Inkscape

Crash when closing a file

Bug #1600289 reported by John on 2016-07-08

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	Inkscape	Triaged	High	Unassigned

Bug Description

Fairly predictably (once each 6 actions, Inkscape (0.91) crashes on Ctl-W (close drawing). I edited more than 120 SVG drawings, using the following action sequence:

Ctl-O Open the next image
Edit this image
Ctl-S Save the image
Ctl-W Close the image

Ignoring a couple of operator errors, the crash occurs every 6 (maybe 7) editions, each time on the Ctl_W.

Running from gdb, this is the backtrace:

(gdb) bt
#0 0x000000000048c755 in issueClearUndo (this=0x1d0ab70) at composite-undo-stack-observer.h:92
#1 Inkscape::CompositeUndoStackObserver::notifyClearUndoEvent (this=0xa219a18) at composite-undo-stack-observer.cpp:86
#2 0x00000000004b8a35 in Inkscape::DocumentUndo::clearUndo (doc=doc@entry=0x53f40d0) at document-undo.cpp:328
#3 0x00000000004af717 in SPDocument::~SPDocument (this=this@entry=0x53f40d0, __in_chrg=<optimized out>)
    at document.cpp:164
#4 0x00000000004afd59 in SPDocument::~SPDocument (this=0x53f40d0, __in_chrg=<optimized out>) at document.cpp:232
#5 0x0000000000a521c3 in Inkscape::UI::View::View::setDocument (this=this@entry=0x2e91c00, doc=0x53f49c0)
    at ui/view/view.cpp:116
#6 0x0000000000499465 in SPDesktop::setDocument (this=0x2e91c00, doc=0x53f49c0) at desktop.cpp:1596
#7 0x00000000004938c7 in SPDesktop::change_document (this=this@entry=0x2e91c00,
    theDocument=theDocument@entry=0x53f49c0) at desktop.cpp:663
#8 0x00000000004f1f0e in sp_ui_close_view () at interface.cpp:329
#9 0x0000000000a4b08e in Inkscape::UI::Tools::ToolBase::root_handler (this=this@entry=0x3263d30,
    event=event@entry=0x4a29960) at ui/tools/tool-base.cpp:633
#10 0x0000000000a3849b in Inkscape::UI::Tools::SelectTool::root_handler (this=0x3263d30, event=0x4a29960)
    at ui/tools/select-tool.cpp:1221
#11 0x0000000000a48dca in Inkscape::UI::Tools::sp_event_context_virtual_root_handler (event_context=<optimized out>,
    event=0x4a29960) at ui/tools/tool-base.cpp:999
#12 0x0000000000a49ef6 in Inkscape::UI::Tools::sp_event_context_root_handler (event_context=<optimized out>,
    event=event@entry=0x4a29960) at ui/tools/tool-base.cpp:987
#13 0x000000000049bd33 in sp_desktop_root_handler (event=0x4a29960, desktop=0x2e91c00) at desktop-events.cpp:75
#14 0x0000000000717dbf in sp_marshal_BOOLEAN__POINTER (closure=0x315bb80, return_value=0x7fffffffce90,
    n_param_values=<optimized out>, param_values=0x7fffffffcdc0, invocation_hint=<optimized out>, marshal_data=0x0)
    at helper/sp-marshal.cpp:124
#15 0x00007ffff0504c68 in g_closure_invoke (closure=0x315bb80, return_value=return_value@entry=0x7fffffffce90,
    n_param_values=2, param_values=param_values@entry=0x7fffffffcdc0,
    invocation_hint=invocation_hint@entry=0x7fffffffcd60) at gclosure.c:801
#16 0x00007ffff051703d in signal_emit_unlocked_R (node=node@entry=0x2e06e40, detail=detail@entry=0,
    instance=instance@entry=0x3095630, emission_return=emission_return@entry=0x7fffffffce90,
    instance_and_params=instance_and_params@entry=0x7fffffffcdc0) at gsignal.c:3627
#17 0x00007ffff051ef18 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>,
    detail=<optimized out>, var_args=var_args@entry=0x7fffffffcf48) at gsignal.c:3393
#18 0x00007ffff051f542 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>)
    at gsignal.c:3439
#19 0x0000000000657f91 in SPCanvasImpl::emitEvent (canvas=<optimized out>, event=0x4a2b960)
    at display/sp-canvas.cpp:1599
#20 0x00007ffff69b1b25 in _gtk_marshal_BOOLEAN__BOXED (closure=0x1419ba0, return_value=0x7fffffffd170,
    n_param_values=<optimized out>, param_values=0x7fffffffd220, invocation_hint=<optimized out>,
    marshal_data=0x658140 <SPCanvasImpl::handleKeyEvent(_GtkWidget*, _GdkEventKey*)>) at gtkmarshalers.c:86
#21 0x00007ffff0504be2 in g_closure_invoke (closure=closure@entry=0x1419ba0,
    return_value=return_value@entry=0x7fffffffd170, n_param_values=2, param_values=param_values@entry=0x7fffffffd220,
    invocation_hint=invocation_hint@entry=0x7fffffffd1c0) at gclosure.c:801
#22 0x00007ffff0516dfb in signal_emit_unlocked_R (node=node@entry=0x1419850, detail=detail@entry=0,
    instance=instance@entry=0x2e0b000, emission_return=emission_return@entry=0x7fffffffd2f0,
    instance_and_params=instance_and_params@entry=0x7fffffffd220) at gsignal.c:3665
#23 0x00007ffff051ef18 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>,
    detail=<optimized out>, var_args=var_args@entry=0x7fffffffd3a8) at gsignal.c:3393
#24 0x00007ffff051f542 in g_signal_emit (instance=instance@entry=0x2e0b000, signal_id=<optimized out>,
    detail=detail@entry=0) at gsignal.c:3439
#25 0x00007ffff6ac1634 in gtk_widget_event_internal (widget=widget@entry=0x2e0b000, event=event@entry=0x4a2b960)
    at gtkwidget.c:5010
#26 0x00007ffff6ac1909 in IA__gtk_widget_event (widget=widget@entry=0x2e0b000, event=event@entry=0x4a2b960)
    at gtkwidget.c:4807
#27 0x00007ffff6ad4e4b in IA__gtk_window_propagate_key_event (window=window@entry=0x39636f0,
    event=event@entry=0x4a2b960) at gtkwindow.c:5199
#28 0x00007ffff6ad754b in gtk_window_key_press_event (widget=0x39636f0, event=0x4a2b960) at gtkwindow.c:5229
#29 0x00007ffff69b1b25 in _gtk_marshal_BOOLEAN__BOXED (closure=0x1419ba0, return_value=0x7fffffffd620,
    n_param_values=<optimized out>, param_values=0x7fffffffd6d0, invocation_hint=<optimized out>, marshal_data=
    0x7ffff7892380 <Gtk::Widget_Class::key_press_event_callback(_GtkWidget*, _GdkEventKey*)>) at gtkmarshalers.c:86
#30 0x00007ffff0504c68 in g_closure_invoke (closure=closure@entry=0x1419ba0,
    return_value=return_value@entry=0x7fffffffd620, n_param_values=2, param_values=param_values@entry=0x7fffffffd6d0,
    invocation_hint=invocation_hint@entry=0x7fffffffd670) at gclosure.c:801
#31 0x00007ffff0516dfb in signal_emit_unlocked_R (node=node@entry=0x1419850, detail=detail@entry=0,
    instance=instance@entry=0x39636f0, emission_return=emission_return@entry=0x7fffffffd7a0,
    instance_and_params=instance_and_params@entry=0x7fffffffd6d0) at gsignal.c:3665
#32 0x00007ffff051ef18 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>,
    detail=<optimized out>, var_args=var_args@entry=0x7fffffffd858) at gsignal.c:3393
#33 0x00007ffff051f542 in g_signal_emit (instance=instance@entry=0x39636f0, signal_id=<optimized out>,
    detail=detail@entry=0) at gsignal.c:3439
#34 0x00007ffff6ac1634 in gtk_widget_event_internal (widget=widget@entry=0x39636f0, event=event@entry=0x4a2b960)
    at gtkwidget.c:5010
#35 0x00007ffff6ac1909 in IA__gtk_widget_event (widget=widget@entry=0x39636f0, event=event@entry=0x4a2b960)
    at gtkwidget.c:4807
#36 0x00007ffff69b03a7 in IA__gtk_propagate_event (widget=widget@entry=0x39636f0, event=event@entry=0x4a2b960)
    at gtkmain.c:2464
#37 0x00007ffff69b068b in IA__gtk_main_do_event (event=0x4a2b960) at gtkmain.c:1685
#38 0x00007ffff662b80c in gdk_event_dispatch (source=<optimized out>, callback=<optimized out>,
    user_data=<optimized out>) at gdkevents-x11.c:2403
#39 0x00007fffefee66f4 in g_main_dispatch (context=0x1312ae0) at gmain.c:3154
#40 g_main_context_dispatch (context=context@entry=0x1312ae0) at gmain.c:3769
#41 0x00007fffefee6948 in g_main_context_iterate (context=0x1312ae0, block=block@entry=1, dispatch=dispatch@entry=1,
    self=<optimized out>) at gmain.c:3840
#42 0x00007fffefee6c0a in g_main_loop_run (loop=0x315e910) at gmain.c:4034
#43 0x00007ffff69af777 in IA__gtk_main () at gtkmain.c:1257
#44 0x0000000000476fcc in sp_main_gui (argc=1, argv=0x7fffffffdd88) at main.cpp:1075
#45 0x00007fffef04ab75 in __libc_start_main () from /lib64/libc.so.6
#46 0x0000000000473719 in _start () at ../sysdeps/x86_64/start.S:118

