Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1608371
| Summary: | Inkscape crashes on selecting boxed text | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | wqfu <wqfu> | ||||||
| Component: | inkscape | Assignee: | Gwyn Ciesla <gwync> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | urgent | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 29 | CC: | adam.matejko, doug.hs, duffy, edlefebvre, gwync, jman012345, jonathan.underwood, kas, lkundrak, pip, rlerch, smrtsmart, tspiteri, wqfu | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | inkscape-0.92.4-1.fc29 | Doc Type: | If docs needed, set a value | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2019-01-21 02:02:28 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
wqfu
2018-07-25 12:13:25 UTC
Can be related to https://bugzilla.redhat.com/show_bug.cgi?id=1575842 I can reproduce this bug with inkscape.x86_64 0.92.3-2.fc28 If I understand the original description correctly, the bug occurs when dragging the cursor left to right to select text, when the last character is selected. I was able to reproduce this bug with inkscape.x86_64 0.92.3-2.fc28 as well. During one test, I typed an underscore as the last character, and attempting to select the entire text did not crash the program, but it also did not select the underscore. When the underscore was replaced by an alphabetical character, Inkscape crashed upon selecting the entire text. Compiled Inkscape 0.92.3 from source (available from https://inkscape.org/en/release/0.92.3/platforms/) and the bug is not present. Simply re-compiling with all dependencies updated and updating the package in the repository should be enough to fix this bug. Crash every time one tries to select the last letter using the mouse. Inkscape 0.92.3 (2405546, 2018-03-11) Fedora 28. I see this also on F29 with inkscape-0.92.3-5.fc29.x86_64. The crash message written to the terminal is this: /usr/include/c++/8/bits/stl_vector.h:950: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) const [with _Tp = Inkscape::Text::Layout::Character; _Alloc = std::allocator<Inkscape::Text::Layout::Character>; std::vector<_Tp, _Alloc>::const_reference = const Inkscape::Text::Layout::Character&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed. Emergency save activated! Emergency save completed. Inkscape will close now. If you can reproduce this crash, please file a bug at www.inkscape.org with a detailed description of the steps leading to the crash, so we can fix it. Aborted (core dumped) It is not even necessary to try to _select_ the last character, just clicking after it makes inkscape crash - is there an upstream bug for this? Created attachment 1506073 [details]
Screencast with a simple way how to reproduce this
Reported upstream as https://bugs.launchpad.net/inkscape/+bug/1803553 Fedora 29 / Inkscape 0.92.3 (2405546, 2018-03-11) Error when selecting text: /usr/include/c++/8/bits/stl_vector.h:950: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) const [with _Tp = Inkscape::Text::Layout::Character; _Alloc = std::allocator<Inkscape::Text::Layout::Character>; std::vector<_Tp, _Alloc>::const_reference = const Inkscape::Text::Layout::Character&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed. Emergency save activated! Emergency save completed. Inkscape will close now. If you can reproduce this crash, please file a bug at www.inkscape.org with a detailed description of the steps leading to the crash, so we can fix it. /usr/include/c++/8/bits/stl_vector.h:950: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) const [with _Tp = Inkscape::Text::Layout::Character; _Alloc = std::allocator<Inkscape::Text::Layout::Character>; std::vector<_Tp, _Alloc>::const_reference = const Inkscape::Text::Layout::Character&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed. Aborted (core dumped) Created attachment 1507984 [details]
dumped core
Can reproduce on inkscape-0.92.3-5.fc29
I kept hitting this as well. After some digging, I found that: * _cursorXOnLineToIterator is setting best_char_index == _characters.size() * and then returning iterator(this, best_char_index), * which has an initializer saying _glyph_index(p->_characters[c].in_glyph) That is an out-of-bounds access of p->_characters, which I believe is causing the abort. inkscape-0.92.3-9.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-7f9bfd58d0 inkscape-0.92.3-9.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-7f9bfd58d0 inkscape-0.92.3-9.fc29 does not crash anymore for me, but not only I am not able to click on the existing text object for editing after the last character, but apparently also between the second-to-last and the last character. This is an unusual off-by-two error :-) inkscape-0.92.3-10.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-5de93d92bd inkscape-0.92.3-11.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-85f17f2be2 inkscape-0.92.3-11.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-85f17f2be2 inkscape-0.92.3-11.fc29 works for me, thanks! inkscape-0.92.4-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-1dd63e1bd4 inkscape-0.92.4-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-1dd63e1bd4 inkscape-0.92.4-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. |