Inkscape

Bug #956225
Comment #11

Comment 11 for bug 956225

Revision history for this message

Liam P. White (liampwhite) wrote on 2014-06-11:

#11

valgrind log + gdb full backtrace Edit (38.8 KiB, text/plain)

Reproduced on x86_64 linux with valgrind. bt full attached.

On Windows 7, I temporarily made use of a feature of the kernel called "page heap" to debug. You can find the Application Verifier here: http://msdn.microsoft.com/en-us/library/ms220948(v=vs.90).aspx

I walked the stack after getting a crash in Visual Studio, manually entering addresses into gdb running simultaneously.
I found that the stack frames from valgrind and the trap from the verifier core on Windows were essentially identical after the first few frames.

#0 ntdll.dll!RtlpBreakPointHeap()
...
#7 libsigc-2.0-0.dll!6aa01b04() {sigc::signal_base::~signal_base() + 79 in section .text of ./libsigc-2.0-0.dll}
#8 inkscape.exe!eff708() {sigc::signal1<void, SPObject*, sigc::nil>::~signal1() + 24 in section .text of inkscape.exe}
Line 2739 of "c:/devlibs64/include/sigc++-2.0/sigc++/signal.h" [ class signal1
: public signal_base {...}; ] (inherited, non-virtual destructor)
#9 inkscape.exe!0xef51cc { sigc::signal<void, SPObject*, sigc::nil, sigc::nil, sigc::nil, sigc::nil, sigc::nil, sigc::nil>::~signal()+12 }
#10 inkscape.exe!0x938885 { SPObject::~SPObject()+259 }
Line 147 of "src/sp-object.cpp" [ } ] (destructor tail)
#11 inkscape.exe!0x91193A { SPItem::~SPItem()+92 }
Line 130 of "src/sp-item.cpp" [ } ] (destructor tail)
#12 inkscape.exe!0x91BC97 { SPLPEItem::~SPLPEItem()+12 }
Line 68 of "src/sp-lpe-item.cpp" [ } ] (destructor tail)
#13 inkscape.exe!0x951E1E { SPShape::~SPShape()+167 } ibid
#14 inkscape.exe!0x9443F6 { SPPath::~SPPath()+56 } ibid
#15 inkscape.exe!0x944420 { SPPath::~SPPath()+12 } ibid
#16 inkscape.exe!0x938e00 { sp_object_unref(SPObject*, SPObject*)+225 }
Line 235 of "src/sp-object.cpp"
#17 inkscape.exe!0x93A0A1 { SPObject::detach(SPObject*)+310 }
Line 581 of "src/sp-object.cpp"
#18 inkscape.exe!0x93A3DC { SPObject::release()+42 }
Line 637 of "src/sp-object.cpp"
#19 inkscape.exe!0x912FD5 { SPItem::release()+191 }
Line 442 of "src/sp-item.cpp"
#20 inkscape.exe!0x91beaa { SPLPEItem::release()+385 }
Line 101 of "src/sp-lpe-item.cpp"
#21 inkscape.exe!0x9092DD { SPGroup::release()+57 }
#22 inkscape.exe!0x87A970 { SPMarker::release()+85 }
Line 105 of "src/marker.cpp"
#23 inkscape.exe!0x93AD60 { SPObject::releaseReferences()+170 }
Line 776 of "src/sp-object.cpp"
#24 inkscape.exe!0x939FEA { SPObject::detach(SPObject*)+131 }
Line 558 of "src/sp-object.cpp"
#25 inkscape.exe!0x93A426 { SPObject::remove_child(Inkscape::XML::Node*)+43 }
Line 639 of "src/sp-object.cpp"
#26 inkscape.exe!0x93af94 { SPObject::repr_child_removed(Inkscape::XML::Node*, Inkscape::XML::Node*, Inkscape::XML::Node*, void*)+32 }

... I won't bore you with these. See attached for the full thing.

Reproduced on x86_64 linux with valgrind. bt full attached.

On Windows 7, I temporarily made use of a feature of the kernel called "page heap" to debug. You can find the Application Verifier here: http://msdn.microsoft.com/en-us/library/ms220948(v=vs.90).aspx

#0 ntdll.dll!RtlpBreakPointHeap()
...
#7 libsigc-2.0-0.dll!6aa01b04() {sigc::signal_base::~signal_base() + 79 in section .text of ./libsigc-2.0-0.dll}
#8 inkscape.exe!eff708() {sigc::signal1<void, SPObject*, sigc::nil>::~signal1() + 24 in section .text of inkscape.exe}
Line 2739 of "c:/devlibs64/include/sigc++-2.0/sigc++/signal.h" [ class signal1
  : public signal_base {...}; ] (inherited, non-virtual destructor)
#9 inkscape.exe!0xef51cc { sigc::signal<void, SPObject*, sigc::nil, sigc::nil, sigc::nil, sigc::nil, sigc::nil, sigc::nil>::~signal()+12 }
#10 inkscape.exe!0x938885 { SPObject::~SPObject()+259 }
Line 147 of "src/sp-object.cpp" [ } ] (destructor tail)
#11 inkscape.exe!0x91193A { SPItem::~SPItem()+92 }
Line 130 of "src/sp-item.cpp" [ } ] (destructor tail)
#12 inkscape.exe!0x91BC97 { SPLPEItem::~SPLPEItem()+12 }
Line 68 of "src/sp-lpe-item.cpp" [ } ] (destructor tail)
#13 inkscape.exe!0x951E1E { SPShape::~SPShape()+167 } ibid
#14 inkscape.exe!0x9443F6 { SPPath::~SPPath()+56 } ibid
#15 inkscape.exe!0x944420 { SPPath::~SPPath()+12 } ibid
#16 inkscape.exe!0x938e00 { sp_object_unref(SPObject*, SPObject*)+225 }
Line 235 of "src/sp-object.cpp"
#17 inkscape.exe!0x93A0A1 { SPObject::detach(SPObject*)+310 }
Line 581 of "src/sp-object.cpp"
#18 inkscape.exe!0x93A3DC { SPObject::release()+42 }
Line 637 of "src/sp-object.cpp"
#19 inkscape.exe!0x912FD5 { SPItem::release()+191 }
Line 442 of "src/sp-item.cpp"
#20 inkscape.exe!0x91beaa { SPLPEItem::release()+385 }
Line 101 of "src/sp-lpe-item.cpp"
#21 inkscape.exe!0x9092DD { SPGroup::release()+57 }
#22 inkscape.exe!0x87A970 { SPMarker::release()+85 }
Line 105 of "src/marker.cpp"
#23 inkscape.exe!0x93AD60 { SPObject::releaseReferences()+170 }
Line 776 of "src/sp-object.cpp"
#24 inkscape.exe!0x939FEA { SPObject::detach(SPObject*)+131 }
Line 558 of "src/sp-object.cpp"
#25 inkscape.exe!0x93A426 { SPObject::remove_child(Inkscape::XML::Node*)+43 }
Line 639 of "src/sp-object.cpp"
#26 inkscape.exe!0x93af94 { SPObject::repr_child_removed(Inkscape::XML::Node*, Inkscape::XML::Node*, Inkscape::XML::Node*, void*)+32 }

... I won't bore you with these. See attached for the full thing.