Tags:

jazzynico (jazzynico) on 2016-08-07

Changed in inkscape:
importance:	Undecided → High
tags:	added: crash

Revision history for this message

Serg Iv (sergiv) wrote on 2017-02-17:

Download full text (6.5 KiB)

I guess I have the same crash in Win 7 x64 and Archlinux x64. x32 version is much stable at least on Win.

Backtraces:

win7 x64:

Thread 1 received signal SIGSEGV, Segmentation fault.
0x000000006e11de88 in Inkscape::CompositeUndoStackObserver::notifyClearUndoEvent() () from C:\inkscape\libinkscape_base.dll
(gdb) bt
#0 0x000000006e11de88 in Inkscape::CompositeUndoStackObserver::notifyClearUndoEvent() () from C:\inkscape\libinkscape_base.dll
#1 0x000000006e13f56e in Inkscape::DocumentUndo::clearUndo(SPDocument*) () from C:\inkscape\libinkscape_base.dll
#2 0x000000006e1443a0 in SPDocument::~SPDocument() () from C:\inkscape\libinkscape_base.dll
#3 0x000000006e14464d in SPDocument::~SPDocument() () from C:\inkscape\libinkscape_base.dll
#4 0x000000006e05b2a8 in Inkscape::UI::View::View::setDocument(SPDocument*) () from C:\inkscape\libinkscape_base.dll
#5 0x000000006e1350e0 in SPDesktop::setDocument(SPDocument*) () from C:\inkscape\libinkscape_base.dll
#6 0x000000006e13280f in SPDesktop::change_document(SPDocument*) () from C:\inkscape\libinkscape_base.dll
#7 0x000000006ddcdcc7 in sp_ui_close_view(_GtkWidget*) () from C:\inkscape\libinkscape_base.dll
#8 0x000000006dcdb0ea in sp_action_perform(SPAction*, void*) () from C:\inkscape\libinkscape_base.dll
#9 0x0000000063a4732c in g_closure_invoke (closure=0x7cae970, return_value=return_value@entry=0x0, n_param_values=1,
    param_values=param_values@entry=0x22efb0, invocation_hint=invocation_hint@entry=0x22ef10) at gclosure.c:804
#10 0x0000000063a5a612 in signal_emit_unlocked_R (node=<optimized out>, node@entry=0x77c8ba0, detail=0,
    instance=instance@entry=0x81b2390, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x22efb0)
    at gsignal.c:3629
#11 0x0000000063a63f5d in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=177410976,
    var_args=<optimized out>) at gsignal.c:3385
#12 0x0000000063a64238 in g_signal_emit (instance=0x6e11ddf0 <Inkscape::CompositeUndoStackObserver::notifyClearUndoEvent()>,
    signal_id=109694048, detail=32768) at gsignal.c:3441
#13 0x0000000061a30639 in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#14 0x00000000618c2ba9 in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#15 0x00000000618c2fed in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#16 0x00000000618b4275 in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#17 0x00000000618a837b in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#18 0x0000000063a4732c in g_closure_invoke (closure=closure@entry=0x77a3210, return_value=return_value@entry=0x22f4d0, n_param_values=2,
---Type <return> to continue, or q <return> to quit---
    param_values=param_values@entry=0x22f5c0, invocation_hint=invocation_hint@entry=0x22f520) at gclosure.c:804
#19 0x0000000063a5abe5 in signal_emit_unlocked_R (node=<optimized out>, detail=0, instance=instance@entry=0x80ae2a0,
    emission_return=emission_return@entry=0x22f680, instance_and_params=instance_and_params@entry=0x22f5c0) at gsignal.c:3667
#20 0x0000000063a63b53 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=2291864,
    var_args=<optimized out>) at gsignal.c:3395
#21 0x00000...

I guess I have the same crash in Win 7 x64 and Archlinux x64. x32 version is much stable at least on Win.

Backtraces:

win7 x64:

Thread 1 received signal SIGSEGV, Segmentation fault.
0x000000006e11de88 in Inkscape::CompositeUndoStackObserver::notifyClearUndoEvent() () from C:\inkscape\libinkscape_base.dll
(gdb) bt
#0  0x000000006e11de88 in Inkscape::CompositeUndoStackObserver::notifyClearUndoEvent() () from C:\inkscape\libinkscape_base.dll
#1  0x000000006e13f56e in Inkscape::DocumentUndo::clearUndo(SPDocument*) () from C:\inkscape\libinkscape_base.dll
#2  0x000000006e1443a0 in SPDocument::~SPDocument() () from C:\inkscape\libinkscape_base.dll
#3  0x000000006e14464d in SPDocument::~SPDocument() () from C:\inkscape\libinkscape_base.dll
#4  0x000000006e05b2a8 in Inkscape::UI::View::View::setDocument(SPDocument*) () from C:\inkscape\libinkscape_base.dll
#5  0x000000006e1350e0 in SPDesktop::setDocument(SPDocument*) () from C:\inkscape\libinkscape_base.dll
#6  0x000000006e13280f in SPDesktop::change_document(SPDocument*) () from C:\inkscape\libinkscape_base.dll
#7  0x000000006ddcdcc7 in sp_ui_close_view(_GtkWidget*) () from C:\inkscape\libinkscape_base.dll
#8  0x000000006dcdb0ea in sp_action_perform(SPAction*, void*) () from C:\inkscape\libinkscape_base.dll
#9  0x0000000063a4732c in g_closure_invoke (closure=0x7cae970, return_value=return_value@entry=0x0, n_param_values=1,
    param_values=param_values@entry=0x22efb0, invocation_hint=invocation_hint@entry=0x22ef10) at gclosure.c:804
#10 0x0000000063a5a612 in signal_emit_unlocked_R (node=<optimized out>, node@entry=0x77c8ba0, detail=0,
    instance=instance@entry=0x81b2390, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x22efb0)
    at gsignal.c:3629
#11 0x0000000063a63f5d in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=177410976,
    var_args=<optimized out>) at gsignal.c:3385
#12 0x0000000063a64238 in g_signal_emit (instance=0x6e11ddf0 <Inkscape::CompositeUndoStackObserver::notifyClearUndoEvent()>,
    signal_id=109694048, detail=32768) at gsignal.c:3441
#13 0x0000000061a30639 in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#14 0x00000000618c2ba9 in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#15 0x00000000618c2fed in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#16 0x00000000618b4275 in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#17 0x00000000618a837b in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#18 0x0000000063a4732c in g_closure_invoke (closure=closure@entry=0x77a3210, return_value=return_value@entry=0x22f4d0, n_param_values=2,
---Type <return> to continue, or q <return> to quit---
    param_values=param_values@entry=0x22f5c0, invocation_hint=invocation_hint@entry=0x22f520) at gclosure.c:804
#19 0x0000000063a5abe5 in signal_emit_unlocked_R (node=<optimized out>, detail=0, instance=instance@entry=0x80ae2a0,
    emission_return=emission_return@entry=0x22f680, instance_and_params=instance_and_params@entry=0x22f5c0) at gsignal.c:3667
#20 0x0000000063a63b53 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=2291864,
    var_args=<optimized out>) at gsignal.c:3395
#21 0x0000000063a64238 in g_signal_emit (instance=0x6e11ddf0 <Inkscape::CompositeUndoStackObserver::notifyClearUndoEvent()>,
    signal_id=109694048, detail=32768) at gsignal.c:3441
#22 0x0000000061a319bd in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#23 0x00000000618a6881 in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#24 0x00000000618a6ccb in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#25 0x000000006c39261c in ?? () from C:\inkscape\libgdk-win32-2.0-0.dll
#26 0x00000000686094e1 in g_main_dispatch (context=0x4bef710) at gmain.c:3154
#27 g_main_context_dispatch (context=context@entry=0x4bef710) at gmain.c:3769
#28 0x0000000068609802 in g_main_context_iterate (context=0x4bef710, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at gmain.c:3840
#29 0x000000006860a083 in g_main_loop_run (loop=0x61129e0) at gmain.c:4034
#30 0x00000000618a59e0 in ?? () from C:\inkscape\libgtk-win32-2.0-0.dll
#31 0x000000000040631e in sp_main_gui(int, char const**) ()
#32 0x000000000040e05f in main ()

Arch x64:

Thread 1 "inkscape" received signal SIGSEGV, Segmentation fault.
0x00000000006c8645 in Inkscape::CompositeUndoStackObserver::notifyClearUndoEvent() ()
(gdb) bt
#0  0x00000000006c8645 in Inkscape::CompositeUndoStackObserver::notifyClearUndoEvent() ()
#1  0x00000000006f9bad in Inkscape::DocumentUndo::clearUndo(SPDocument*) ()
#2  0x00000000006ea2bd in SPDocument::~SPDocument() ()
#3  0x00000000006ea539 in SPDocument::~SPDocument() ()
#4  0x0000000000d5a083 in Inkscape::UI::View::View::setDocument(SPDocument*) ()
#5  0x00000000006d4985 in SPDesktop::setDocument(SPDocument*) ()
#6  0x00000000006d22c7 in SPDesktop::change_document(SPDocument*) ()
#7  0x0000000000b10f64 in sp_ui_close_view(_GtkWidget*) ()
#8  0x0000000000960462 in sp_action_perform(SPAction*, void*) ()
#9  0x00007ffff1b1ff75 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#10 0x00007ffff1b31f82 in  () at /usr/lib/libgobject-2.0.so.0
#11 0x00007ffff1b3abcc in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#12 0x00007ffff1b3afaf in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#13 0x00007ffff4ebfe3e in gtk_widget_activate () at /usr/lib/libgtk-x11-2.0.so.0
#14 0x00007ffff4d6194a in gtk_menu_shell_activate_item () at /usr/lib/libgtk-x11-2.0.so.0
#15 0x00007ffff4d61d86 in  () at /usr/lib/libgtk-x11-2.0.so.0
#16 0x00007ffff4d53e46 in  () at /usr/lib/libgtk-x11-2.0.so.0
#17 0x00007ffff4d48394 in  () at /usr/lib/libgtk-x11-2.0.so.0
#18 0x00007ffff1b1ff75 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#19 0x00007ffff1b3237d in  () at /usr/lib/libgobject-2.0.so.0
#20 0x00007ffff1b3a66f in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#21 0x00007ffff1b3afaf in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#22 0x00007ffff4ec11b4 in  () at /usr/lib/libgtk-x11-2.0.so.0
#23 0x00007ffff4d469c5 in gtk_propagate_event () at /usr/lib/libgtk-x11-2.0.so.0
#24 0x00007ffff4d46e3b in gtk_main_do_event () at /usr/lib/libgtk-x11-2.0.so.0
#25 0x00007ffff4969b1c in  () at /usr/lib/libgdk-x11-2.0.so.0
#26 0x00007ffff1847587 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#27 0x00007ffff18477f0 in  () at /usr/lib/libglib-2.0.so.0
#28 0x00007ffff1847b12 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#29 0x00007ffff4d45ba7 in gtk_main () at /usr/lib/libgtk-x11-2.0.so.0
#30 0x00000000006b240a in sp_main_gui(int, char const**) ()
#31 0x00007ffff066b311 in __libc_start_main () at /usr/lib/libc.so.6
#32 0x00000000006ae65a in _start ()

Revision history for this message

jazzynico (jazzynico) wrote on 2017-02-17:

John, Serg, thanks for the traces. Very useful.
To help us reproduce the bug, do you remember if there is a specific action (or a specific file) that triggers the crash?

Changed in inkscape:
status:	New → Confirmed

Revision history for this message

Serg Iv (sergiv) wrote on 2017-02-18:

1.zip Edit (46.1 KiB, application/zip)

Sorry, but the crash is not 100% reproducible. Just open any svg in Inkscape x64. Change any fill pattern, move several nodes. File->Close->Close without saving. Haven't crashed? Try again.:) Three attempts are usually enough to get the crash.
The logs above I got using attached file.

Revision history for this message

jazzynico (jazzynico) wrote on 2017-02-18:

Crash reproduced on Xubuntu 16.04, lp:inkscape/0.92.x rev. 15379 (after only two attempts).

Changed in inkscape:
status:	Confirmed → Triaged

Revision history for this message

jazzynico (jazzynico) wrote on 2017-02-18:

1600289-CloseDocument-Crash-Xubuntu-16.04-0.92.x-r15379.txt Edit (23.9 KiB, text/plain)

GDB backtrace (normal and full).

Revision history for this message

jazzynico (jazzynico) wrote on 2017-02-18:

Previous tests made with the document attached comment #3. But it can also be reproduced with a new document by drawing a small shape with the pen and closing (no need to change a color or move a node).

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.