crash with Arithmetic exception in layout_buttons() at libgdl/gdl-switcher.c:315

Bug #923241 reported by su_v on 2012-01-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
High
Alex Valavanis
Nominated for 0.48.x by Alex Valavanis

Bug Description

Forwarding crash reported on irc by houz:

Issue: in libgdl/gdl-switcher.c:315 a division by zero occurs

Steps to reproduce:
1) start inkscape,
2) open fill&stroke dialog,
3) open alignment dialog (both default to be docked over here),
4) drag the lower dialog up to the upper until the small rectangle in the middle of the upper dialog appears.
5) drop the dialog there.
6) click on the canvas.
-> crash:

 Program received signal SIGFPE, Arithmetic exception.
 0x087e09e3 in layout_buttons (switcher=0x9e27198) at libgdl/gdl-switcher.c:315
 315 while (num_btns % btns_per_row > 1)

System info:
Inkscape 0.48+devel r10922
Debian Sid (32bit), GCC 4.6
GTK+ 2.24.8

Not reproduced with Inkscape 0.48.1 on the same system.

su_v (suv-lp) wrote :
su_v (suv-lp) wrote :

Additional info:
The crash was reported after discussing recent changes in the dock behavior how multiple dialogs in the main dock are laid out:

Inkscape 0.48.2 and earlier builds from trunk (before the recent changes to 'src/libgdl') always add docked dialogs in a single column by default - expanding the dock vertically and displaying a scrollbar if the sum of their heights exceeds the max height of the dock in the current document window.

Recently, this behavior changed: multiple dialogs now are often laid out on top of each other with a row (or column) of switcher buttons below (e.g. if multiple docked dialogs had been minimized and then de-minimized again). This kind of layout can also be achieved intentionally (even in 0.48.x) by drag&dropping a docked dialog onto the center of another docked dialog.

It seems unclear (or somewhat random) what sequence of steps (open docked dialog, minimize, de-minimize) exactly triggers which dialog layout is used in the main dock.

su_v (suv-lp) wrote :

Crash not reproduced with Inkscape 0.48+devel r10922
- Mac OS X 10.5.8 (32bit), GTK+ 2.24.4, GLib 2.28.8
- OS X 10.7.2 (64bit), GTK+ 2.24.9, GLib 2.30.2

Changed in inkscape:
importance: Undecided → High
Alex Valavanis (valavanisalex) wrote :

There have been a few patches to gdl-switcher.c since our version[1] (upstream=2648F, 2010-10-26)

One patch in particular may be of use[2], which ensures that the btns_per_row variable is always a positive nonzero integer. Looking at the backtrace, this seems to be the thing that's causing the divide-by-zero exception.

[1] http://git.gnome.org/browse/gdl/log/gdl/gdl-switcher.c
[2] http://git.gnome.org/browse/gdl/commit/?id=31886f0912951e162922a94297f53dd3b4fda38e

Changed in inkscape:
assignee: nobody → Alex Valavanis (valavanisalex)
status: New → In Progress
Alex Valavanis (valavanisalex) wrote :

Upstream patch 31886 applied in lp:inkscape r10923. I couldn't reproduce the bug with earlier versions, so please could you test whether the patch has fixed the problem?

Changed in inkscape:
status: In Progress → Fix Committed
milestone: none → 0.49
status: Fix Committed → In Progress
houz (houz) wrote :

Revision 10923 fixes the crash. Thank you.

Alex Valavanis (valavanisalex) wrote :

Great, thanks for confirming the fix.

Changed in inkscape:
status: In Progress → Fix Committed
tags: added: backport-proposed
Alex Valavanis (valavanisalex) wrote :

Backported to lp:inkscape/0.48.x r9856

Changed in inkscape:
milestone: 0.49 → 0.48.3
tags: removed: backport-proposed
Ted Gould (ted) on 2012-02-15
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments