GNOME Bugzilla – Bug 334771
Ungroup crashes
Last modified: 2007-05-28 11:10:45 UTC
Steps to reproduce: 1. Add an object 2. Duplicate it (ctrl-d) 3. Select both objects 4. Group them (Ctrl-g) 5. Ungroup them 6. Rinse and repeat (usually crashes quite quickly - about the 3rd or 4th time) Stack trace: Sorry guys - this is on Microsoft Windows Other information:
diagram_ungroup_selected(_Diagram * 0x01d1e1b8) line 1153 + 3 bytes objects_ungroup_callback(void * 0x00000000, unsigned int 0, _GtkWidget * 0x01ccd618) line 999 + 11 bytes Looks like somewhere dia->data-selected was screwed. It was 0x03 when the crash occured. Strangely enough I was not able to reproduce on Linux.
I was unable to reproduce this bug in the manner described by Russell. However, I did get a crash when ungrouping an object. I enclose a Linux (x86, Debian-unstable) stacktrace. Dia version is reported as 0.94
+ Trace 67673
I have same bug. It's hard to reproduce it. I added some printf, here are the results: =================================== 8< ===================================== (create two objects) (group them) (ungroup) dia = 0x9488060 list length = 1 selected = 0x94ee270 group = 0x94ee808 before apply(), selected = 0x94ee270 apply() selected = 0x94ee270 list length = 2 (end of while) selected = 0x94ee270 (end of while) selected (next) = (nil) (group two objects) (ungroup) dia = 0x9488060 list length = 1 selected = 0x94ee230 group = 0x94f7648 before apply(), selected = 0x94ee230 apply() selected = 0x94ee230 list length = 2 (end of while) selected = 0x94ee230 (end of while) selected (next) = 0x94f4d48 group = 0x815df18 (end of while) selected = 0x94f4d48 (end of while) selected (next) = 0x3 Erreur de segmentation (core dumped) =================================== 8< ===================================== Informations from gdb:
+ Trace 67879
For sure, "selected->data" crash since selected=0x3 ... So "apply" function looks to be buggy. Haypo
Created attachment 64403 [details] [review] Proposition to fix diagram_ungroup_selected() bug My patch looks to fix the bug (tested during long time), but i don't know if it keep old behaviour. Haypo
Created attachment 64654 [details] [review] Ok, this patch really fix the bug and doesn't change function behaviour The problem was that the function walk in "dia->data->selected" list, and that "dia->data->selected" is changed (replaced with new list, old list is free()'d) during the loop. So I just made a copy of the original list ;-) This function works with two or more groups. Haypo PS: Don't use my first patch (works well, but don't allow to ungroup two or more groups)
Note: #338936 is a duplicate of this bug.
Note: bug #340145 is a duplicate of this bug.
*** Bug 340145 has been marked as a duplicate of this bug. ***
*** Bug 338936 has been marked as a duplicate of this bug. ***
Hi Victor, thanks for the patch. I've now commited it to HEAD and the newly created dia-0-95 branch. Keep up the good work, even if we sometimes need some time to actually apply it ;) 2006-04-02 Hans Breuer <hans@breuer.org> [ also applied to branch dia-0-95 ] * app/diagram.c(diagram_ungroup_selected) : operate on a copy of data-Selected cause the original is modified during use. Patch from Victor Stinner, fixes bug #334771
*** Bug 341913 has been marked as a duplicate of this bug. ***
*** Bug 342955 has been marked as a duplicate of this bug. ***
*** Bug 345120 has been marked as a duplicate of this bug. ***
*** Bug 346774 has been marked as a duplicate of this bug. ***
*** Bug 347726 has been marked as a duplicate of this bug. ***
*** Bug 348043 has been marked as a duplicate of this bug. ***
*** Bug 350822 has been marked as a duplicate of this bug. ***
*** Bug 351388 has been marked as a duplicate of this bug. ***
*** Bug 390731 has been marked as a duplicate of this bug. ***
*** Bug 405619 has been marked as a duplicate of this bug. ***
*** Bug 420163 has been marked as a duplicate of this bug. ***
*** Bug 427563 has been marked as a duplicate of this bug. ***
*** Bug 441774 has been marked as a duplicate of this bug. ***