Debian
inkscape package

Wrong "flag" parsing in path descriptions

Bug #1416680 reported by Alex Valavanis
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Inkscape
New
Undecided
Unassigned
inkscape (Debian)
Confirmed
Unknown

Bug Description

From: Samuel Bronson <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: inkscape: Wrong "flag" parsing in path descriptions
Date: Tue, 04 Mar 2014 17:35:29 -0500
[Message part 1 (text/plain, inline)]
Package: inkscape
Version: 0.48.4-3+b1
Severity: normal

Dear Maintainer,

Consider the two SVGs encosed, and the diff between them.
[path-flag-misparsed.svg (text/plain, inline)]
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" stroke="#3c790a">
<circle cx="50" cy="50" r="45" stroke-width="10" fill="#fff"/>
<path stroke-width="1.5" fill="none" d="M17,66C21,63,43,76,37,68"/>
<path stroke="#793c0a" stroke-width="1.5" fill="none" d="M33,75a8,8,0,0,16,8"/>
<path stroke-width="1.5" fill="none" d="M50,84C68,49,57,90,63,77,66,58,75,87,71,69,68,62,74,65,78,66"/>
<path stroke-width="1.5" fill="none" d="M65,62C57,64,64,71,67,64"/>
<path stroke-width="1.5" fill="none" d="M47,60L43,69,44,69,51,66"/>
<path stroke-width="1.5" fill="none" d="M50,52C47,60,53,54,52,60,50,68,62,60,57,62,58,54,65,60,59,54,48,42,20,25,29,37"/>
<path stroke-width="1.5" fill="none" d="M29,40C23,50,27,47,29,48"/>
<path stroke-width="1.5" fill="none" d="M33,37C28,42,37,38,35,42,34,44,30,38,32,48,31,50,36,52,28,50"/>
<path stroke-width="1.5" fill="none" d="M32,53L28,52"/>
<path stroke-width="1.5" fill="none" d="M30,53C28,55,25,57,30,61,32,62,32,65,38,62,40,61,43,63,44,57,44,56,48,52,44,48L45,45,41,42,40,43,41,47,39,50,35,51"/>
<path stroke-width="1.5" fill="none" d="M32,31C43,30,50,16,64,23"/>
<path stroke-width="1.5" fill="none" d="M43,37C54,28,49,56,69,48,82,40,78,21,68,20L68,26C72,29,72,29,72,33"/>
</svg>
[path-flag-intended.svg (text/plain, inline)]
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" stroke="#3c790a">
<circle cx="50" cy="50" r="45" stroke-width="10" fill="#fff"/>
<path stroke-width="1.5" fill="none" d="M17,66C21,63,43,76,37,68"/>
<path stroke="#793c0a" stroke-width="1.5" fill="none" d="M33,75a8,8,0,0,1,6,8"/>
<path stroke-width="1.5" fill="none" d="M50,84C68,49,57,90,63,77,66,58,75,87,71,69,68,62,74,65,78,66"/>
<path stroke-width="1.5" fill="none" d="M65,62C57,64,64,71,67,64"/>
<path stroke-width="1.5" fill="none" d="M47,60L43,69,44,69,51,66"/>
<path stroke-width="1.5" fill="none" d="M50,52C47,60,53,54,52,60,50,68,62,60,57,62,58,54,65,60,59,54,48,42,20,25,29,37"/>
<path stroke-width="1.5" fill="none" d="M29,40C23,50,27,47,29,48"/>
<path stroke-width="1.5" fill="none" d="M33,37C28,42,37,38,35,42,34,44,30,38,32,48,31,50,36,52,28,50"/>
<path stroke-width="1.5" fill="none" d="M32,53L28,52"/>
<path stroke-width="1.5" fill="none" d="M30,53C28,55,25,57,30,61,32,62,32,65,38,62,40,61,43,63,44,57,44,56,48,52,44,48L45,45,41,42,40,43,41,47,39,50,35,51"/>
<path stroke-width="1.5" fill="none" d="M32,31C43,30,50,16,64,23"/>
<path stroke-width="1.5" fill="none" d="M43,37C54,28,49,56,69,48,82,40,78,21,68,20L68,26C72,29,72,29,72,33"/>
</svg>
[path-flag.diff (text/x-diff, inline)]
--- path-flag-misparsed.svg 2014-03-04 13:41:10.000000000 -0500
+++ path-flag-intended.svg 2014-03-04 13:40:51.000000000 -0500
@@ -3,3 +3,3 @@
 <path stroke-width="1.5" fill="none" d="M17,66C21,63,43,76,37,68"/>
-<path stroke="#793c0a" stroke-width="1.5" fill="none" d="M33,75a8,8,0,0,16,8"/>
+<path stroke="#793c0a" stroke-width="1.5" fill="none" d="M33,75a8,8,0,0,1,6,8"/>
 <path stroke-width="1.5" fill="none" d="M50,84C68,49,57,90,63,77,66,58,75,87,71,69,68,62,74,65,78,66"/>
[Message part 5 (text/plain, inline)]
The only difference between them is a single comma in an "a" command.
This comma is supposed to be optional.

In <http://www.w3.org/TR/SVG/paths.html#PathDataBNF>, the most relevant
productions are:

,----
| elliptical-arc:
| ( "A" | "a" ) wsp* elliptical-arc-argument-sequence
| elliptical-arc-argument-sequence:
| elliptical-arc-argument
| | elliptical-arc-argument comma-wsp? elliptical-arc-argument-sequence
| elliptical-arc-argument:
| nonnegative-number comma-wsp? nonnegative-number comma-wsp?
| number comma-wsp flag comma-wsp? flag comma-wsp? coordinate-pair
| flag:
| "0" | "1"
| comma-wsp:
| (wsp+ comma? wsp*) | (comma wsp*)
`----

We end up trying to parse "0,16,8" as "flag comma-wsp? flag comma-wsp?
coordinate-pair". This is supposed result in a flag of "0", another of
"1", and a coordinate-pair of "6,8". No comma is needed between the "1"
and the "6", because a flag cannot be more than one digit long anyway.

Firefox and Chrom{e,ium} do fine with this.

Unfortunately, Inkscape doesn't actually manage this; instead, it
appears to abort parsing the path at this point, presumably believing it
to be syntactically invalid. This results in the enclosed actual vs.
expected renderings.
[inkscape-bad.png (image/png, inline)]
[inkscape-good.png (image/png, inline)]
[Message part 8 (text/plain, inline)]

(The original version of the test SVG had only one path, which was the
concatenation of the paths in the provided version. Inkscape only
displayed through the first path, which is consistant with the path
parse error handling given in the SVG spec; namely, draw everything
before the parse error, but stop at the error. Inkscaped didn't warn
about it like the spec suggests, though, even though an SVG editor is
probably where such warnings would be MOST useful.)

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages inkscape depends on:
ii gconf-service 3.2.6-1
ii libaspell15 0.60.7~20110707-1
ii libatk1.0-0 2.10.0-2
ii libatkmm-1.6-1 2.22.7-2
ii libc6 2.17-97
ii libcairo2 1.12.16-2
ii libcairomm-1.0-1 1.10.0-1
ii libfontconfig1 2.11.0-1
ii libfreetype6 2.5.2-1
ii libgc1c2 1:7.2d-6
ii libgcc1 1:4.8.2-12
ii libgconf-2-4 3.2.6-1
ii libgdk-pixbuf2.0-0 2.28.2-1+b1
ii libglib2.0-0 2.36.4-1
ii libglibmm-2.4-1c2a 2.36.2-1
ii libgnomevfs2-0 1:2.24.4-4
ii libgomp1 4.8.2-12
ii libgsl0ldbl 1.16+dfsg-1
ii libgtk2.0-0 2.24.22-1
ii libgtkmm-2.4-1c2a 1:2.24.4-1
ii libgtkspell0 2.0.16-1
ii liblcms1 1.19.dfsg-1.2+b1
ii libmagick++5 8:6.7.7.10-7
ii libmagickcore5 8:6.7.7.10-7
ii libpango-1.0-0 1.36.0-1+b1
ii libpangocairo-1.0-0 1.36.0-1+b1
ii libpangoft2-1.0-0 1.36.0-1+b1
ii libpangomm-1.4-1 2.34.0-1
ii libpng12-0 1.2.49-5
ii libpoppler-glib8 0.22.5-4
ii libpoppler37 0.22.5-4
ii libpopt0 1.16-8
ii libsigc++-2.0-0c2a 2.2.10-0.2
ii libstdc++6 4.8.2-12
ii libwpd-0.9-9 0.9.9-1
ii libwpg-0.2-2 0.2.2-1
ii libx11-6 2:1.6.2-1
ii libxml2 2.9.1+dfsg1-3
ii libxslt1.1 1.1.28-2
ii zlib1g 1:1.2.8.dfsg-1

Versions of packages inkscape recommends:
ii aspell 0.60.7~20110707-1
ii imagemagick 8:6.7.7.10-7
ii libgnomevfs2-extra 1:2.24.4-4
pn libwmf-bin <none>
pn perlmagick <none>
pn pstoedit <none>
ii python-lxml 3.2.0-1+b1
ii python-numpy 1:1.7.1-3
ii transfig 1:3.2.5.e-1

Versions of packages inkscape suggests:
ii dia 0.97.2-15
pn libsvg-perl <none>
pn libxml-xql-perl <none>
pn python-uniconvertor <none>
ii ruby 1:1.9.3

-- no debconf information

Tags: svg
Revision history for this message
Alex Valavanis (valavanisalex) wrote :
Revision history for this message
Alex Valavanis (valavanisalex) wrote :
Revision history for this message
Alex Valavanis (valavanisalex) wrote :
Revision history for this message
Alex Valavanis (valavanisalex) wrote :
Revision history for this message
Alex Valavanis (valavanisalex) wrote :
Bug Watch Updater (bug-watch-updater)
Changed in inkscape (Debian):
status: Unknown → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.