huge text node: out of memory

Description of problem:
When trying to open a file that I created in inkscape on an Ubuntu system in inkscape svg format failes to open in Fedora with an out of memory error message (see below).
After removing this element with a text editor the file opens, obviously it was a large background bitmap.

Version-Release number of selected component (if applicable):
Fedora 17
inkscape.x86_64 0.48.3.1-1.fc17

How reproducible:
Try to open specific file in inkscape svg format. Example attached.

Actual results:
Window "Failed to load the requested file /home/.../asilomar.svg"
inkscape opens with empty 'New document 1'.
Command line: >>
$ inkscape asilomar.svg
asilomar.svg:2143: parser error : internal error
8AIAVESAoAYAhoGAOMoAqsXP0HuuQ+uIcMyu8HqHiHyHKHhnyHDQIwGk136hjmLlya2Kko wJUhYH33/
                                                                               ^
asilomar.svg:2143: error: xmlSAX2Characters: huge text node: out of memory
         id="flowPara3740" /></flowRoot> <image
                                             ^
asilomar.svg:2143: parser error : Extra content at the end of the document
         id="flowPara3740" /></flowRoot> <image
                                             ^
-- cut
The file shows around the specified line >>
    <flowRoot
       style="font-size:40px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
       id="flowRoot3734"
       xml:space="preserve"><flowRegion
         id="flowRegion3736"><rect
           y="586.6864"
           x="201.74588"
           height="61.451332"
           width="67.248627"
           id="rect3738" /></flowRegion><flowPara
         id="flowPara3740" /></flowRoot> <image
       xlink:href="data:image/tiff;base64,<binarydatagoesonforever>.......
-- cut

Expected results:
File opens and is editable.

Additional info:
In current Ubuntu the file can be opened with inkscape 0.48.

Can you attach the file, please?

Created attachment 635043
svg files that show the described behavior

This is not the original file, but a cleaned out one.
error output is here >>
bugreport.svg:2142: error: xmlSAX2Characters: huge text node: out of memory
         id="flowPara3740" /></flowRoot> <image
                                             ^
bugreport.svg:2142: parser error : Extra content at the end of the document
         id="flowPara3740" /></flowRoot> <image
                                             ^

Filed upstream:

https://bugs.launchpad.net/inkscape/+bug/1073315

Occurs on Fedora 18 as well, with libxml2 2.9.0.

Confirmed, basically the image

<image xlink:href="data:image/tiff;base64,SUkqAAgAAAAXAP4AB
....
TokrxM8 2U881Ziy+9XLeaZUMMYnr3OSqzN66gRKnVlLHtPnbBYDYS0kBazkppTeeKtxIwsRt/bOYyAg
AwAB oAMAAQAAAP//AAACoAQAAQAAALAJAAADoAQAAQAAALMNAAAAAAAAAAA= "
       width="2434.2515"
       height="2721.7761"
       id="image5766"
       x="35.433308"
       y="471.49432"
       style="fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:3.54330707
;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />

  consists of a single text node of more than 10 megabytes. The problem
is that it was one way to generate DoS attacks against services parsing
XML unchecked input, you can reproduce this with xmllint command line tool:

thinkpad:~ -> /usr/bin/xmllint --noout Desktop/Download/bugreport.svg
Desktop/Download/bugreport.svg:2142: parser error : internal error: Huge input lookup
P0HuuQ+uIcMyu8HqHiHyHKHhnyHDQIwGk136hjmLlya2Kko wJUhYH33/OAMWL+yMSbgatZl1mQmU3sI
                                                                               ^
Desktop/Download/bugreport.svg:2142: parser error : xmlSAX2Characters: huge text node
         id="flowPara3740" /></flowRoot> <image
                                             ^
Desktop/Download/bugreport.svg:2142: parser error : Extra content at the end of the document
         id="flowPara3740" /></flowRoot> <image
                                             ^
thinkpad:~ ->

  There is a parser option to disable those kind of sanity checks

thinkpad:~ -> /usr/bin/xmllint --noout --huge Desktop/Download/bugreport.svg
thinkpad:~ ->

  this could be 'fixed' in two ways:

   - reduce your image size slightly to fit in 10MB uuencoded (inkscape at
     saving time could do that kind of checking and warn the user).
   - in inkscape code where the XML is loaded add the XML_PARSE_HUGE
     option which would disable those checks. It's probably safe in
     inkscape code.

Daniel

Another option might be to switch the background image type from tiff which
is huge to an equivalent lossless format but compressed like gif or png,

Daniel

inkscape-0.48.3.1-2.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/inkscape-0.48.3.1-2.fc18

inkscape-0.48.3.1-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/inkscape-0.48.3.1-2.fc17

Package inkscape-0.48.3.1-2.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing inkscape-0.48.3.1-2.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-17442/inkscape-0.48.3.1-2.fc18
then log in and leave karma (feedback).

I just looked at inkscape-0.48.3.1-hugexml.patch and yes that looks exactly
the right fix,

  thanks for the fast reaction, let's make sure the patch is pushed
upstream (they use bazaar, which i'm not used to, so didn't checked myself)

Daniel

No worries, it's from upstream.

Great guys, that was fast. I can't test it at the moment, but I believe it should do it.
What a satisfying bug reporting experience! :)

inkscape-0.48.3.1-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.