Rendering svg - marker-mid with 1-point polyline causes infinite loop

Bug #1536466 reported by Joshua Augustin on 2016-01-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
High
Tavmjong Bah

Bug Description

As listed, when rendering an SVG file that contains a polyline with only one point, if a marker-mid is specified, the rendering process will quickly eat all RAM and CPU, ergo probably an infinite loop, and abort with a std::bad_alloc after a time.

Attached is a minimal file, crash.svg, that reproduces this bug in Inkscape 0.48.5. I'm running a Debian GNU/Linux 8 (jessie) 64-bit, but there is no reason to believe this is a release-specific version. This bug also occurs in ImageMagick on the same file.

Removing the attribute 'marker-mid' in the polyline stops this from occuring.

Alvin Penner (apenner) wrote :

- not reproduced on Windows 7 (32 bit), Inkscape 0.91 r13725 (Jan 30 2015)
- not reproduced on Windows XP, Inkscape 0.91+devel r14600 (Jan 17 2016)

su_v (suv-lp) wrote :

On OS X 10.7.5:
- reproduced with Inkscape 0.48.5 r10040
- not reproduced with Inkscape 0.91 r13725
- not reproduced with Inkscape 0.91+devel r14610

Based on tests with archived builds:
- reproduced with rev <= 12342,
- not reproduced with rev >= 12344;
this issue was fixed in revision 12343:

Prevent crash from middle marker when a path or polyline has only one point.
https://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/12343

Changed in inkscape:
assignee: nobody → Tavmjong Bah (tavmjong-free)
importance: Undecided → High
milestone: none → 0.91
status: New → Fix Released
tags: removed: infinite-loop
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers