Inkscape

flowregion trips GetDest assertion

Bug #1762681 reported by Hermann Höhne
54
This bug affects 9 people
Affects Status Importance Assigned to Milestone
Inkscape
Fix Released
High
Mc
Inkscape 0.92.4 "0.92.4"

Bug Description

Inkscape crashes due to a failed assertion caused by a SVG FlowRegion. I do not know what a FlowRegion is or if this instance is valid or not. I attached the example file.

Inkscape Version: 0.92.3 (unknown) / 0.92.3+68~ubuntu16.04.1 (from http://ppa.launchpad.net/inkscape.dev)
Operating System: Ubuntu 16.04.4 x86_64

Inkscape output:
ERROR:/build/inkscape-vgG8ts/inkscape-0.92.3+68~ubuntu16.04.1/src/sp-flowregion.cpp:360:void GetDest(SPObject*, Shape**): assertion failed: (item != NULL)

Backtrace:
#0 0x00007ffff4281428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff428302a in __GI_abort () at abort.c:89
#2 0x00007ffff6679d65 in g_assertion_message () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3 0x00007ffff6679dfa in g_assertion_message_expr () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4 0x00007ffff75a45fb in ?? () from /usr/bin/../lib/inkscape/libinkscape_base.so
#5 0x00007ffff75a48a3 in SPFlowregion::UpdateComputed() () from /usr/bin/../lib/inkscape/libinkscape_base.so
#6 0x00007ffff75a50cd in SPFlowregion::write(Inkscape::XML::Document*, Inkscape::XML::Node*, unsigned int) ()
   from /usr/bin/../lib/inkscape/libinkscape_base.so
#7 0x00007ffff75a99ab in SPFlowtext::write(Inkscape::XML::Document*, Inkscape::XML::Node*, unsigned int) ()
   from /usr/bin/../lib/inkscape/libinkscape_base.so
#8 0x00007ffff74dde04 in fix_update(SPObject*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#9 0x00007ffff74decd3 in sp_file_text_run_recursive(void (*)(SPObject*), SPObject*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#10 0x00007ffff74ded3b in sp_file_text_run_recursive(void (*)(SPObject*), SPObject*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#11 0x00007ffff74ded3b in sp_file_text_run_recursive(void (*)(SPObject*), SPObject*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#12 0x00007ffff74ded3b in sp_file_text_run_recursive(void (*)(SPObject*), SPObject*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#13 0x00007ffff74ded3b in sp_file_text_run_recursive(void (*)(SPObject*), SPObject*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#14 0x00007ffff74dedd5 in sp_file_convert_text_baseline_spacing(SPDocument*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#15 0x00007ffff74cc5cd in SPDocument::createDoc(Inkscape::XML::Document*, char const*, char const*, char const*, unsigned int, SPDocument*) ()
   from /usr/bin/../lib/inkscape/libinkscape_base.so
#16 0x00007ffff74cd042 in SPDocument::createNewDoc(char const*, unsigned int, bool, SPDocument*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#17 0x00007ffff6f649a8 in Inkscape::Extension::Input::open(char const*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#18 0x00007ffff6f676ec in Inkscape::Extension::open(Inkscape::Extension::Extension*, char const*) () from /usr/bin/../lib/inkscape/libinkscape_base.so
#19 0x00007ffff74d9648 in sp_file_open(Glib::ustring const&, Inkscape::Extension::Extension*, bool, bool) ()
   from /usr/bin/../lib/inkscape/libinkscape_base.so
#20 0x000055555555c3ef in sp_main_gui(int, char const**) ()
#21 0x00007ffff426c830 in __libc_start_main (main=0x55555555a1d0 <main>, argc=2, argv=0x7fffffffdf08, init=<optimized out>, fini=<optimized out>,
    rtld_fini=<optimized out>, stack_end=0x7fffffffdef8) at ../csu/libc-start.c:291
#22 0x000055555555a709 in _start ()

Revision history for this message
Hermann Höhne (hoehermann) wrote :
Revision history for this message
Alvin Penner (apenner) wrote :

