Skip to content

Crash when opening large PNG

Migrated from https://bugs.launchpad.net/inkscape/+bug/1484149

Dear Maintainers,

I would like to report a bug where a large PNG file can crash Inkscape.

This one appeared after fixing another bug in GDK-pixbuf which caused Inkscape to crash too: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795277 https://bugs.launchpad.net/inkscape/+bug/1483061

Affected Inkscape versions: 0.91 (unsure about 0.45) OS: Debian 8.1 x64 Memory: 24 GiB

Steps to reproduce the crash:

  1. save the attached PNG image to a folder
  2. make sure that the GDK-pixbuf-bug mentioned above is fixed (!)
  3. start inkscape
  4. click on 'file' -> 'open'
  5. select the PNG file (important: deselect 'preview' to avoid a third bug which I reported here too)
  6. inkscape crashes

I've been able to get additional information with GDB:

[New Thread 0x7fffe3030700 (LWP 84746)]

Program received signal SIGSEGV, Segmentation fault.
0x00000000006ce2d0 in convert_pixels_pixbuf_to_argb32 (data=0x7ffdfe07a010 "", w=27000, 
    h=27000, stride=108000) at display/cairo-utils.cpp:1213
1213                *px = argb32_from_pixbuf(*px);
(gdb) bt
#0  0x00000000006ce2d0 in convert_pixels_pixbuf_to_argb32 (data=0x7ffdfe07a010 "", w=27000, 
    h=27000, stride=108000) at display/cairo-utils.cpp:1213
#1  0x00000000006cb4c9 in Inkscape::Pixbuf::ensurePixelFormat (this=0x79550f0, 
    fmt=Inkscape::Pixbuf::PF_CAIRO) at display/cairo-utils.cpp:488
#2  0x00000000006cb088 in Inkscape::Pixbuf::getSurfaceRaw (this=0x79550f0, convert_format=true)
    at display/cairo-utils.cpp:367
#3  0x00000000006f3d63 in Inkscape::DrawingImage::_renderItem (this=0x79881b0, dc=...)
    at display/drawing-image.cpp:123
#4  0x00000000006f7078 in Inkscape::DrawingItem::render (this=0x79881b0, dc=..., area=..., 
    flags=0, stop_at=0x0) at display/drawing-item.cpp:741
#5  0x00000000006f2c15 in Inkscape::DrawingGroup::_renderItem (this=0x7988080, dc=..., 
    area=..., flags=0, stop_at=0x0) at display/drawing-group.cpp:106
#6  0x00000000006f7078 in Inkscape::DrawingItem::render (this=0x7988080, dc=..., area=..., 
    flags=0, stop_at=0x0) at display/drawing-item.cpp:741
#7  0x00000000006f2c15 in Inkscape::DrawingGroup::_renderItem (this=0x36a0350, dc=..., 
    area=..., flags=0, stop_at=0x0) at display/drawing-group.cpp:106
#8  0x00000000006f7078 in Inkscape::DrawingItem::render (this=0x36a0350, dc=..., area=..., 
    flags=0, stop_at=0x0) at display/drawing-item.cpp:741
#9  0x00000000006ee57e in Inkscape::Drawing::render (this=0x36fc108, dc=..., area=..., flags=0)
    at display/drawing.cpp:173
#10 0x00000000006d0d39 in sp_canvas_arena_render (item=0x36fc040, buf=0x7fffffffd850)
    at display/canvas-arena.cpp:222
#11 0x00000000007414da in SPCanvasGroup::render (item=0x36378e0, buf=0x7fffffffd850)
    at display/sp-canvas.cpp:1132
#12 0x00000000007414da in SPCanvasGroup::render (item=0x35d2840, buf=0x7fffffffd850)
    at display/sp-canvas.cpp:1132
#13 0x0000000000743290 in SPCanvasImpl::sp_canvas_paint_single_buffer (canvas=0x35da000, 
    paint_rect=..., canvas_rect=...) at display/sp-canvas.cpp:1906
#14 0x0000000000743681 in SPCanvasImpl::sp_canvas_paint_rect_internal (setup=0x7fffffffdcf0, 
    this_rect=...) at display/sp-canvas.cpp:2018
#15 0x00000000007439fe in SPCanvasImpl::sp_canvas_paint_rect_internal (setup=0x7fffffffdcf0, 
    this_rect=...) at display/sp-canvas.cpp:2069
---Type <return> to continue, or q <return> to quit--- 
#16 0x00000000007439fe in SPCanvasImpl::sp_canvas_paint_rect_internal (setup=0x7fffffffdcf0, 
    this_rect=...) at display/sp-canvas.cpp:2069
#17 0x00000000007439fe in SPCanvasImpl::sp_canvas_paint_rect_internal (setup=0x7fffffffdcf0, 
    this_rect=...) at display/sp-canvas.cpp:2069
#18 0x00000000007439fe in SPCanvasImpl::sp_canvas_paint_rect_internal (setup=0x7fffffffdcf0, 
    this_rect=...) at display/sp-canvas.cpp:2069
#19 0x0000000000743cea in SPCanvasImpl::sp_canvas_paint_rect (canvas=0x35da000, xx0=-752, 
    yy0=-704, xx1=432, yy1=16) at display/sp-canvas.cpp:2127
#20 0x00000000007442ab in SPCanvasImpl::paint (canvas=0x35da000) at display/sp-canvas.cpp:2267
#21 0x00000000007443fa in SPCanvasImpl::do_update (canvas=0x35da000)
    at display/sp-canvas.cpp:2302
#22 0x0000000000744479 in SPCanvasImpl::idle_handler (data=0x35da000)
    at display/sp-canvas.cpp:2318
#23 0x00007ffff67e3d97 in gdk_threads_dispatch (data=0x367df60)
    at /build/gtk+2.0-czQfyJ/gtk+2.0-2.24.25/gdk/gdk.c:534
#24 0x00007ffff0ee7b6d in g_main_dispatch (context=0x18fd610)
    at /tmp/buildd/glib2.0-2.42.1/./glib/gmain.c:3111
#25 g_main_context_dispatch (context=context@entry=0x18fd610)
    at /tmp/buildd/glib2.0-2.42.1/./glib/gmain.c:3710
#26 0x00007ffff0ee7f48 in g_main_context_iterate (context=0x18fd610, block=block@entry=1, 
    dispatch=dispatch@entry=1, self=<optimized out>)
    at /tmp/buildd/glib2.0-2.42.1/./glib/gmain.c:3781
#27 0x00007ffff0ee8272 in g_main_loop_run (loop=0x3703a10)
    at /tmp/buildd/glib2.0-2.42.1/./glib/gmain.c:3975
#28 0x00007ffff6bac597 in IA__gtk_main ()
    at /build/gtk+2.0-czQfyJ/gtk+2.0-2.24.25/gtk/gtkmain.c:1257
#29 0x000000000044ffc3 in sp_main_gui (argc=1, argv=0x7fffffffe338) at main.cpp:1075
#30 0x000000000044f580 in main (argc=1, argv=0x7fffffffe338) at main.cpp:789

Best regards vigri

large-PNG

Edited by Nathan Lee
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information