segfault in sp_shape_update_marker_view()

Bug #511577 reported by Fabio Rossi on 2010-01-23
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Inkscape
High
Johan Engelen

Bug Description

I get a segfault every time I try to open the attached SVG document. I'm using the latest 0.47 version. There are no problems with version 0.46 so it's a regression.

The backtrace I catch with gdb is the following:

$ gdb inkscape
GNU gdb (Gentoo 7.0 p1) 7.0
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>...
Really redefine built-in command "frame"? (y or n) [answered Y; input not from terminal]
Really redefine built-in command "thread"? (y or n) [answered Y; input not from terminal]
Really redefine built-in command "start"? (y or n) [answered Y; input not from terminal]
Reading symbols from /usr/bin/inkscape...Reading symbols from /usr/lib64/debug/usr/bin/inkscape.debug...(no debugging symbols found)...done.
(no debugging symbols found)...done.
gdb> run test.svg
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
_______________________________________________________________________________
Error while running hook_stop:
Value can't be converted to integer.
0x00000000004e58c0 in sp_shape_update_marker_view(SPShape*, NRArenaItem*) ()
gdb> bt
#0 0x00000000004e58c0 in sp_shape_update_marker_view(SPShape*, NRArenaItem*) ()
#1 0x00000000004e5fd0 in sp_shape_show(SPItem*, NRArena*, unsigned int, unsigned int) ()
#2 0x00000000004bc959 in sp_item_invoke_show(SPItem*, NRArena*, unsigned int, unsigned int) ()
#3 0x00000000004bee73 in CGroup::_showChildren(NRArena*, NRArenaItem*, unsigned int, unsigned int) ()
#4 0x00000000004bf08e in CGroup::show(NRArena*, unsigned int, unsigned int) ()
#5 0x00000000004bc959 in sp_item_invoke_show(SPItem*, NRArena*, unsigned int, unsigned int) ()
#6 0x00000000004bee73 in CGroup::_showChildren(NRArena*, NRArenaItem*, unsigned int, unsigned int) ()
#7 0x00000000004bf08e in CGroup::show(NRArena*, unsigned int, unsigned int) ()
#8 0x00000000004e13d4 in sp_root_show(SPItem*, NRArena*, unsigned int, unsigned int) ()
#9 0x00000000004bc959 in sp_item_invoke_show(SPItem*, NRArena*, unsigned int, unsigned int) ()
#10 0x00000000008830e3 in SPDesktop::init(SPNamedView*, SPCanvas*, Inkscape::UI::View::EditWidgetInterface*) ()
#11 0x00000000006c7d68 in sp_desktop_widget_new(SPNamedView*) ()
#12 0x00000000004610fa in sp_file_open(Glib::ustring const&, Inkscape::Extension::Extension*, bool, bool) ()
#13 0x0000000000452bdf in sp_main_gui(int, char const**) ()
#14 0x000000000045227e in main ()
gdb> quit

Fabio Rossi (rossi-f) wrote :
jazzynico (jazzynico) wrote :

Confirmed on Windows XP and Ubuntu 9.10, Inkscape 0.47 and devel.
Works well with 0.46.

Changed in inkscape:
importance: Undecided → High
status: New → Confirmed
tags: added: crash regression
su_v (suv-lp) wrote :

reproduced on OS X 10.5.8 as well (crash in Inkscape 0.47, 0.47+devel, works ok in 0.46)

Attached the crash report of Inkscape 0.47 (official build from sf.net) which has a different backtrace (the one I get from 0.47+devel is the same as posted by the bug reporter).

su_v (suv-lp) wrote :

console message from Inkscape:

Inkscape 0.47 r22583:
Assertion failed: (px != 0), function operator*, file /opt/local-macports-with-a-really-very-quite-long-directory-name/include/boost/smart_ptr/shared_ptr.hpp, line 412.

Inkscape 0.47+devel r9013:
Assertion failed: (px != 0), function operator*, file /Volumes/blue/mp/include/boost/smart_ptr/shared_ptr.hpp, line 403.

Alvin Penner (apenner) wrote :

crash confirmed on Windows XP, bzr rev 9404

Johan Engelen (johanengelen) wrote :

Fixed in r9843

Changed in inkscape:
assignee: nobody → Johan Engelen (johanengelen)
status: Confirmed → Fix Committed
su_v (suv-lp) wrote :

inkscape trunk: r9843
inkscape 0.48.x: r9695

Changed in inkscape:
milestone: none → 0.48.1
jazzynico (jazzynico) on 2011-03-05
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers