seg fault on opening my file

Bug #616198 reported by shinyblue on 2010-08-11
36
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Inkscape
High
Johan Engelen

Bug Description

opening this file from the command line, or by the file menu, causes segfault. Same with File->import

Lost my work?!

Inkscape 0.47 r22583 (Apr 4 2010)
Ubuntu Lucid 10.04 xfce+compiz
Dell Studio 1555
Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz

$ gdb `which inkscape`
GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/inkscape...(no debugging symbols found)...done.
(gdb) run /home/rich/Desktop/artfulrobot_web_header.svg
Starting program: /usr/bin/inkscape /home/rich/Desktop/artfulrobot_web_header.svg
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x00000000006598fe in ?? ()
(gdb) bt
#0 0x00000000006598fe in ?? ()
#1 0x000000000064c285 in ?? ()
#2 0x000000000064b8e2 in ?? ()
#3 0x00000000004cb458 in ?? ()
#4 0x00000000004d9567 in ?? ()
#5 0x00000000004cb8f3 in ?? ()
#6 0x00000000004d9316 in ?? ()
#7 0x00000000004da6d8 in ?? ()
#8 0x00000000004d9d30 in ?? ()
#9 0x00000000004d2722 in ?? ()
#10 0x00000000004d4894 in ?? ()
#11 0x00000000004d2722 in ?? ()
#12 0x00000000004d4894 in ?? ()
#13 0x00000000004e39ec in ?? ()
#14 0x00000000004d2722 in ?? ()
#15 0x00000000004d5df3 in ?? ()
#16 0x000000000045a323 in ?? ()
#17 0x000000000045b394 in ?? ()
#18 0x00000000005c5905 in ?? ()
#19 0x0000000000462170 in ?? ()
#20 0x000000000045384f in ?? ()
#21 0x0000000000452db9 in ?? ()
#22 0x00007fffefbe9c4d in __libc_start_main (main=<value optimised out>, argc=<value optimised out>,
    ubp_av=<value optimised out>, init=<value optimised out>, fini=<value optimised out>,
    rtld_fini=<value optimised out>, stack_end=0x7fffffffe338) at libc-start.c:226
#23 0x0000000000451fb9 in ?? ()
#24 0x00007fffffffe338 in ?? ()
#25 0x000000000000001c in ?? ()
#26 0x0000000000000002 in ?? ()
#27 0x00007fffffffe5e4 in ?? ()
#28 0x00007fffffffe5f6 in ?? ()
#29 0x0000000000000000 in ?? ()
(gdb) quit

shinyblue (shinyblue) wrote :
shinyblue (shinyblue) wrote :

Nb. Firefox and risetto appear to be able to open and display the file

Nb. Inkscape was working happily on this file, then saved without error. Just wouldn't re-open!

su_v (suv-lp) wrote :

reproduced with Inkscape 0.48+devel r9696 on OS X 10.5.8

tags: added: crash livepatheffects
Changed in inkscape:
importance: Undecided → High
status: New → Confirmed
su_v (suv-lp) wrote :
shinyblue (shinyblue) wrote :

Nb. Also segfaults in
Inkscape 0.48+devel r (Jul 19 2010)

su_v (suv-lp) wrote :

same file with 'Bend' path effect(s) turned off opens without crash.

ScislaC (scislac) wrote :

My bt from Ubuntu (quite short):

Program received signal SIGSEGV, Segmentation fault.
0x082a2223 in Inkscape::LivePathEffect::LPEBendPath::doEffect_pwd2 (
    this=0xb3dc000, pwd2_in=...) at live_effects/lpe-bendpath.cpp:110
110 double scaling = uskeleton.cuts.back()/bboxHorizontal.extent();
0x0808ac7a in SPDocument::_updateDocument (this=0x8f4bea0) at document.cpp:1002
1002 if (this->root->uflags || this->root->mflags) {

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.

su_v (suv-lp) wrote :

See bug #941661 "Segmentation fault when opening a file with the Path effect" for 'steps to reproduce' with a new document (stack order of linked bend path and the bent path (with LPE 'Bend' applied) matters).

Johan Engelen (johanengelen) wrote :

the crash happens because uskeleton.empty() == true at that point. Calling .back() on an empty vector crashes.
fixed the crash (not the cause of the empty uskeleton) in rev. 12398

Johan Engelen (johanengelen) wrote :

btw, this is not an "uninitialized variable" bug. uskeleton is initialized by "uskeleton = arc_length_parametrization" which is called before the crash happens.

Martin Owens (doctormo) wrote :

I'm going to call the bug fixed, because while we may have questions about what to do in such a scenario, the image loads ok and looks ok and the crash doesn't happen. (please assign to johanengelen, lp is not allowing me to)

Changed in inkscape:
status: Confirmed → Fix Committed
su_v (suv-lp) on 2013-07-01
Changed in inkscape:
assignee: nobody → Johan Engelen (johanengelen)
milestone: none → 0.49
su_v (suv-lp) wrote :

The changes from 12398 merge cleanly into <lp:inkscape/0.48.x>, and fix the crash otherwise easily reproducible with current stable 0.48.4 (diff tested with 0.48.x r9961 on OS X 10.7.5).

@Johan - can you think of any special reason not to apply the changes to the stable branch?

tags: added: backport-proposed
su_v (suv-lp) wrote :

Fix backported to lp:inkscape/0.48.x in revision 9995.

Changed in inkscape:
milestone: 0.49 → 0.48.5
tags: removed: backport-proposed
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers