Segfault in LPECloneOriginal::doEffect() upon copy/cut to clipboard
Steps to reproduce:
- Open attached example file: Roadmap-v2.svg
- Select one of the shaded arrows (e.g. the one labeled Test on the left side)
- Try to cut/copy the arrow to the clipboard --> Inkscape crashes with SIGSEGV
What happened?
The affected arrows have a Clone Original LPE attached to them, which links them to the black arrow templates at the top of the page. When trying to copy the arrows, Inkscape crashes with a segfault in Inkscape::LivePathEffect::LPECloneOriginal::doEffect(SPCurve*)
.
Here's a stacktrace:
#0 0x00005622f5ef2e4b in std::vector<Geom::Path, std::allocator<Geom::Path> >::operator=(std::vector<Geom::Path, std::allocator<Geom::Path> > const&) ()
#1 0x00005622f61d6cbb in Inkscape::LivePathEffect::LPECloneOriginal::doEffect(SPCurve*) ()
#2 0x00005622f5f80fac in SPLPEItem::performPathEffect(SPCurve*, bool) ()
#3 0x00005622f5f9e2cf in SPPath::update_patheffect(bool) ()
#4 0x00005622f5f9a477 in SPObject::emitModified(unsigned int) ()
#5 0x00005622f5f480aa in SPDefs::modified(unsigned int) ()
#6 0x00005622f5f9a529 in SPObject::emitModified(unsigned int) ()
#7 0x00005622f5f72842 in SPGroup::modified(unsigned int) ()
#8 0x00005622f5fa7121 in SPRoot::modified(unsigned int) ()
#9 0x00005622f5f9a529 in SPObject::emitModified(unsigned int) ()
#10 0x00005622f5e9a12d in SPDocument::_emitModified() ()
#11 0x00005622f5e9a3b2 in SPDocument::_updateDocument() ()
#12 0x00005622f5e9a3d9 in ()
#13 0x00007f39be66a7b1 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#14 0x00007f39be66c869 in () at /usr/lib/libglib-2.0.so.0
#15 0x00007f39be66d7f2 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#16 0x00007f39bfe2014e in gtk_dialog_run () at /usr/lib/libgtk-x11-2.0.so.0
#17 0x00005622f5ed8ef1 in Inkscape::Application::crash_handler(int) ()
#18 0x00007f39be0378b0 in <signal handler called> () at /usr/lib/libc.so.6
#19 0x00005622f5ef2e4b in std::vector<Geom::Path, std::allocator<Geom::Path> >::operator=(std::vector<Geom::Path, std::allocator<Geom::Path> > const&) ()
#20 0x00005622f61d6cbb in Inkscape::LivePathEffect::LPECloneOriginal::doEffect(SPCurve*) ()
#21 0x00005622f5f80fac in SPLPEItem::performPathEffect(SPCurve*, bool) ()
#22 0x00005622f5f9e2cf in SPPath::update_patheffect(bool) ()
#23 0x00005622f5f71051 in SPGroup::update_patheffect(bool) ()
#24 0x00005622f5f722ef in SPGroup::child_added(Inkscape::XML::Node*, Inkscape::XML::Node*) ()
#25 0x00005622f5fa6aa6 in SPRoot::child_added(Inkscape::XML::Node*, Inkscape::XML::Node*) ()
#26 0x00005622f629a569 in Inkscape::XML::CompositeNodeObserver::notifyChildAdded(Inkscape::XML::Node&, Inkscape::XML::Node&, Inkscape::XML::Node*) ()
#27 0x00005622f62a8100 in Inkscape::XML::SimpleNode::addChild(Inkscape::XML::Node*, Inkscape::XML::Node*) ()
#28 0x00005622f62ac0bb in Inkscape::UI::ClipboardManagerImpl::_copyNode(Inkscape::XML::Node*, Inkscape::XML::Document*, Inkscape::XML::Node*) ()
#29 0x00005622f62af0aa in Inkscape::UI::ClipboardManagerImpl::_copySelection(Inkscape::Selection*) ()
#30 0x00005622f62afef2 in Inkscape::UI::ClipboardManagerImpl::copy(SPDesktop*) ()
#31 0x00005622f5f0bb65 in sp_selection_cut(SPDesktop*) ()
#32 0x00005622f6105b32 in sp_action_perform(SPAction*, void*) ()
#33 0x00005622f5f354d3 in sp_shortcut_invoke(unsigned int, Inkscape::UI::View::View*) ()
#34 0x00007f39c076f99d in () at /usr/lib/libgtkmm-2.4.so.1
#35 0x00007f39bfe9a7cc in () at /usr/lib/libgtk-x11-2.0.so.0
#36 0x00007f39be7571b5 in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#37 0x00007f39be744b36 in () at /usr/lib/libgobject-2.0.so.0
#38 0x00007f39be74880d in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#39 0x00007f39be74a140 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#40 0x00007f39bffb5235 in () at /usr/lib/libgtk-x11-2.0.so.0
#41 0x00007f39bfe98adf in gtk_propagate_event () at /usr/lib/libgtk-x11-2.0.so.0
#42 0x00007f39bfe98e43 in gtk_main_do_event () at /usr/lib/libgtk-x11-2.0.so.0
#43 0x00007f39bfb11d5e in () at /usr/lib/libgdk-x11-2.0.so.0
#44 0x00007f39be66a90f in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#45 0x00007f39be66c869 in () at /usr/lib/libglib-2.0.so.0
#46 0x00007f39be66d7f2 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#47 0x00007f39bfe97df3 in gtk_main () at /usr/lib/libgtk-x11-2.0.so.0
#48 0x00005622f5e63b4f in sp_main_gui(int, char const**) ()
#49 0x00007f39be023ce3 in __libc_start_main () at /usr/lib/libc.so.6
#50 0x00005622f5e5face in _start ()
The 1.0alpha (9dee831, 2019-01-15) AppImage build does not exhibit this behavior, so it might already be a non-issue.
What should have happened?
No error/crash is expected for this operation.
Inkscape Version and Operating System:
- Inkscape Version: Inkscape 0.92.4 5da689c313, 2019-01-14
- Operating System: Arch Linux
- Operating System version: x86_64 Linux 5.1.6-arch1-1-ARCH