Inkscape

segfault when filling with pattern

Bug #429050 reported by nojhan
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Inkscape
Invalid
High
Unassigned

Bug Description

With version 0.48-pre2, segfault on the following specific file when trying to fill a shape with a pattern.

----
Steps to reproduce:

Open the following file, select one of the black spikes and try to fill it with any pattern.
The crash occurs just after clicking on the pattern button.

----
Inkscape 0.47-pre2 is not installed on the system but compiled and used directly from the src directory. A version 0.46 is installed on the whole system.

The system is a linux ubuntu 9.04.

Build options are :
./configure --enable-inkboard --with-gnome-vfs --enable-poppler-cairo

----
GDB backtrace:

nojhan@salon:~/apps/inkscape-0.47pre2$ gdb ./src/inkscape
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
run affiche.svg(gdb) run affiche.svg
Starting program: /home/nojhan/apps/inkscape-0.47pre2/src/inkscape affiche.svg
[Thread debugging using libthread_db enabled]
[New Thread 0xb668f740 (LWP 27307)]
Xlib: extension "Generic Event Extension" missing on display ":1009.0".
Xlib: extension "Generic Event Extension" missing on display ":1009.0".
Xlib: extension "Generic Event Extension" missing on display ":1009.0".
Xlib: extension "Generic Event Extension" missing on display ":1009.0".
Xlib: extension "Generic Event Extension" missing on display ":1009.0".
[New Thread 0xb5a10b90 (LWP 27312)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb668f740 (LWP 27307)]
0x085b71f8 in sp_paint_selector_get_pattern (psel=0xb6c8bf0) at widgets/paint-selector.cpp:1038
1038 if SP_IS_PATTERN(pat) return pat;
(gdb) bt
#0 0x085b71f8 in sp_paint_selector_get_pattern (psel=0xb6c8bf0) at widgets/paint-selector.cpp:1038
#1 0x085adc25 in sp_fill_style_widget_paint_changed (psel=0xb6c8bf0, spw=0xf404240) at widgets/fill-style.cpp:474
#2 0xb741603c in g_cclosure_marshal_VOID () from /usr/lib/libgobject-2.0.so.0
#3 0xb7408c7b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#4 0xb741ee57 in ?? () from /usr/lib/libgobject-2.0.so.0
#5 0xb74204b9 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#6 0xb7942d7e in gtk_signal_emit () from /usr/lib/libgtk-x11-2.0.so.0
#7 0x085b80c0 in sp_paint_selector_set_mode (psel=0xb6c8bf0, mode=SP_PAINT_SELECTOR_MODE_PATTERN) at widgets/paint-selector.cpp:358
#8 0xb74163a4 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0
#9 0xb7408c7b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#10 0xb741ee57 in ?? () from /usr/lib/libgobject-2.0.so.0
#11 0xb74204b9 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#12 0xb7420936 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#13 0xb788a45a in gtk_toggle_button_toggled () from /usr/lib/libgtk-x11-2.0.so.0
#14 0xb788a4a2 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#15 0xb74163a4 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0
#16 0xb74073d9 in ?? () from /usr/lib/libgobject-2.0.so.0
#17 0xb7408c7b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#18 0xb741e6c0 in ?? () from /usr/lib/libgobject-2.0.so.0
#19 0xb74204b9 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#20 0xb7420936 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#21 0xb7705bda in gtk_button_clicked () from /usr/lib/libgtk-x11-2.0.so.0
#22 0xb788a1a8 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#23 0xb74163a4 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0
#24 0xb74073d9 in ?? () from /usr/lib/libgobject-2.0.so.0
#25 0xb7408c7b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#26 0xb741e6c0 in ?? () from /usr/lib/libgobject-2.0.so.0
#27 0xb74204b9 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#28 0xb7420936 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#29 0xb7705c7a in gtk_button_released () from /usr/lib/libgtk-x11-2.0.so.0
#30 0xb7705cb3 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#31 0xb77c0526 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#32 0xb74073d9 in ?? () from /usr/lib/libgobject-2.0.so.0
#33 0xb7408c7b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#34 0xb741eaff in ?? () from /usr/lib/libgobject-2.0.so.0
#35 0xb742034f in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#36 0xb7420936 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#37 0xb78db2ae in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#38 0xb77b8f7c in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#39 0xb77ba327 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#40 0xb764734a in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#41 0xb7176b88 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#42 0xb717a0eb in ?? () from /usr/lib/libglib-2.0.so.0
#43 0xb717a5ba in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#44 0xb77ba7d9 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#45 0xb7d9f3d7 in Gtk::Main::run_impl () from /usr/lib/libgtkmm-2.4.so.1
#46 0xb7d9f1d2 in Gtk::Main::run () from /usr/lib/libgtkmm-2.4.so.1
#47 0x08086ea7 in sp_main_gui (argc=2, argv=0xbfd44a64) at main.cpp:949
#48 0x081669ea in Inkscape::NSApplication::Application::run (this=0xbfd449a0) at application/application.cpp:114
#49 0x080864fd in main (argc=2, argv=0xbfd44a64) at main.cpp:685
(gdb) quit
The program is running. Exit anyway? (y or n) yes
nojhan@salon:~/apps/inkscape-0.47pre2$

Tags: crash pattern
Revision history for this message
nojhan (nojhan-gmail) wrote :
Revision history for this message
nojhan (nojhan-gmail) wrote :

Same crash with the official ubuntu 0.46 version.

Revision history for this message
nojhan (nojhan-gmail) wrote :

Workaround : open a new instance, copy the shape, fill it with the pattern and copy it back to the first instance.

Revision history for this message
su_v (suv-lp) wrote :

not reproduced on OS X 10.5.8 with
- Inkscape 0.46-2
- Inkscape 0.47pre2-2
- Inkscape 0.46+devel r22221

Revision history for this message
jazzynico (jazzynico) wrote :

Not reproduced on Windows XP, Inkscape pre2 and recent SVN builds.

Changed in inkscape:
importance: Undecided → High
tags: added: crash
removed: fill pattern segfault
Revision history for this message
jazzynico (jazzynico) wrote :

Confirmed on Ubuntu 9.04, Inkscape 0.46-5ubuntu4 and rev. 22239.
Same GDB backtrace.

Changed in inkscape:
status: New → Confirmed
Revision history for this message
nojhan (nojhan-gmail) wrote :

As on the duplicate bug : https://bugs.launchpad.net/bugs/429050

Removing unused defs solves the problem.

Revision history for this message
su_v (suv-lp) wrote :

Can you test the attached file: change the fill of any of the four squares?

Revision history for this message
su_v (suv-lp) wrote :

… and this one. It contains the unused defs for the bitmap patterns from '429050-bitmap-pattern-test.svg', and new (vector) patterns are applied to the three boxes.

(why do Firefox & Safari render them completely different from Inkscape?)

Revision history for this message
nojhan (nojhan-gmail) wrote :

@~suv works with both files (with linux ubuntu 9.04, inkscape 0.46 AND 0.47-pre2), no bug detected.

Revision history for this message
nojhan (nojhan-gmail) wrote :

this bug is still present with 0.47-pre3 on ubuntu 9.04

su_v (suv-lp)
tags: added: pattern
Revision history for this message
Johan Engelen (johanengelen) wrote :

Cannot reproduce with r9842

Revision history for this message
su_v (suv-lp) wrote :

@Johan - this bug seems platform-dependent, see comment #5 and #6. Did you test on Windows?

Revision history for this message
Max (bogusman222) wrote :

Seeing the bug on Mageia 1, Inkscape 0.48+devel r10958

uname:
Linux localhost 2.6.38.8-desktop-10.mga #1 SMP Wed Jan 25 10:17:18 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

stdout:
** (inkscape:11479): WARNING **: Inkscape currently only supports color-interpolation-filters = sRGB
Segmentation fault

Revision history for this message
Max (bogusman222) wrote :

I forgot to mention that on the same computer, with the same system, 0.48.1 did NOT have this bug.

Revision history for this message
jazzynico (jazzynico) wrote :

Not reproduced on Windows XP, Inkscape 0.48, 0.48.1, 0.48.2 and trunk revision 10992.

Revision history for this message
jazzynico (jazzynico) wrote :

Not reproduced on Ubuntu 11.04, Inkscape 0.48.1 and trunk revision 10992.
@Max. Lots of things changed recently in the trunk. Would you be willing to test the latest revision and confirm you're still affected?

Revision history for this message
su_v (suv-lp) wrote :

Not reproduced on Mac OS X 10.5.8 (32bit) and OS X 10.7.2 (64bit), Inkscape 0.48.2 and trunk revision 10992

Note: I did not even try to reconstruct the circumstances of the original report:
> Inkscape 0.47-pre2 is not installed on the system but compiled
> and used directly from the src directory. A version 0.46 is
> installed on the whole system.

i.e. running a newer version of inkscape out of src (i.e. not installed, but configured with the same prefix as the installed older version) which then loads the shared resource files from an older release (including the shared pattern file).

Revision history for this message
jazzynico (jazzynico) wrote :

> Note: I did not even try to reconstruct the circumstances of the original report

Probably not necessary here. I reproduced the bug on Ubuntu 9.04 and the default .0.46 (see comment #6).
I guess it's due to a specific lib, not to inkscape directly.

Revision history for this message
ScislaC (scislac) wrote :

Can this be reproduced with 0.48.5 or current trunk? If this is library dependent and not a library we distribute with, the report needs to reflect it.

su_v (suv-lp)
Changed in inkscape:
status: Confirmed → Incomplete
Revision history for this message
Kris (kris-degussem) wrote :

Closing bug, because the issue seems system dependant, is not present on windows, has not been detected for a long time on linux (which changed significantly since the bug was last reported), has not been reported Inkscape with 0.48.x and above.
Please revert bug status if you think this is done in error.

Changed in inkscape:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.