[Node tool] Dragging cap at end of path causes crash

Bug #591986 reported by Chris Morgan on 2010-06-10
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Inkscape
High
Krzysztof Kosinski
inkscape (Ubuntu)
Undecided
Unassigned

Bug Description

Dragging between two nodes does curve adjustment, but dragging between the end node and nothing (i.e. dragging the cap) causes a crash.

Steps to reproduce:
1. Create an unclosed path
2. Set the cap to rounded or square
3. Set the stroke size up or zoom in (for the next step)
4. Click on the path, past the end node, on the cap, and drag
5. Observe the crash

Ubuntu 10.04, Inkscape 0.47+devel-r9474 (own build).

From GDB:

Program received signal SIGSEGV, Segmentation fault.
0x00000000009e418a in Inkscape::UI::CurveDragPoint::grabbed (this=0x71b8700)
    at ui/tool/curve-drag-point.cpp:68
68 second->back()->move(second->back()->position() - delta);

Backtrace:

#0 0x00000000009e418a in Inkscape::UI::CurveDragPoint::grabbed (
    this=0x71b8700) at ui/tool/curve-drag-point.cpp:68
#1 0x00000000009e39a9 in Inkscape::UI::ControlPoint::_eventHandler (
    this=0x71b8700, event=0x50c1ca0) at ui/tool/control-point.cpp:351
#2 0x00000000009e218d in Inkscape::UI::ControlPoint::_event_handler (
    event=0x28b8cd0, point=0x71b8430) at ui/tool/control-point.cpp:298
#3 0x0000000000622b70 in sp_marshal_BOOLEAN__POINTER (closure=0x71b83f0,
    return_value=0x7fffffffd7a0, n_param_values=<value optimised out>,
    param_values=0x71be270, invocation_hint=<value optimised out>,
    marshal_data=0x9e2180) at helper/sp-marshal.cpp:122
#4 0x00007ffff4c535de in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#5 0x00007ffff4c67598 in ?? () from /usr/lib/libgobject-2.0.so.0
#6 0x00007ffff4c688b9 in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
#7 0x00007ffff6621ac5 in gtk_signal_emit () from /usr/lib/libgtk-x11-2.0.so.0
#8 0x0000000000592d39 in emit_event (canvas=<value optimised out>,
    event=<value optimised out>) at display/sp-canvas.cpp:1362
#9 0x0000000000594b41 in sp_canvas_motion (widget=0x1f355c0, event=0x50b3b40)
    at display/sp-canvas.cpp:1620
#10 0x00007ffff64a90e8 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#11 0x00007ffff4c535de in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#12 0x00007ffff4c671dd in ?? () from /usr/lib/libgobject-2.0.so.0
#13 0x00007ffff4c688b9 in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
#14 0x00007ffff4c69033 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#15 0x00007ffff65c002f in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#16 0x00007ffff64a15b3 in gtk_propagate_event ()
   from /usr/lib/libgtk-x11-2.0.so.0
#17 0x00007ffff64a268b in gtk_main_do_event ()
   from /usr/lib/libgtk-x11-2.0.so.0
#18 0x00007ffff611686c in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#19 0x00007ffff39818c2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#20 0x00007ffff3985748 in ?? () from /lib/libglib-2.0.so.0
#21 0x00007ffff3985c55 in g_main_loop_run () from /lib/libglib-2.0.so.0
#22 0x00007ffff64a2b27 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#23 0x000000000045594b in sp_main_gui (argc=1, argv=0x7fffffffe368)
    at main.cpp:983
#24 0x0000000000454da1 in main (argc=1, argv=<value optimised out>)
    at main.cpp:719

description: updated
su_v (suv-lp) wrote :

reproduced with Inkscape 0.47+devel r9495 on OS X 10.5.8

tags: added: crash node-editing
Changed in inkscape:
importance: Undecided → High
status: New → Confirmed
su_v (suv-lp) wrote :

When trying to reproduce with Inkscape 0.47, Inkscape does not crash, but has many repeated console messages:

 Warning! Possible error?

and

 CRITICAL **: void sp_nodepath_curve_drag(Inkscape::NodePath::Path*, int, double, Geom::Point): assertion `e != NULL' failed

su_v (suv-lp) on 2010-06-10
summary: - Dragging cap at end of path causes crash
+ [Node tool] Dragging cap at end of path causes crash
Alvin Penner (apenner) wrote :

attaching a backtrace from Windows XP, Inkscape 0.48pre1 r9509 (Jun 21 2010)

