin Penner (apenner) wrote :

first example reproduced on Windows 10, Inkscape 0.92.3 (0612fd7, 2018-10-23)
(does not always happen, had to try a few times)

backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x6fefbfd1 in ?? () from c:\app\temp\inkscape_0.92.x\libstdc++-6.dll
(gdb) bt
#0 0x6fefbfd1 in ?? () from c:\app\temp\inkscape_0.92.x\libstdc++-6.dll
#1 0x01653b60 in libinkscape_base!_Z23sp_button_new_from_dataN8Inkscape8IconSizeE12SPButtonTypePNS_2UI4View4ViewEPKcS7_ ()
   from c:\app\temp\inkscape_0.92.x\libinkscape_base.dll
#2 0x016e14a9 in libinkscape_base!_Z27sp_paintbucket_toolbox_prepP9SPDesktopP15_GtkActionGroupP8_GObject ()
   from c:\app\temp\inkscape_0.92.x\libinkscape_base.dll
#3 0x016e19df in libinkscape_base!_ZN8Inkscape3XML21CompositeNodeObserver22notifyAttributeChangedERNS0_4NodeEjNS_4Util10ptr_sharedIcEES6_ () from c:\app\temp\inkscape_0.92.x\libinkscape_base.dll
#4 0x08b711e0 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) c
Continuing.
[New Thread 8928.0x31a0]

Program received signal SIGSEGV, Segmentation fault.
0x6fefbfd1 in ?? () from c:\app\temp\inkscape_0.92.x\libstdc++-6.dll
(gdb) c
Continuing.
[Inferior 1 (process 8928) exited with code 030000000005]

Changed in inkscape:
status: New → Confirmed
Revision history for this message
Alvin Penner (apenner) wrote :

also reproduced on Windows 10, Inkscape 0.92.3 (2405546, 2018-03-11)

backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x6fefbfe1 in ?? () from c:\program files (x86)\inkscape\libstdc++-6.dll
(gdb) bt
#0 0x6fefbfe1 in ?? () from c:\program files (x86)\inkscape\libstdc++-6.dll
#1 0x015f7730 in libinkscape_base!_Z23sp_button_new_from_dataN8Inkscape8IconSizeE12SPButtonTypePNS_2UI4View4ViewEPKcS7_ ()
   from c:\program files (x86)\inkscape\libinkscape_base.dll
#2 0x01688409 in libinkscape_base!_Z27sp_paintbucket_toolbox_prepP9SPDesktopP15_GtkActionGroupP8_GObject ()
   from c:\program files (x86)\inkscape\libinkscape_base.dll
#3 0x0168893f in libinkscape_base!_ZN8Inkscape3XML21CompositeNodeObserver22notifyAttributeChangedERNS0_4NodeEjNS_4Util10ptr_sharedIcEES6_ () from c:\program files (x86)\inkscape\libinkscape_base.dll
#4 0x089a21e0 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) c
Continuing.
[New Thread 14424.0x2c4c]

Program received signal SIGSEGV, Segmentation fault.
0x6fefbfe1 in ?? () from c:\program files (x86)\inkscape\libstdc++-6.dll
(gdb) c
Continuing.
[Inferior 1 (process 14424) exited with code 030000000005]

Revision history for this message
nusushika (nusushika-s) wrote :

Tried Inkscape Portable under wine and got the same error. Backtrace file attached.

Revision history for this message
TylerDurden (8thrule) wrote :

Not reproduced with Inkscape 0.92.2 (5c3e80d, 2017-08-06), Win 8.1-64

Revision history for this message
Qantas94Heavy (qantas94heavy) wrote :

Possibly related: bug 1809676

Changed in inkscape:
importance: Undecided → High
status: Confirmed → Triaged
status: Triaged → Confirmed
Revision history for this message
Sod Oscarfono (sod) wrote :

Can confirm this bug still exists and is reproducible, using the aforementioned steps, on Solus OS:

Linux zeta 5.2.13-126.current x86_64 GNU/Linux

LSB Version: 1.4
Distributor ID: Solus
Description: Solus
Release: 4.0
Codename: fortitude

It seems to occur when trying to use the undo feature more than once on any union of vectors, regardless of whether document is saved or not.

Revision history for this message
mray (mrayyyy) wrote :

Does not seem to be Windows specific.
Closing because I can't reproduce this on Inkscape 1.0 (4035a4fb49, 2020-05-01) on Manjaro Linux.
If anybody can reproduce this with 1.0 open a new issue in gitlab.

Closed by: https://gitlab.com/mray

Changed in inkscape:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.