Qgis crashes on zoom in on a vector layer

[g_j_m]

Open a vector layer (ogr or postgres), zoom in, and Qgis crashes. A backtrace indicates that the problem is in QgsVectorLayer::drawFeature:

#15 0xb7e2d496 in QgsVectorLayer::drawLineString (this=0x82a6928,
    feature=0x551183bc <Address 0x551183bc out of bounds>, p=0xbfffcba0,
    mtp=0x818d3e8, projectionsEnabledFlag=false, drawingToEditingCanvas=true)

This is with the latest from SVN (r5608). This didn't happen a couple of days ago.

[anonymous]

I suspect that this problem occured in svn r5595.

Sometimes zoomng in is okay, but eventually, qgis will crash.

[morb_au]

I acknowledge that r5595 could have destabilised things but I can't get it to crash!

Example, three MapInfo? layers through OGR 1.3.2.0. I've zoomed in both by the mouse wheel and the toolbar (arbitrary zoom in).

I have added a new argument to QgsVectorLayer::drawLineString in r5593. Maybe a full make might clear things out, or if g_j_m can do a full trace?

[g_j_m]

I tried a make clean and then a make, but the problem still exists. The full backtrace is included below. It always works fine when I load a layer, but fails eventually when zooming in. From looking at the code and the backtrace, it looks like the wkb char* given to drawlinestring is wrong. The problem never happens with polygons or points. I suspect that the caching of geometries is going wrong somewhere...

#0  0xb7334cec in ?? () from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#1  0xbfff98b0 in ?? ()
#2  0xff56c447 in ?? ()
#3  0x472e2652 in ?? ()
#4  0x00000000 in ?? ()
#5  0x00000000 in ?? ()
#6  0xb77b8548 in ?? () from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#7  0x00000800 in ?? ()
#8  0xbfffc268 in ?? ()
#9  0xbfffb9a8 in ?? ()
#10 0xb7438d50 in QRasterPaintEnginePrivate::~QRasterPaintEnginePrivate ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#11 0xb7438d50 in QRasterPaintEnginePrivate::~QRasterPaintEnginePrivate ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#12 0xb7427d97 in QSpanData::initTexture ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#13 0xb7430291 in QRasterPaintEngine::drawPolygon ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#14 0xb7404204 in QPainter::drawPolyline ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#15 0xb7e2e426 in QgsVectorLayer::drawLineString (this=0x8261b60,
    feature=0x472e2652 <Address 0x472e2652 out of bounds>, p=0xbfffcba0,
    mtp=0x811c7b0, projectionsEnabledFlag=false, drawingToEditingCanvas=true)
---Type <return> to continue, or q <return> to quit---
    at qvector.h:97
#16 0xb7e37e1f in QgsVectorLayer::drawFeature (this=0x8261b60, p=0xbfffcba0,
    fet=0x82a31b0, theMapToPixelTransform=0x811c7b0, marker=0xbfffc8b0,
    markerScaleFactor=1, projectionsEnabledFlag=false,
    drawingToEditingCanvas=96) at qgsvectorlayer.cpp:3363
#17 0xb7e385c6 in QgsVectorLayer::draw (this=0x8261b60, p=0xbfffcba0,
    viewExtent=0xbfffc9c0, theMapToPixelTransform=0x811c7b0,
    drawingToEditingCanvas=true, widthScale=1, symbolScale=1)
    at qgsvectorlayer.cpp:905
#18 0xb7e38f3b in QgsVectorLayer::draw (this=0x8261b60, p=0xbfffcba0,
    viewExtent=0xbfffc9c0, theMapToPixelTransform=0x811c7b0,
    drawingToEditingCanvas=true) at qgsvectorlayer.cpp:794
#19 0xb7da9efa in QgsMapRender::render (this=0x81b0c80, painter=0xbfffcba0)
    at qgsmaprender.cpp:262
#20 0xb7d88617 in QgsMapCanvasMap::render (this=0x81520f0)
    at qgsmapcanvasmap.cpp:65
#21 0xb7d83991 in QgsMapCanvas::render (this=0x81b1268) at qgsmapcanvas.cpp:303
#22 0xb7d83935 in QgsMapCanvas::drawContents (this=0x81b1268, p=0xbfffcd40,
    cx=0, cy=0, cw=432, ch=450) at qgsmapcanvas.cpp:282
#23 0xb7a79520 in Q3ScrollView::drawContentsOffset ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQt3Support.so.4
#24 0xb7a78683 in Q3ScrollView::viewportPaintEvent ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQt3Support.so.4
---Type <return> to continue, or q <return> to quit---
#25 0xb7a7acc9 in Q3ScrollView::eventFilter ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQt3Support.so.4
#26 0xb733be14 in QApplicationPrivate::notify_helper ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#27 0xb733c045 in QApplication::notify ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#28 0xb7386ca0 in qt_sendSpontaneousEvent ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#29 0xb745f7d7 in QWidgetPrivate::drawWidget ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#30 0xb746013d in QWidgetBackingStore::paintSiblingsRecursive ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#31 0xb745f4cf in QWidgetPrivate::drawWidget ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#32 0xb746013d in QWidgetBackingStore::paintSiblingsRecursive ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#33 0xb745f4cf in QWidgetPrivate::drawWidget ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#34 0xb746013d in QWidgetBackingStore::paintSiblingsRecursive ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#35 0xb745f4cf in QWidgetPrivate::drawWidget ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#36 0xb746013d in QWidgetBackingStore::paintSiblingsRecursive ()
---Type <return> to continue, or q <return> to quit---
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#37 0xb745f4cf in QWidgetPrivate::drawWidget ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#38 0xb746013d in QWidgetBackingStore::paintSiblingsRecursive ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#39 0xb745ffc4 in QWidgetBackingStore::paintSiblingsRecursive ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#40 0xb745f4cf in QWidgetPrivate::drawWidget ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#41 0xb746013d in QWidgetBackingStore::paintSiblingsRecursive ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#42 0xb745f4cf in QWidgetPrivate::drawWidget ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#43 0xb746013d in QWidgetBackingStore::paintSiblingsRecursive ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#44 0xb745ffc4 in QWidgetBackingStore::paintSiblingsRecursive ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#45 0xb745f4cf in QWidgetPrivate::drawWidget ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#46 0xb7460586 in QWidgetBackingStore::cleanRegion ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#47 0xb7460ac1 in qt_syncBackingStore ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
---Type <return> to continue, or q <return> to quit---
#48 0xb73807f3 in QWidget::event ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#49 0xb7592a90 in QFrame::event ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#50 0xb733be38 in QApplicationPrivate::notify_helper ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#51 0xb733c045 in QApplication::notify ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#52 0xb6f60bfe in QCoreApplication::sendPostedEvents ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtCore.so.4
#53 0xb6f7fe1a in QEventDispatcherUNIX::processEvents ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtCore.so.4
#54 0xb73a4463 in QEventDispatcherX11::processEvents ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#55 0xb6f5bbd5 in QEventLoop::processEvents ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtCore.so.4
#56 0xb6f5be1f in QEventLoop::exec ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtCore.so.4
#57 0xb6f60d21 in QCoreApplication::exec ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtCore.so.4
#58 0xb733b4f6 in QApplication::exec ()
   from /usr/local/Trolltech/Qt-4.1.4/lib/libQtGui.so.4
#59 0x0804cd07 in main (argc=1, argv=0xbffff5b4) at main.cpp:597

