Inkscape

failure to load CDR file with large bitmap (libxml2 >= 2.9.0)

Bug #1243011 reported by su_v on 2013-10-22
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Inkscape
Fix Committed
Medium
Patrick Storz
Inkscape 1.0
0.92.x
Fix Released
Medium
Patrick Storz
Inkscape 0.92.2 "0.92.2"
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

With libxml2 >= 2.9.0 loading of a CDR files with large embedded bitmap images fails in inkscape trunk with a parser error, for example:
  Entity: line 12: parser error : AttValue length too long

A sample CDR file can be downloaded from this page:
<http://www.openaccessweek.org/photo/oaweek-2013-poster>
Direct download link:
<https://www.dropbox.com/s/f9mn0d6f4df8wvm/OAWeek%202013.cdr>

With rev >= 12575, this parser error triggers a crash (so far confirmed for CDR files, possibly affects other file formats too):

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000030
0x000000010007731c in SPDocument::getRoot (this=0x0) at document.h:125
125 SPRoot *getRoot() { return root; }
(gdb) bt
#0 0x000000010007731c in SPDocument::getRoot (this=0x0) at document.h:125
#1 0x000000010059927b in Inkscape::Extension::Internal::CdrInput::open (this=0x1084282c0, unnamed_arg=0x1084282d0, uri=0x143b3ab58 "/Users/su_v/Downloads/_img/_misc/OAWeek 2013.cdr") at cdr-input.cpp:260
#2 0x000000010057c253 in Inkscape::Extension::Input::open (this=0x1084282d0, uri=0x143b3ab58 "/Users/su_v/Downloads/_img/_misc/OAWeek 2013.cdr") at input.cpp:153
#3 0x0000000100576e14 in Inkscape::Extension::open (key=0x0, filename=0x143b3ab58 "/Users/su_v/Downloads/_img/_misc/OAWeek 2013.cdr") at system.cpp:117
#4 0x000000010010460f in sp_file_open (uri=@0x7fff5fbfe288, key=0x0, add_to_recent=true, replace_empty=true) at file.cpp:274
#5 0x000000010018dbc6 in sp_recent_open (recent_menu=0x1088480f0, unnamed_arg=0x0) at interface.cpp:718

Confirmed with r12708 on OS X 10.7.5 (libxml2 2.9.1, libcdr git master @b279f96).

Based on tests with archived builds (on OS X 10.7.5):
- crash not reproduced with rev <= 12571,
- crash reproduced with rev >= 12576,
the regression (crash instead of notification about failure to load) was likely introduced in
  Revision 12575: Fix adding viewBox to new documents.
  <http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/12575>

Note: AFAICT this regression does only occur with libxml2 >= 2.9.0 installed, which introduced default limits for attribute lengths:
<https://git.gnome.org/browse/libxml2/commit/?id=e17db9946c09af709d6b37c598b336b1d2ef18a5>

The fix likely requires two steps:
1) add 'XML_PARSE_HUGE' (or whatever parser option is required) to support long attributes used for embedded bitmap images
2) add checks to prevent crash if parsed document is not valid (?) - fixed in rev 12733.

See original description
su_v (suv-lp) on 2013-10-22
summary: - trunk: libml2 >= 2.9.0: crash on load of CDR file with large bitmap (rev
- >= 12575)
+ trunk: crash on load of CDR file with large bitmap (rev >= 12575,
+ libxml2 >= 2.9.0)
su_v (suv-lp) wrote : Re: trunk: crash on load of CDR file with large bitmap (rev >= 12575, libxml2 >= 2.9.0)
su_v (suv-lp) wrote :
su_v (suv-lp) wrote :

Attaching the output of cdr2xhtml (command line tool installed with libcdr which wraps the SVG output into an XHTML file): AFAIU it contains the same SVG output which is read in by Inkcape's internal CDR input (and which inkscape fails to load due to a parser error if using libxml2 2.9.x).

su_v (suv-lp) wrote :

> Revision 12733: add some nullptr checking, should fix crash (couldn't test)
> <http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/12733>

@Johan - crash fix confirmed with r12734 on OS X 10.7.5: inkscape no longer crashes it if fails to parse the input.

Remaining issue:
- add adequate XMl parser flags to allow long attribute values.

description: updated
su_v (suv-lp) on 2013-10-27
Changed in inkscape:
importance: Undecided → Medium
status: New → Triaged
su_v (suv-lp) on 2013-10-28
summary: - trunk: crash on load of CDR file with large bitmap (rev >= 12575,
- libxml2 >= 2.9.0)
+ trunk: fails to load CDR file with large bitmap (libxml2 >= 2.9.0)
tags: added: cdr
removed: crash regression
su_v (suv-lp) on 2014-10-21
Changed in inkscape:
milestone: 0.91 → none
su_v (suv-lp) on 2015-05-05
summary: - trunk: fails to load CDR file with large bitmap (libxml2 >= 2.9.0)
+ failure to load CDR file with large bitmap (libxml2 >= 2.9.0)
Patrick Storz (ede123) wrote :

Crashing issue seems to have been fixed already.

Fix for the underlying import failure due to long attribute length pushed in
http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/15654

Please test the change thoroughly. If no regressions are found I think this would be a good candidate for backporting to 0.92.x.

Changed in inkscape:
status: Triaged → Fix Committed
assignee: nobody → Eduard Braun (eduard-braun2)
jazzynico (jazzynico) on 2017-04-30
Changed in inkscape:
milestone: none → 0.93
tags: added: backport-proposed
jazzynico (jazzynico) wrote :

Fix confirmed on Xubuntu 16.04, lp:inkscape rev. 15657. The file now loads correctly, with no console message.

Patrick Storz (ede123) wrote :

Committed to stable branch in
http://bazaar.launchpad.net/~inkscape.dev/inkscape/0.92.x/revision/15427

su_v (suv-lp) on 2017-07-17
tags: removed: backport-proposed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers