inkscape crashed with SIGSEGV in Inkscape::Extension::Implementation::Script::effect()

StacktraceTop:
 Inkscape::Extension::Implementation::Script::effect (this=0x8fc62b0, module=0x90c7cc0, doc=0x90e7d20, docCache=0x0) at extension/implementation/script.cpp:734
 Inkscape::Extension::ExecutionEnv::run (this=0xbff7a6f0) at extension/execution-env.cpp:210
 Inkscape::Extension::Effect::effect (this=0x8fca070, doc=0x90e7d20) at extension/effect.cpp:275
 Inkscape::Extension::Effect::prefs (this=0x8fca070, doc=0x90e7d20) at extension/effect.cpp:240
 sp_action_perform (action=0x90f8578, data=0x0) at helper/action.cpp:181

Status changed to 'Confirmed' because the bug affects multiple users.

not reproduced on Windows XP, Inkscape rev 11060.
could you provide details of the settings, colors, etc?

Not sure what Windows XP has to do with this, Inkscape works fine in 11.10 also
As far as 12.04 not so & the recent upgrade shows no improvement.
As far as repo'ing the crash, open any svg & try to apply any of the color extensions

was fixed in rev10611 by Jazz. (comical syntax though, so I'll change that a bit now ;)

Backported for inkscape 0.48.4 in revision 9893.

Could the fix for this bug be reviewed?

AFAICT the crash occurs when running extensions in documents which use an arbitrary ID for the node <namedview> (other than what is used in default templates) -> e.g. when opening PDF files, Plain SVG files, or other SVG documents which originally didn't have this custom node at all (Inkscape in such cases assigns a new ID based on its normal scheme: name of the xml node + a random number).

Apparently the regression was introduced by the patch for
  Bug #789122 “changing current layer through an extension”
  <https://bugs.launchpad.net/inkscape/+bug/789122>
  <http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/10608>
which AFAIU retrieves the node <namedview> by the ID it has in default templates ("base"). Is the some hidden rule for 'Inkscape SVG' that a <namedview> is not a real <namedview> node unless it has the ID "base"? AFAICT other parts of Inkscape handle such <namedview> nodes just fine (i.e. are able to load the settings independent of the ID).

The current fix for this bug (bug #944077) simply ignores <namedview> nodes which have a different ID (probably breaking the patch for bug #789122 for all documents which are not based on the default document).

Isn't there a different way to retrieve the node <namedview> other than by an (arbitrary) ID "base"?

        SPObject *obj = mydoc->getObjectById("base");

        // Getting the named view from the document generated by the extension
        SPNamedView *nv = (SPNamedView *) obj;

        //Check if it has a default layer set up
        if ( nv != NULL){
            if( nv->default_layer_id != 0 ) {
                SPDocument *document = desktop->doc();
                //If so, get that layer
                layer = document->getObjectById(g_quark_to_string(nv->default_layer_id));
            }
        }

Workaround in Inkscape 0.48.3.1 for affected files to avoid a crash when running an extension:
rename the id of <namedview> to "base".

Steps:
1) open affected file
2) open 'Edit > XML Editor…'
3) select the node <sodipodi:namedview …> in the list on the left
4) select the attribute 'id' in the upper right list
5) at the bottom right, the string of the id is shown in the edit field
   (probably something like "namedview12345" - numbers will vary)
6) overwrite the id string with "base", click on 'Set', close XML Editor
7) try again to run the extension
-> it should know work without triggering the crash.

Attaching the new patch here.

The attachment "789122-v2.diff" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

Patch committed in the trunk, revision 11576.
Please test!

Backported to 0.48.x branch, r9906.

Is any of this going to make it into Debian/Ubuntu in the near future ??

Doug: The patch has been backported for 0.48.4... if you have the backports repo proposed for your distro, it should hopefully be available soon after the actual release of 0.48.4. I will try to pull strings to ensure it will be available in Ubuntu 12.10 at the least once we cut the tarball (no guarantees though).

This bug was fixed in the package inkscape - 0.48.4-0ubuntu1

---------------
inkscape (0.48.4-0ubuntu1) raring; urgency=low

  * New upstream release (LP: #1091308). Fixes several Ubuntu bugs:
    - Inkscape crashed with SIGSEGV in getObject() (LP: #941317)
    - Inkscape crashed with SIGSEGV in
      Inkscape::Extension::Implementation::Script::effect() (LP: #944077)
    - Inkscape crashed with SIGSEGV in
      Inkscape::Extension::Output::get_extension() (LP: #973174)
    - Overlay scrollbars causing input boxes to be small (LP: #946631)
  * Drop 03_track_libpoppler25_abi_changes.patch: applied upstream
  * Drop 04_track_libpoppler25_abi_changes_colorspace.patch: applied upstream
 -- Alexander Valavanis <email address hidden> Wed, 19 Dec 2012 13:45:59 +0000