Copy&paste crashes inkscape in Avoid::ShapeRef::setNewPoly()

Bug #640985 reported by Keith Dart on 2010-09-17
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
High
Gellule

Bug Description

In inkscape 0.48, on Linux 2.6.35-gentoo-r5 #1 SMP PREEMPT x86_64 Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz:

1. Open a new file, change page properties to landscape.
2. Open a file I had created in inkscape 0.47 (contains some "stock" parts). It is attached to this bug.
3. Select part (group), and copy to clipboard.
4 .go to new file, select paste.
5. Inkscape aborts.

inkscape: libavoid/shape.cpp:108: void Avoid::ShapeRef::setNewPoly(const Avoid::Polygon&): Assertion `_poly.size() == poly.size()' failed.

Program received signal SIGABRT, Aborted.
0x0000003c0f233b45 in raise () from /lib/libc.so.6
(gdb) bt
#0 0x0000003c0f233b45 in raise () from /lib/libc.so.6
#1 0x0000003c0f235350 in abort () from /lib/libc.so.6
#2 0x0000003c0f22ca31 in __assert_fail () from /lib/libc.so.6
#3 0x0000000000a39ae1 in ?? ()
#4 0x0000000000a36484 in ?? ()
#5 0x000000000045a9d9 in ?? ()
#6 0x000000000045f0f6 in ?? ()
#7 0x000000000045f664 in ?? ()
#8 0x000000000048a9dd in ?? ()
#9 0x000000000061ac33 in ?? ()
#10 0x0000003eb0e0c4aa in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#11 0x0000003eb0e20411 in ?? () from /usr/lib/libgobject-2.0.so.0
#12 0x0000003eb0e21910 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#13 0x0000003eb0e21ea3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#14 0x000000346365b12e in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
#15 0x000000346354fb8d in gtk_menu_shell_activate_item () from /usr/lib/libgtk-x11-2.0.so.0
#16 0x0000003463551417 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#17 0x00000034635417d8 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#18 0x0000003eb0e0c4aa in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#19 0x0000003eb0e20050 in ?? () from /usr/lib/libgobject-2.0.so.0
#20 0x0000003eb0e21728 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#21 0x0000003eb0e21ea3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#22 0x00000034636577df in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#23 0x0000003463539cc3 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#24 0x000000346353ad7b in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#25 0x000000346285c2ec in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#26 0x0000003eb063e2d1 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#27 0x0000003eb0642128 in ?? () from /usr/lib/libglib-2.0.so.0
#28 0x0000003eb0642635 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#29 0x000000346353b217 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#30 0x000000000045524b in ?? ()
#31 0x00000000004546d1 in ?? ()
#32 0x0000003c0f21ed2d in __libc_start_main () from /lib/libc.so.6
#33 0x0000000000453859 in ?? ()
#34 0x00007fffffffd9a8 in ?? ()
#35 0x000000000000001c in ?? ()
#36 0x0000000000000001 in ?? ()
#37 0x00007fffffffdd9b in ?? ()
#38 0x0000000000000000 in ?? ()

Keith Dart (keith-dart) wrote :
Kris (kris-degussem) on 2010-09-17
tags: added: clipboard linux
Changed in inkscape:
importance: Undecided → High
Kris (kris-degussem) wrote :

Confirmed on vista 64 bit with the 0.48 release (r9645).

tags: removed: linux
Changed in inkscape:
status: New → Confirmed
su_v (suv-lp) wrote :

Not reproduced with Inkscape 0.47
Reproduced with Inkscape 0.48 and 0.48+devel r9762 on Mac OS X 10.5.8

Reduced test case attached. Crash also happens when copy & pasting in the same document.
Crash does not happen if 'inkscape:connector-avoid' attribute of the top-level group is removed.

Console messages:
Assertion failed: (_poly.size() == poly.size()), function setNewPoly, file libavoid/shape.cpp, line 108.

Emergency save activated!
Emergency save completed. Inkscape will close now.
If you can reproduce this crash, please file a bug at www.inkscape.org
with a detailed description of the steps leading to the crash, so we can fix it.
Assertion failed: (_poly.size() == poly.size()), function setNewPoly, file libavoid/shape.cpp, line 108.

su_v (suv-lp) wrote :

Crash report from r9762 when copy&pasting the group in the reduced testcase.

tags: added: connectors regression
summary: - Copy then paste crashes inkscape
+ Copy&paste crashes inkscape in Avoid::ShapeRef::setNewPoly()
tags: added: crash
su_v (suv-lp) wrote :

"Fixed" original file with both attributes that triggered the crash removed.

su_v (suv-lp) wrote :

At least two factors can trigger the crash:

A) matrix transformations on groups inside
   the top-level group with the 'connector-avoid' attribute

Attached drawing: resolving a matrix transform on groups inside the group with 'connector-attribute' apparently prevents Inkscape from crashing.

su_v (suv-lp) wrote :

B) rectangle(s) inside the connector-avoided group

The same crash is also triggered if the group, which is set to be avoided by connectors, contains one or more rectangles and one or more paths, and the rectangle(s) define the bounding box of the group. The geometry of the path(s) in the group also seems to be a factor.

Attached drawing tests variations of grouped objects: those that trigger the crash have a red background.

Tested with 0.48 and 0.48+devel r9762 on Mac OS X 10.5.8.

Keith Dart (keith-dart) wrote :

thanks for fixing the source file. :-)

su_v (suv-lp) wrote :

Same crash can be reproduced using the file from comment #2 in bug #635469 (the version attached here has the connectors removed - the attribute 'connector-avoid by itself is sufficient to trigger the crash).

Steps to reproduce:
1) open '640985-635469-New document 1.2010_09_11_05_01_56.0-connectors-deleted.svg'
2) select the circle (above the rectangle)
3) drag the circle (slowly) to the lower half of the page
4) when releasing the mouse button -> crash

Console message:
Assertion failed: (_poly.size() == poly.size()), function setNewPoly, file libavoid/shape.cpp, line 108.

Unlike the previously mentioned triggers, no groups are involved in this test case, only shapes with preserved transforms:
    <path
       sodipodi:type="arc"
       …
       transform="translate(-203,-102)"
       inkscape:connector-avoid="true" />
    <path
       sodipodi:type="star"
       …
       inkscape:transform-center-y="-2.054466"
       transform="matrix(0.96592583,0.25881905,-0.25881905,0.96592583,280.46464,-173.85171)"
       inkscape:connector-avoid="true"
       inkscape:transform-center-x="-5.8457112" />

Reproduced with Inkscape 0.48.1 and 0.48+devel r10268+patch (from bug #771738) on Mac OS X 10.5.8 (i386)

su_v (suv-lp) wrote :

backtrace with Inkscape 0.48+devel r10268+patch

Gellule (gellule-xg) wrote :

Could you try the attached patch and confirm that it help with the issue? The bug seems to come from an instability in the calculation of a convex around the shape being moved. The issue seems to be related to the fact that for e.g. a circle, the first and last point are at the same location.

su_v (suv-lp) wrote :

Tested with 0.48+devel r10300+convex-cover.cpp.diff on Mac OS X 10.5.8 (i386):

a) 640985-parts_network-test-4c.svg (comment #6)
   crash reproduced as described in the file

b) 640985-grouped-objects-1.svg (comment #7)
   crash reproduced as described in the file

c) 640985-635469-New document 1.2010_09_11_05_01_56.0-connectors-deleted.svg
   crash not reproduced

su_v (suv-lp) wrote :

backtrace from b) 640985-grouped-objects-1.svg

su_v (suv-lp) wrote :

Updated test file for b) 640985-grouped-objects-1.svg

su_v (suv-lp) wrote :
Gellule (gellule-xg) on 2011-06-14
Changed in inkscape:
assignee: nobody → Gellule (gellule-xg)
Gellule (gellule-xg) wrote :

We should assume that part c) is indeed related to https://bugs.launchpad.net/inkscape/+bug/635469, and only deal with part a) and b) in here.

Gellule (gellule-xg) wrote :

Never mind, I'm getting lost. Just consider the following commit for part c):
http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/10385

Gellule (gellule-xg) wrote :
Changed in inkscape:
status: Confirmed → Fix Committed
Gellule (gellule-xg) on 2011-07-01
Changed in inkscape:
milestone: none → 0.48.2
Gellule (gellule-xg) on 2011-07-01
Changed in inkscape:
milestone: 0.48.2 → none
Michael Wybrow (mjwybrow) wrote :

Sorry to chime in on this so late. The libavoid resize code doesn't actually need the polygon passed to seNewPoly to have the same number of points. This was just an assumption when I wrote the original code. In the new interface, this method doesn't exist and you can move (or resize) a polygon by passing it the x and y distance moved, or just giving an updated (and possibly complete new) polygon. Hence this assertion problem will go away when I update the libavoid version in Inkscape (this was waiting on some code that was not available in the new version of libavoid, but now is, but required a few changes to the way Inkscape calls libavoid).

Gellule (gellule-xg) on 2011-07-01
tags: added: backport-proposed
su_v (suv-lp) on 2011-07-01
Changed in inkscape:
milestone: none → 0.49
Gellule (gellule-xg) on 2011-07-07
tags: removed: backport-proposed
Changed in inkscape:
milestone: 0.49 → 0.48.2
Ted Gould (ted) on 2011-09-07
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.