- confirmed on Windows 10, Inkscape 0.92.3 (2405546, 2018-03-11)
- confirmed on Windows 10, Inkscape 0.92+devel (e9e25c0, 2018-03-28)

the DOS error message is:
ERROR:../src/sp-flowregion.cpp:360:void GetDest(SPObject*, Shape**): assertion failed: (item != NULL)

Changed in inkscape:
status: New → Confirmed
Revision history for this message
Alvin Penner (apenner) wrote :

backtrace:

Program received signal SIGTRAP, Trace/breakpoint trap.
0x74252cf3 in KERNELBASE!DeleteAce () from C:\WINDOWS\SysWOW64\KernelBase.dll
(gdb) bt
#0 0x74252cf3 in KERNELBASE!DeleteAce () from C:\WINDOWS\SysWOW64\KernelBase.dll
#1 0x68828b59 in ?? () from c:\program files (x86)\inkscape\libglib-2.0-0.dll
#2 0x68819bb5 in ?? () from c:\program files (x86)\inkscape\libglib-2.0-0.dll
#3 0x68819c36 in ?? () from c:\program files (x86)\inkscape\libglib-2.0-0.dll
#4 0x0381427c in libinkscape_base!_ZN12SPFlowregionD2Ev () from c:\program files (x86)\inkscape\libinkscape_base.dll
#5 0x0381585b in libinkscape_base!_ZN12SPFlowregion5writeEPN8Inkscape3XML8DocumentEPNS1_4NodeEj ()
   from c:\program files (x86)\inkscape\libinkscape_base.dll
#6 0x0385bdc4 in libinkscape_base!_ZN8SPObject10updateReprEj () from c:\program files (x86)\inkscape\libinkscape_base.dll
#7 0x03819f72 in libinkscape_base!_ZN10SPFlowtext5writeEPN8Inkscape3XML8DocumentEPNS1_4NodeEj ()
   from c:\program files (x86)\inkscape\libinkscape_base.dll
#8 0x0066ede8 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) c
Continuing.

Program received signal SIGTRAP, Trace/breakpoint trap.
0x74252cf3 in KERNELBASE!DeleteAce () from C:\WINDOWS\SysWOW64\KernelBase.dll
(gdb) c
Continuing.
[Inferior 1 (process 1124) exited with code 03]

Revision history for this message
Adam Smith (aasmith) wrote :

https://commons.wikimedia.org/wiki/File:Meuble_h%C3%A9raldique_Enclume_marteau.svg

This file appears to trip the same bug for me. (Using version 0.92.3 on a Linux Mint machine.)

Patrick Storz (ede123)
Changed in inkscape:
importance: Undecided → High
status: Confirmed → Triaged
Revision history for this message
Igor (igory) wrote :

It looks like an error caused by parsing flowRegion with xml:space="preserve" on flowRoot.

This SVG works:
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<svg>
<flowRoot xml:space="preserve">
<flowRegion><rect height="100" width="100"/></flowRegion>
<flowPara>a</flowPara>
</flowRoot>
</svg>

This doesn't:
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<svg>
<flowRoot xml:space="preserve">
<flowRegion> <rect height="100" width="100"/></flowRegion>
<flowPara>a</flowPara>
</flowRoot>
</svg>

Revision history for this message
Patrick Storz (ede123) wrote :

Can somebody test wether
  https://gitlab.com/inkscape/inkscape/commit/e5cce85211622554ba6906375251b43967a107ff
fixed this issue?

Revision history for this message
Alvin Penner (apenner) wrote :

running Windows 10, Inkscape 0.92+devel (322689f, 2018-11-03) (32 bit)

I can no longer reproduce this bug, it appears to be fixed.

Revision history for this message
Patrick Storz (ede123) wrote :

OK, great! Thanks for testing!

Changed in inkscape:
assignee: nobody → Mc (mc...)
milestone: none → 1.0
tags: added: backport-proposed
Changed in inkscape:
status: Triaged → Fix Committed
Revision history for this message
Patrick Storz (ede123) wrote :

Backported to 0.92.x in
  https://gitlab.com/inkscape/inkscape/commit/1d2574f62eba01c4593beee0e14b1e00c8ddf9ed

tags: removed: backport-proposed
Changed in inkscape:
milestone: 1.0 → 0.92.4
Bryce Harrington (bryce)
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.