Inkscape

lcms2: crash in 'Fill and Stroke' if linked color profile is missing on local system

Bug #1300865 reported by su_v on 2014-04-01

20

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Inkscape	Fix Released	High	Mark Harmer	Inkscape 0.92 "0.92"

Bug Description

Affects stable and trunk builds compiled with lcms2 support, with documents which have color profiles linked based on an absolute path which doesn't resolve on the local system.

Steps to reproduce:
1) launch current trunk (default prefs, new doc)
2) open attached document
3) draw a rect
4) open 'Fill & Stroke > Fill > CMS'
5) select the linked color profile "Fogra27L-CMYK-Coated-Press" from the drop-down list

Expected result:
Inkscape is aware that the linked color profile doesn't exist on the local system, and either warns the user about it, or reverts to <None>.

Actual result: crash

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000008
0x0000000104fc25fe in cmsDoTransform ()

Notes:
- Reproduced with Inkscape 0.48.4 (official package, uses lcms2) and local trunk build on Ubuntu 13.10 (VM, 64bit)
- Reproduced with local trunk builds on OS X 10.7.5 using lcms2 (2.4)
- Stable and trunk builds on OS X using lcms1 (default) do not crash if a missing color profile is selected in Fill & Stroke.
- Neither stable nor trunk using lcms2 output a message to the console about failing to locate linked color profiles (lcms1 does in stable, and did in trunk < 13107).

Tags:

Related branches

lp:~inkscape.dev/inkscape/trunk

Revision history for this message

su_v (suv-lp) wrote on 2014-04-01:

#1

Filename-without-spaces.svg Edit (1.8 KiB, image/svg+xml)

Revision history for this message

su_v (suv-lp) wrote on 2014-04-01:

#2

1300865-bt-full-r13248-debug-osx-quartz-lcms2-64bit.txt Edit (10.1 KiB, text/plain)

Revision history for this message

jazzynico (jazzynico) wrote on 2014-04-01:

#3

Confirmed on Windows XP, Inkscape trunk revision 13248.

Changed in inkscape:
importance:	Undecided → High
status:	New → Confirmed

jazzynico (jazzynico) on 2014-05-08

Changed in inkscape:
status:	Confirmed → Triaged

Revision history for this message

Mark Harmer (drivehappy) wrote on 2015-01-10:

#4

BUG1300865.patch Edit (1.1 KiB, text/plain)

I believe this might also be a duplicate of bug #1335416. I was able to reproduce the crash with a local 32-bit build under Windows 8.1.

I've attached a patch, my local change notes:

Added null-pointer check before calling cmsDoTransform.
Moved the dirty flag for reseting the color selector so that only valid color profiles are loaded.
Unfortunately this still allows the color profile to be shown in the CMS dropdown and selectable, but it will now no longer do anything if it's invalid.

Revision history for this message

jazzynico (jazzynico) wrote on 2015-01-11:

#5

Partially tested on Windows XP with Inkscape trunk rev. 13847. Unfortunately all my local color profiles seem to be invalid (they all crash without the patch), and thus I can't test with a working one...

Revision history for this message

Mark Harmer (drivehappy) wrote on 2015-01-11:

#6

@jazzynico
Thanks, there seems to be an issue when loading these in Windows, particularly in ColorProfile::set. This code looked complex, as I don't know the URI stuff, so my patch only dealt with the worst case if the file could not be loaded. As a local hack to get it to load in Windows I had added the following after fullpath was initialized in ColorProfile::set:

if (fullpath.size() == 0) {
fullpath = this->href;
}

But I don't feel this is a true fix since I don't know what the URI handling code is really doing. As it begins to complicate the reproduce and verification of the above patch, I understand if it's not acceptable. This needs to be fixed eventually to actually load profiles, but maybe it's better to be tracked as another issue?

Even after loading the profile, the color selectors act strangely, I believe that behavior is the same as bug 632023.

Revision history for this message

su_v (suv-lp) wrote on 2015-01-12:

#7

Patch tested successfully (no crash) on OS X 10.7.5 with Inkscape 0.91+devel r13847, lcms2 2.6.

Same observations as noted in comment #4 wrt the CMS dropdown menu in 'Fill & Stroke' (color profile still listed in the dropdown, menu item doesn't revert immediately to 'None' if the defunct profile entry is selected but no longer crashes either).

jazzynico (jazzynico) on 2015-03-04

Changed in inkscape:
status:	Triaged → In Progress
milestone:	none → 0.92

Revision history for this message

jazzynico (jazzynico) wrote on 2016-06-14:

#8

Patch ported to the current trunk (src/widgets/sp-color-icc-selector.cpp moved to src/ui/widget/color-icc-selector.cpp), and tested again successfully on Xubuntu 16.04.

I'm going to create a new report for the dropdown issue, and commit the patch for 0.92.

Thanks for your help, Mark!

Revision history for this message

jazzynico (jazzynico) wrote on 2016-06-14:

#9

Patch committed rev. 14987.

Changed in inkscape:
status:	In Progress → Fix Committed
assignee:	nobody → Mark Harmer (drivehappy)

Revision history for this message

jazzynico (jazzynico) wrote on 2016-06-14:

#10

Follow-up report: bug #1592390 "Invalid profiles should not be available in the Fill and Stroke CMS dropdown".

Bryce Harrington (bryce) on 2017-01-10

Changed in inkscape:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1317463

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

BUG1300865.patch Edit

Add patch

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.