[anonymous]

I still can't reproduce. I would appreciate if anyone else can confirm or deny this behaviour on their own systems.

Given your stack trace, it appears that the QgsFeature? object is OK but its embedded QgsGeometry? object is the one with the invalid address.

Browsing through the source code, I can only see a possible problem if you are displaying a geometry that has been freshly edited ( http://svn.qgis.org/trac/browser/trunk/qgis/src/gui/qgsvectorlayer.cpp#L882). Otherwise the problem is probably originating from the data provider in use. What layer provider/format are you using? Is the layer small/free enough to send over here?

[morb_au]

The previous comment was by morb_au by the way (I forgot to log into trac first)

[g_j_m]

It happens on vector layers from the postgres provider and the ogr provider. I'll attach a .shp file here later today.

The feature address in item 15 in the backtrace varies, suggesting to me that the memory is uninitialised or is being stomped on by some other part of the code.

I had a reasonable look through the code yesterday and didn't find anything except for the minor thing I resolved in r5610.

[g_j_m]

Example shp file that causes qgis to crash on zoom in

[anonymous]

The problem only happens if both items in the Rendering part of the QGIS Options dialog box are unticked. And then only when the coordinates passed to the call to drawPolyline() in qgsvectorlayer.cpp include negative values.

All of this implies that drawing to a Qt QImage with negative coordinates is causing the crash.

I think that the backtrace and its 'address out of bounds' message are a red herring.

I'm using Qt 4.1.4.

[g_j_m]

Fixed in SVN r5612. Problem was that qgis was drawing to a QImage using negative coordinates, and QT doesn't like that. I'm not sure why this only happened now.

[anonymous]

Milestone Version 0.8 deleted