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) bt
#0 0x00000000 in ?? ()
#1 0x00b6c5b9 in Inkscape::UI::CurveDragPoint::dragged ()
#2 0x00a1440b in Inkscape::UI::ControlPoint::_eventHandler ()
#3 0x00a12ab8 in Inkscape::UI::ControlPoint::_event_handler ()
#4 0x008f2d68 in sp_marshal_BOOLEAN__POINTER ()
#5 0x63a44124 in g_closure_invoke ()
   from D:\Program Files\Inkscape\libgobject-2.0-0.dll
#6 0x63a57879 in signal_emit_unlocked_R ()
   from D:\Program Files\Inkscape\libgobject-2.0-0.dll
#7 0x63a5892b in g_signal_emit_valist ()
   from D:\Program Files\Inkscape\libgobject-2.0-0.dll
#8 0x619f1a7d in gtk_signal_emit ()
   from D:\Program Files\Inkscape\libgtk-win32-2.0-0.dll
#9 0x0056cb73 in emit_event ()
#10 0x0056e5ba in sp_canvas_motion ()
#11 0x61868e63 in _gtk_marshal_BOOLEAN__BOXED ()
   from D:\Program Files\Inkscape\libgtk-win32-2.0-0.dll
#12 0x63a44124 in g_closure_invoke ()
   from D:\Program Files\Inkscape\libgobject-2.0-0.dll
#13 0x63a5758c in signal_emit_unlocked_R ()
   from D:\Program Files\Inkscape\libgobject-2.0-0.dll
#14 0x63a5892b in g_signal_emit_valist ()
   from D:\Program Files\Inkscape\libgobject-2.0-0.dll
#15 0x63a58fc6 in g_signal_emit ()
   from D:\Program Files\Inkscape\libgobject-2.0-0.dll
#16 0x61985ec1 in gtk_widget_event_internal ()
   from D:\Program Files\Inkscape\libgtk-win32-2.0-0.dll
#17 0x61860e82 in gtk_propagate_event ()
   from D:\Program Files\Inkscape\libgtk-win32-2.0-0.dll
#18 0x61861fec in gtk_main_do_event ()
   from D:\Program Files\Inkscape\libgtk-win32-2.0-0.dll
#19 0x6c37014a in gdk_event_dispatch ()
   from D:\Program Files\Inkscape\libgdk-win32-2.0-0.dll
#20 0x685eb50b in g_main_context_dispatch ()
   from D:\Program Files\Inkscape\libglib-2.0-0.dll
#21 0x685ee5f5 in g_main_context_iterate ()
   from D:\Program Files\Inkscape\libglib-2.0-0.dll
#22 0x685ee9e4 in g_main_loop_run ()
   from D:\Program Files\Inkscape\libglib-2.0-0.dll
#23 0x618625dc in gtk_main ()
   from D:\Program Files\Inkscape\libgtk-win32-2.0-0.dll
#24 0x013a3c3f in Gtk::Main::run ()
   from D:\Program Files\Inkscape\libgtkmm-2.4-1.dll
#25 0x004063b0 in sp_main_gui ()
#26 0x0042b30a in Inkscape::NSApplication::Application::run ()
#27 0x00403109 in main ()
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) c
Continuing.

Program exited with code 030000000005.
(gdb) c
The program is not being run.
(gdb)

Yann Papouin (yann-papouin) wrote :

Easier way to reproduce:

1.Open attachment with latest inkscape build
2.Select the black line
3.Activate the node tool
4.Drag the mouse in the red circle part (you don't have to select anything)
5.Sigsegv

Changed in inkscape:
assignee: nobody → Krzysztof Kosinski (tweenk)
Krzysztof Kosinski (tweenk) wrote :

This should fix the crash.

Krzysztof Kosinski (tweenk) wrote :

Improved patch that also fixes artifacts (without crash) when dragging near the start node.

Krzysztof Kosinski (tweenk) wrote :

Committed in trunk r9711 & r9712

Changed in inkscape:
status: Confirmed → Fix Committed
Changed in inkscape:
milestone: none → 0.48.1
Changed in inkscape (Ubuntu):
status: New → Confirmed
tags: added: patch
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package inkscape - 0.48.0-1ubuntu1

---------------
inkscape (0.48.0-1ubuntu1) maverick; urgency=low

  * Merge with Debian unstable (LP: #628048, LP: #401567, LP: #456248,
    LP: #463602, LP: #591986)
  * debian/control:
    - Ubuntu maintainers
    - Promote python-lxml, python-numpy, python-uniconvertor to Recommends.
    - Demote pstoedit to Suggests (universe package).
    - Suggests ttf-dejavu instead of ttf-bitstream-vera (LP: #513319)
  * debian/rules:
    - Run intltool-update on build (Ubuntu-specific).
    - Add translation domain to .desktop files (Ubuntu-specific).
  * debian/dirs:
    - Add usr/share/pixmaps. Allow inkscape.xpm installation
  * drop 50-poppler-API.dpatch (now upstream)
  * drop 51-paste-in-unwritable-directory.dpatch (now upstream)

inkscape (0.48.0-1) experimental; urgency=low

  * [cae07a3] New Upstream version 0.48.0
  * [309c498] add patch to fix crash in node tool
  * The highlights of this release are:
      - multipath editing
      - improved text tool: subscript, superscript, numerical input for text kerning, tracking and more
      - new Airbrush tool
      - LaTeX export with PDF/PS/EPS
      - JessyInk extension to create presentations
      - numerous bugfixes
  * [56702cf] don't build-depend on libssl-dev (closes: #573338)
  * [013b235] wrap lines in debian/control. patch by Benjamin Drung,
    many thanks to him (closes: #576357)
  * [747d3d1] add README.source adopted from nagios to make lintian a
    bit happier
  * [4df0df7] Remove all patches since they are applied upstream
 -- Alex Valavanis <email address hidden> Sun, 12 Sep 2010 19:44:58 +0100

Changed in inkscape (Ubuntu):
status: Confirmed → Fix Released
tags: removed: patch
jazzynico (jazzynico) on 2011-03-05
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers