Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 156443 - Using some functions crashes Inkscape
Summary: Using some functions crashes Inkscape
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: inkscape
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Phillip Compton
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 157778 (view as bug list)
Depends On: 156219 156228
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-30 11:41 UTC by Simon Lanzmich
Modified: 2007-11-30 22:11 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-05-31 17:04:26 UTC


Attachments (Terms of Use)

Description Simon Lanzmich 2005-04-30 11:41:32 UTC
Description of problem:
Using inkscape, several functions crash the program. For example, when I
press Shift+Ctrl+F to open the Fill and Stroke dialog or select the Keyboard
shortcut help from the menu, it crashes. Some other dialogs, for example the
Text + Font dialog opens correctly. I have installed inkscape via yum from
extras-development and have a fully updated FC4-test2 system.

Version-Release number of selected component (if applicable):
0.41-1

How reproducible:
Always

Steps to Reproduce:
1. Open Inkscape
2. Press Shift+Ctrl+F
  
Actual results:
Inkscape crashes and gives the following output:

[simon@simon ~]$ inkscape
*** glibc detected *** inkscape: free(): invalid pointer:
0x0000000001cb01a0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x394c56a3de]
/lib64/libc.so.6(__libc_free+0x6e)[0x394c56a90e]
inkscape(_ZNSt10_List_baseIN4sigc9slot_baseESaIS1_EE8_M_clearEv
+0x28)[0x4ab848]
/usr/lib64/libsigc-2.0.so.0(_ZN4sigc11signal_baseD2Ev
+0x37)[0x35db203bcf]
inkscape(_ZN8Inkscape12URIReferenceD2Ev+0x26)[0x50d9a6]
inkscape(_ZN19SPClipPathReferenceD0Ev+0x10)[0x4d9bc0]
inkscape[0x4d5f73]
/usr/lib64/libgobject-2.0.so.0(g_closure_invoke+0xfb)[0x394dc0a27d]
/usr/lib64/libgobject-2.0.so.0[0x394dc17489]
/usr/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x696)[0x394dc1880c]
/usr/lib64/libgobject-2.0.so.0(g_signal_emit+0x83)[0x394dc18bb7]
inkscape(_Z24sp_object_invoke_releaseP8SPObject+0xa1)[0x4dfd51]
inkscape(_Z16sp_object_detachP8SPObjectS0_+0xeb)[0x4e09eb]
inkscape(_Z22sp_object_detach_unrefP8SPObjectS0_+0x97)[0x4e0b57]
inkscape(_ZN8Inkscape3XML10SimpleNode11removeChildEP6SPRepr
+0xdd)[0x5c29fd]
inkscape(_ZN8SPObject12deleteObjectEbb+0x110)[0x4e2580]
inkscape[0x589d40]
inkscape[0x58a52c]
inkscape(_Z31sp_stroke_style_line_widget_newv+0x79f)[0x58d88f]
inkscape(_Z27sp_object_properties_dialogv+0x351)[0x5847a1]
inkscape(_Z17sp_action_performP8SPActionPv+0x9f)[0x60fb7f]
inkscape(_Z18sp_shortcut_invokejP6SPView+0x28)[0x4c0498]
inkscape[0x6125d8]
/usr/lib64/libgtk-x11-2.0.so.0[0x31b1f03792]
/usr/lib64/libgobject-2.0.so.0(g_closure_invoke+0xfb)[0x394dc0a27d]
/usr/lib64/libgobject-2.0.so.0[0x394dc178eb]
/usr/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x3ce)[0x394dc18544]
/usr/lib64/libgobject-2.0.so.0(g_signal_emit+0x83)[0x394dc18bb7]
/usr/lib64/libgtk-x11-2.0.so.0[0x31b1fc79f8]
/usr/lib64/libgtk-x11-2.0.so.0(gtk_propagate_event+0x191)[0x31b1f021c1]
/usr/lib64/libgtk-x11-2.0.so.0(gtk_main_do_event+0x310)[0x31b1f024f4]
/usr/lib64/libgdk-x11-2.0.so.0[0x31b2240051]
/usr/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x1d5)[0x394c32499e]
/usr/lib64/libglib-2.0.so.0[0x394c327644]
/usr/lib64/libglib-2.0.so.0(g_main_loop_run+0x192)[0x394c327b30]
/usr/lib64/libgtk-x11-2.0.so.0(gtk_main+0xa1)[0x31b1f01a75]
inkscape(_Z11sp_main_guiiPPKc+0x153)[0x4a7fe3]
inkscape(main+0x19e)[0x4a826e]
/lib64/libc.so.6(__libc_start_main+0xdc)[0x394c51c49c]
inkscape(_ZN3Gtk10CellLayoutD1Ev+0x6a)[0x4a723a]
======= Memory map: ========
00400000-00804000 r-xp 00000000 08:08
135402                             /usr/bin/inkscape
00903000-00937000 rw-p 00403000 08:08
135402                             /usr/bin/inkscape
00937000-01fb4000 rw-p 00937000 00:00 0
[heap]
31b0400000-31b0408000 r-xp 00000000 08:08
136971                         /usr/X11R6/lib64/libXrender.so.1.2.2
31b0408000-31b0508000 ---p 00008000 08:08
136971                         /usr/X11R6/lib64/libXrender.so.1.2.2
31b0508000-31b0509000 rw-p 00008000 08:08
136971                         /usr/X11R6/lib64/libXrender.so.1.2.2
31b0600000-31b0603000 r-xp 00000000 08:08
137213                         /usr/X11R6/lib64/libXrandr.so.2.0
31b0603000-31b0702000 ---p 00003000 08:08
137213                         /usr/X11R6/lib64/libXrandr.so.2.0
31b0702000-31b0703000 rw-p 00002000 08:08
137213                         /usr/X11R6/lib64/libXrandr.so.2.0
31b0800000-31b0809000 r-xp 00000000 08:08
138455                         /usr/X11R6/lib64/libXcursor.so.1.0.2
31b0809000-31b0909000 ---p 00009000 08:08
138455                         /usr/X11R6/lib64/libXcursor.so.1.0.2
31b0909000-31b090a000 rw-p 00009000 08:08
138455                         /usr/X11R6/lib64/libXcursor.so.1.0.2
31b0a00000-31b0a14000 r-xp 00000000 08:08
140021                         /usr/X11R6/lib64/libXft.so.2.1.2
31b0a14000-31b0b13000 ---p 00014000 08:08
140021                         /usr/X11R6/lib64/libXft.so.2.1.2
31b0b13000-31b0b14000 rw-p 00013000 08:08
140021                         /usr/X11R6/lib64/libXft.so.2.1.2
31b0c00000-31b0c0b000 r-xp 00000000 08:08
140577                         /usr/lib64/libpangox-1.0.so.0.800.1
31b0c0b000-31b0d0b000 ---p 0000b000 08:08
140577                         /usr/lib64/libpangox-1.0.so.0.800.1
31b0d0b000-31b0d0c00
Emergency save activated!
Emergency save completed. Inkscape will close now.
If you can reproduce this crash, please file a bug at www.inkscape.org
with a detailed description of the steps leading to the crash, so we can
fix it.

Expected results:
The Fill and Stroke dialog should open.

Additional info:

Comment 1 Michael Schwendt 2005-04-30 13:10:34 UTC
Just for the record, i386 is affected, too. Could be improper usage of libsigc++20.

(gdb) bt
#0  0x0089c7e2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00e212dc in raise () from /lib/libc.so.6
#2  0x00e22a28 in abort () from /lib/libc.so.6
#3  0x00e5608a in __libc_message () from /lib/libc.so.6
#4  0x00e5bf94 in _int_free () from /lib/libc.so.6
#5  0x00e5c4cf in free () from /lib/libc.so.6
#6  0x0096b7a9 in operator delete () from /usr/lib/libstdc++.so.6
#7  0x080ddf69 in std::_List_base<sigc::slot_base, std::allocator<sigc::slot_bas
e> >::_M_clear (this=0xa18de48)
    at /usr/lib/gcc/i386-redhat-linux/3.4.2/../../../../include/c++/3.4.2/ext/ne
w_allocator.h:86
#8  0x00de6449 in ~signal_base (this=0xa18de30)
    at /usr/lib/gcc/i386-redhat-linux/4.0.0/../../../../include/c++/4.0.0/bits/s
tl_list.h:332
#9  0x0813d8d8 in ~URIReference (this=0xa18de18) at uri-references.h:94
#10 0x0810b0e8 in ~SPClipPathReference (this=0xa18de18) at sp-item.cpp:310
#11 0x081076b6 in sp_item_release (object=0x9eebff4) at sp-item.cpp:310
#12 0x00331817 in g_cclosure_marshal_VOID__VOID ()
   from /usr/lib/libgobject-2.0.so.0
#13 0x00325d9b in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0
#14 0x00326285 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#15 0x00334c96 in g_signal_stop_emission () from /usr/lib/libgobject-2.0.so.0
#16 0x00335ee0 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
---Type <return> to continue, or q <return> to quit---


Comment 2 Denis Leroy 2005-05-01 04:07:23 UTC
I was able to reproduce the problem. I think this is a binary incompatibility
between the currently available inkscape RPM and the libstdc++ library from
gcc4. It needs to be rebuilt, however i was UNABLE to recompile the inkscape
SRPM: it fails from something that looks like a gcc4 incompatibility related to
bug 156219 (the current gtkmm24s don't build either).

Now for the good news. Inkscape builds and works just fine with the recently
updated libsigc++20-2.0.11, gtkmm24-2.6.2 and glibmm24-2.6.1. All of inkscape
features and dialog boxes work.

I will add the appropriate rebuild requests to the FC4 status page.


Comment 3 Michael Schwendt 2005-05-01 09:25:32 UTC
Thanks for looking into it! For destructor related crashes, that sounds like a
theory indeed. Actually, Inkscape was one of the packages, which failed to
rebuild after the automated release version bump, which I later filed as bug 156228.


Comment 4 Jef Spaleta 2005-05-15 13:55:05 UTC
*** Bug 157778 has been marked as a duplicate of this bug. ***

Comment 5 Michael Schwendt 2005-05-31 17:04:26 UTC
inkscape-0.41-7, which should appear in Fedora Extras Development soon, should
fix this.



Note You need to log in before you can comment on or make changes to this bug.