Crash caused when node-editing empty path

Bug #710637 reported by Martin Owens on 2011-01-31
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
High
Martin Owens

Bug Description

While chasing a crash in the previous version 0.48, we stumbled upon a crash in the current build:

In current trunk (r10019) and 0.48.x (r9752), I could trigger a different crash though, when trying to node-edit the path (which has no path data), and <Tab> through the nodes:

> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_INVALID_ADDRESS at address: 0x47746b7d
> 0x005f57df in Inkscape::UI::SelectableControlPoint::updateState () at selectable-control-point.h:82
> 82 x->updateState();
> (gdb) bt
> #0 0x005f57df in Inkscape::UI::SelectableControlPoint::updateState () at selectable-control-point.h:82
> #1 0x005f57df in Inkscape::UI::SelectableControlPoint::updateState () at selectable-control-point.h:82
> #2 0x005f57df in Inkscape::UI::ControlPointSelection::insert (this=0x79c1b80, x=@0xbfffde0c) at ui/tool/control-point-selection.cpp:82
> #3 0x005fc7d8 in Inkscape::UI::MultiPathManipulator::shiftSelection (this=0x79ab5b0, dir=1) at ui/tool/control-point-selection.cpp:82
> #4 0x000fed2c in Inkscape::SelectionHelper::selectNext (dt=0x476bd20) at ui/tool/control-point-selection.cpp:82
> #5 0x00333040 in sp_action_perform (action=0x4787700, data=0x0) at ui/tool/control-point-selection.cpp:82
> #6 0x00111a53 in sp_shortcut_invoke (shortcut=65289, view=0x476bd20) at ui/tool/control-point-selection.cpp:82
> #7 0x00071b11 in sp_event_context_private_root_handler (event_context=0x6d35430, event=0x6d99f10) at ui/tool/control-point-selection.cpp:82
> #8 0x0060ca11 in (anonymous namespace)::ink_node_tool_root_handler (event_context=0x6d35430, event=0x6d99f10) at ui/tool/control-point-selection.cpp:82
> #9 0x0006d77c in sp_event_context_virtual_root_handler (event_context=0xb49f10, event=0x6d99f10) at ui/tool/control-point-selection.cpp:82
> #10 0x000396f7 in sp_desktop_root_handler (event=0x6d99f10, desktop=0x476bd20) at ui/tool/control-point-selection.cpp:82
> #11 0x0033ed55 in sp_marshal_BOOLEAN__POINTER (closure=0x53e5b60, return_value=0xbfffe6ac, n_param_values=2, param_values=0x55a0530, invocation_hint=0xbfffe560, marshal_data=0x392c0) at ui/tool/control-point-selection.cpp:82
> #12 0x032ec0a9 in g_closure_invoke ()
> #13 0x032fe163 in signal_emit_unlocked_R ()
> #14 0x032ff537 in g_signal_emit_valist ()
> #15 0x01918741 in gtk_signal_emit ()
> #16 0x00263f03 in emit_event (canvas=<value temporarily unavailable, due to optimizations>, event=0x6d9ba20) at ui/tool/control-point-selection.cpp:82
> #17 0x0026a427 in sp_canvas_key (widget=0x41ff380, event=0x6d9ba20) at ui/tool/control-point-selection.cpp:82
> #18 0x0178052b in _gtk_marshal_BOOLEAN__BOXED ()
> #19 0x032ec0a9 in g_closure_invoke ()
> #20 0x032fe2e8 in signal_emit_unlocked_R ()
> #21 0x032ff537 in g_signal_emit_valist ()
> #22 0x032ffaf9 in g_signal_emit ()
> #23 0x018af8a6 in gtk_widget_event_internal ()
> #24 0x018c5c99 in gtk_window_propagate_key_event ()
> #25 0x018caefc in gtk_window_key_press_event ()
> #26 0x0178052b in _gtk_marshal_BOOLEAN__BOXED ()
> #27 0x032ec0a9 in g_closure_invoke ()
> #28 0x032fe2e8 in signal_emit_unlocked_R ()
> #29 0x032ff537 in g_signal_emit_valist ()
> #30 0x032ffaf9 in g_signal_emit ()
> #31 0x018af8a6 in gtk_widget_event_internal ()
> #32 0x0177e765 in gtk_propagate_event ()
> #33 0x0177ec9d in gtk_main_do_event ()
> #34 0x02771b15 in gdk_event_dispatch ()
> #35 0x033a6a9d in g_main_context_dispatch ()
> #36 0x033aa59b in g_main_context_iterate ()
> #37 0x033aa877 in g_main_loop_run ()
> #38 0x0177dc71 in gtk_main ()
> #39 0x01192d4b in Gtk::Main::run ()
> #40 0x0000555c in Inkscape::UI::SelectableControlPoint::updateState () at selectable-control-point.h:986
> #41 sp_main_gui (argc=1, argv=0xbffff394) at ui/tool/control-point-selection.cpp:82
> #42 0x00004156 in start ()
> (gdb)

Backtrace done with Inkscape 0.48+devel r10019 on OS X 10.5.8

See also:
<http://thread.gmane.org/gmane.comp.graphics.inkscape.devel/35825>

Martin Owens (doctormo) wrote :
su_v (suv-lp) on 2011-01-31
tags: added: crash node-editing
Changed in inkscape:
importance: Undecided → High
description: updated
su_v (suv-lp) on 2011-01-31
summary: - Crash caused when editing empty path
+ Crash caused when node-editing empty path
jazzynico (jazzynico) wrote :

Reproduced on Ubuntu 10.10, Inkscape trunk revision 10037.

Changed in inkscape:
status: New → Confirmed
Martin Owens (doctormo) wrote :

Retesting this bug shows it's gone. It must have been fixed in the new release.

Changed in inkscape:
status: Confirmed → Fix Released
su_v (suv-lp) wrote :

> Retesting this bug shows it's gone. It must have been fixed in the new release.

Cannot confirm this being fixed - reported crash (see bug description and backtrace) still reproduced with latest stable release (0.48.4) and current trunk (r12395) on OS X 10.7.5 (GTK+/X11 2.24.13, GTK+/Quartz 2.24.19), as well as on Ubuntu 12.04 (0.48+devel r12388 (PPA)), Ubuntu 12.10 (0.48.3.1, 0.48+devel r12383 (local build)), Ubuntu 13.04 (0.48.4):

Steps to reproduce:
1) launch Inkscape
2) open sample SVG file
3) use 'Shift+<TAB>' to select the path which triggers the crash
4) switch to the node tool, and use <TAB> to cycle through all nodes

--> crash

Proposing to reopen.

Martin Owens (doctormo) wrote :

Thanks for retesting suv, I clonked the error on the head with this commit: r12396 thanks to your STR

Changed in inkscape:
assignee: nobody → Martin Owens (doctormo)
su_v (suv-lp) on 2013-06-29
Changed in inkscape:
milestone: none → 0.49
status: Fix Released → Fix Committed
su_v (suv-lp) wrote :

The changes from r12396 merge cleanly into <lp:inkscape/0.48.x>, and fix the crash otherwise easily reproducible with current stable 0.48.4 (tested with 0.48.x r9961 on OS X 10.7.5).

@Martin - can you think of any special reason not to backport your fix to the stable branch?

tags: added: backport-proposed
su_v (suv-lp) wrote :

Fix backported to lp:inkscape/0.48.x in revision 9996.

Changed in inkscape:
milestone: 0.49 → 0.48.5
tags: removed: backport-proposed
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers