Crash when opening large PNG
Migrated from https://bugs.launchpad.net/inkscape/+bug/1484149
Dear Maintainers,
I would like to report a bug where a large PNG file can crash Inkscape.
This one appeared after fixing another bug in GDK-pixbuf which caused Inkscape to crash too:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795277
- https://bugs.launchpad.net/inkscape/+bug/1483061
Steps to reproduce the crash
- save the attached PNG image to a folder
- make sure that the GDK-pixbuf-bug mentioned above is fixed (!)
- start inkscape
- click on 'file' -> 'open'
- select the PNG file (important: deselect 'preview' to avoid a third bug which I reported here too)
- inkscape crashes
Backtrace (gdb)
(click to expand)
Program received signal SIGSEGV, Segmentation fault.
0x00000000006ce2d0 in convert_pixels_pixbuf_to_argb32 (data=0x7ffdfe07a010 "", w=27000,
h=27000, stride=108000) at display/cairo-utils.cpp:1213
1213 *px = argb32_from_pixbuf(*px);
(gdb) bt
#0 0x00000000006ce2d0 in convert_pixels_pixbuf_to_argb32 (data=0x7ffdfe07a010 "", w=27000,
h=27000, stride=108000) at display/cairo-utils.cpp:1213
#1 0x00000000006cb4c9 in Inkscape::Pixbuf::ensurePixelFormat (this=0x79550f0,
fmt=Inkscape::Pixbuf::PF_CAIRO) at display/cairo-utils.cpp:488
#2 0x00000000006cb088 in Inkscape::Pixbuf::getSurfaceRaw (this=0x79550f0, convert_format=true)
at display/cairo-utils.cpp:367
#3 0x00000000006f3d63 in Inkscape::DrawingImage::_renderItem (this=0x79881b0, dc=...)
at display/drawing-image.cpp:123
#4 0x00000000006f7078 in Inkscape::DrawingItem::render (this=0x79881b0, dc=..., area=...,
flags=0, stop_at=0x0) at display/drawing-item.cpp:741
#5 0x00000000006f2c15 in Inkscape::DrawingGroup::_renderItem (this=0x7988080, dc=...,
area=..., flags=0, stop_at=0x0) at display/drawing-group.cpp:106
#6 0x00000000006f7078 in Inkscape::DrawingItem::render (this=0x7988080, dc=..., area=...,
flags=0, stop_at=0x0) at display/drawing-item.cpp:741
#7 0x00000000006f2c15 in Inkscape::DrawingGroup::_renderItem (this=0x36a0350, dc=...,
area=..., flags=0, stop_at=0x0) at display/drawing-group.cpp:106
#8 0x00000000006f7078 in Inkscape::DrawingItem::render (this=0x36a0350, dc=..., area=...,
flags=0, stop_at=0x0) at display/drawing-item.cpp:741
#9 0x00000000006ee57e in Inkscape::Drawing::render (this=0x36fc108, dc=..., area=..., flags=0)
at display/drawing.cpp:173
#10 0x00000000006d0d39 in sp_canvas_arena_render (item=0x36fc040, buf=0x7fffffffd850)
at display/canvas-arena.cpp:222
#11 0x00000000007414da in SPCanvasGroup::render (item=0x36378e0, buf=0x7fffffffd850)
at display/sp-canvas.cpp:1132
#12 0x00000000007414da in SPCanvasGroup::render (item=0x35d2840, buf=0x7fffffffd850)
at display/sp-canvas.cpp:1132
#13 0x0000000000743290 in SPCanvasImpl::sp_canvas_paint_single_buffer (canvas=0x35da000,
paint_rect=..., canvas_rect=...) at display/sp-canvas.cpp:1906
#14 0x0000000000743681 in SPCanvasImpl::sp_canvas_paint_rect_internal (setup=0x7fffffffdcf0,
this_rect=...) at display/sp-canvas.cpp:2018
#15 0x00000000007439fe in SPCanvasImpl::sp_canvas_paint_rect_internal (setup=0x7fffffffdcf0,
this_rect=...) at display/sp-canvas.cpp:2069
---Type <return> to continue, or q <return> to quit---
#16 0x00000000007439fe in SPCanvasImpl::sp_canvas_paint_rect_internal (setup=0x7fffffffdcf0,
this_rect=...) at display/sp-canvas.cpp:2069
#17 0x00000000007439fe in SPCanvasImpl::sp_canvas_paint_rect_internal (setup=0x7fffffffdcf0,
this_rect=...) at display/sp-canvas.cpp:2069
#18 0x00000000007439fe in SPCanvasImpl::sp_canvas_paint_rect_internal (setup=0x7fffffffdcf0,
this_rect=...) at display/sp-canvas.cpp:2069
#19 0x0000000000743cea in SPCanvasImpl::sp_canvas_paint_rect (canvas=0x35da000, xx0=-752,
yy0=-704, xx1=432, yy1=16) at display/sp-canvas.cpp:2127
#20 0x00000000007442ab in SPCanvasImpl::paint (canvas=0x35da000) at display/sp-canvas.cpp:2267
#21 0x00000000007443fa in SPCanvasImpl::do_update (canvas=0x35da000)
at display/sp-canvas.cpp:2302
#22 0x0000000000744479 in SPCanvasImpl::idle_handler (data=0x35da000)
at display/sp-canvas.cpp:2318
#23 0x00007ffff67e3d97 in gdk_threads_dispatch (data=0x367df60)
at /build/gtk+2.0-czQfyJ/gtk+2.0-2.24.25/gdk/gdk.c:534
#24 0x00007ffff0ee7b6d in g_main_dispatch (context=0x18fd610)
at /tmp/buildd/glib2.0-2.42.1/./glib/gmain.c:3111
#25 g_main_context_dispatch (context=context@entry=0x18fd610)
at /tmp/buildd/glib2.0-2.42.1/./glib/gmain.c:3710
#26 0x00007ffff0ee7f48 in g_main_context_iterate (context=0x18fd610, block=block@entry=1,
dispatch=dispatch@entry=1, self=<optimized out>)
at /tmp/buildd/glib2.0-2.42.1/./glib/gmain.c:3781
#27 0x00007ffff0ee8272 in g_main_loop_run (loop=0x3703a10)
at /tmp/buildd/glib2.0-2.42.1/./glib/gmain.c:3975
#28 0x00007ffff6bac597 in IA__gtk_main ()
at /build/gtk+2.0-czQfyJ/gtk+2.0-2.24.25/gtk/gtkmain.c:1257
#29 0x000000000044ffc3 in sp_main_gui (argc=1, argv=0x7fffffffe338) at main.cpp:1075
#30 0x000000000044f580 in main (argc=1, argv=0x7fffffffe338) at main.cpp:789
Inkscape Version and Operating System:
- Affected Inkscape versions: 0.91 (unsure about 0.45)
- OS: Debian 8.1 x64
- Memory: 24 GiB
Example File
27000_27000_1437947845.png (27000x27000 pixels)
Edited by Thomas Holder