failure to load CDR file with large bitmap (libxml2 >= 2.9.0)

Bug #1243011 reported by su_v on 2013-10-22
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Inkscape
Medium
Patrick Storz
0.92.x
Medium
Patrick Storz

Bug Description

With libxml2 >= 2.9.0 loading of a CDR files with large embedded bitmap images fails in inkscape trunk with a parser error, for example:
  Entity: line 12: parser error : AttValue length too long

A sample CDR file can be downloaded from this page:
<http://www.openaccessweek.org/photo/oaweek-2013-poster>
Direct download link:
<https://www.dropbox.com/s/f9mn0d6f4df8wvm/OAWeek%202013.cdr>

With rev >= 12575, this parser error triggers a crash (so far confirmed for CDR files, possibly affects other file formats too):

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000030
0x000000010007731c in SPDocument::getRoot (this=0x0) at document.h:125
125 SPRoot *getRoot() { return root; }
(gdb) bt
#0 0x000000010007731c in SPDocument::getRoot (this=0x0) at document.h:125
#1 0x000000010059927b in Inkscape::Extension::Internal::CdrInput::open (this=0x1084282c0, unnamed_arg=0x1084282d0, uri=0x143b3ab58 "/Users/su_v/Downloads/_img/_misc/OAWeek 2013.cdr") at cdr-input.cpp:260
#2 0x000000010057c253 in Inkscape::Extension::Input::open (this=0x1084282d0, uri=0x143b3ab58 "/Users/su_v/Downloads/_img/_misc/OAWeek 2013.cdr") at input.cpp:153
#3 0x0000000100576e14 in Inkscape::Extension::open (key=0x0, filename=0x143b3ab58 "/Users/su_v/Downloads/_img/_misc/OAWeek 2013.cdr") at system.cpp:117
#4 0x000000010010460f in sp_file_open (uri=@0x7fff5fbfe288, key=0x0, add_to_recent=true, replace_empty=true) at file.cpp:274
#5 0x000000010018dbc6 in sp_recent_open (recent_menu=0x1088480f0, unnamed_arg=0x0) at interface.cpp:718

Confirmed with r12708 on OS X 10.7.5 (libxml2 2.9.1, libcdr git master @b279f96).

Based on tests with archived builds (on OS X 10.7.5):
- crash not reproduced with rev <= 12571,
- crash reproduced with rev >= 12576,
the regression (crash instead of notification about failure to load) was likely introduced in
  Revision 12575: Fix adding viewBox to new documents.
  <http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/12575>

Note: AFAICT this regression does only occur with libxml2 >= 2.9.0 installed, which introduced default limits for attribute lengths:
<https://git.gnome.org/browse/libxml2/commit/?id=e17db9946c09af709d6b37c598b336b1d2ef18a5>

The fix likely requires two steps:
1) add 'XML_PARSE_HUGE' (or whatever parser option is required) to support long attributes used for embedded bitmap images
2) add checks to prevent crash if parsed document is not valid (?) - fixed in rev 12733.

su_v (suv-lp) on 2013-10-22
summary: - trunk: libml2 >= 2.9.0: crash on load of CDR file with large bitmap (rev
- >= 12575)
+ trunk: crash on load of CDR file with large bitmap (rev >= 12575,
+ libxml2 >= 2.9.0)
su_v (suv-lp) wrote :
su_v (suv-lp) wrote :

Attaching the output of cdr2xhtml (command line tool installed with libcdr which wraps the SVG output into an XHTML file): AFAIU it contains the same SVG output which is read in by Inkcape's internal CDR input (and which inkscape fails to load due to a parser error if using libxml2 2.9.x).

su_v (suv-lp) wrote :

> Revision 12733: add some nullptr checking, should fix crash (couldn't test)
> <http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/12733>

@Johan - crash fix confirmed with r12734 on OS X 10.7.5: inkscape no longer crashes it if fails to parse the input.

Remaining issue:
- add adequate XMl parser flags to allow long attribute values.

description: updated
su_v (suv-lp) on 2013-10-27
Changed in inkscape:
importance: Undecided → Medium
status: New → Triaged
su_v (suv-lp) on 2013-10-28
summary: - trunk: crash on load of CDR file with large bitmap (rev >= 12575,
- libxml2 >= 2.9.0)
+ trunk: fails to load CDR file with large bitmap (libxml2 >= 2.9.0)
tags: added: cdr
removed: crash regression
su_v (suv-lp) on 2014-10-21
Changed in inkscape:
milestone: 0.91 → none
su_v (suv-lp) on 2015-05-05
summary: - trunk: fails to load CDR file with large bitmap (libxml2 >= 2.9.0)
+ failure to load CDR file with large bitmap (libxml2 >= 2.9.0)
Patrick Storz (ede123) wrote :

Crashing issue seems to have been fixed already.

Fix for the underlying import failure due to long attribute length pushed in
http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/15654

Please test the change thoroughly. If no regressions are found I think this would be a good candidate for backporting to 0.92.x.

Changed in inkscape:
status: Triaged → Fix Committed
assignee: nobody → Eduard Braun (eduard-braun2)
jazzynico (jazzynico) on 2017-04-30
Changed in inkscape:
milestone: none → 0.93
tags: added: backport-proposed
jazzynico (jazzynico) wrote :

Fix confirmed on Xubuntu 16.04, lp:inkscape rev. 15657. The file now loads correctly, with no console message.

su_v (suv-lp) on 2017-07-17
tags: removed: backport-proposed
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers