Crash when SVG contains certain special chars

Bug #1548953 reported by Patrick Storz on 2016-02-23
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
High
Patrick Storz

Bug Description

Inkscape crashes when trying to open a file containing certain UTF8-encoded special characters (e.g. a thinspace, see testcase.svg)

The crash is caused by an assertion failure in /boost/optional/optional.hpp (see error.png)

The error is reproducible in 64-bit trunk builds but not in builds of 0.91 stable branch on Windows 7 x64. I didn't test 32-bit builds (yet).
(Both builds were based on the 5.3 branch of devlibs64 which contain boost 1.60 headers)

Patrick Storz (ede123) wrote :
Patrick Storz (ede123) wrote :
Mc (mc...) wrote :

no crashes on linux (debian testing, 0.91 release show "(inkscape:31621): Gtk-CRITICAL **: gtk_text_buffer_emit_insert: assertion 'g_utf8_validate (text, len, NULL)' failed" warnings, but trunk r14666 is just fine)
(boost 1.58.0+dfsg-4.1)

Patrick Storz (ede123) wrote :

Also reproduced on Windows 7 x64 with Inkscape trunk r14666 32-bit built with devlibs r59

Alvin Penner (apenner) wrote :

not reproduced on Windows XP, Inkscape 0.91+devel r14653 (Feb 15 2016)

Patrick Storz (ede123) wrote :

Now that's interesting
- Also *not* reproduced on Windows XP x86 with Inkscape trunk r14666 32-bit built with devlibs r59
- Reproduced on Windows 10 x64 with Inkscape trunk r14666 32-bit built with devlibs r59

So the very same build that is working on Windows XP is failing on Windows 7/10.

su_v (suv-lp) wrote :

Reproduces on OS X with Inkscape 0.91+devel depending on the font used for the text [1]. AFAICT the version of boost does not matter (crash is reproducible with recent local builds using Boost 1.49 as well as with builds using Boost 1.59).
On the local system, the crash (depending on font) only reproduces in current Inkscape trunk after the major 2geom update in rev 14226 (archived builds: rev <= 14224 ok, rev >= 14228 crashes). Full backtrace of X11-based debug build attached.

[1] System fonts (from OS X 10.7.5) which trigger the crash are for example 'Arial' and 'Times New Roman' (each contains a glyph definition for 'THIN SPACE' \u2009), but not 'Arial Unicode' (also contains glyph definition). System font 'Verdana' and e.g. user font 'Turnpike' OTOH also trigger the crash but - according to fontforge - do not contain a definition for 'THIN SPACE' -> possible the fallback retrieved via pango/fontconfig may play an additional role.

Patrick Storz (ede123) wrote :

The attached patch fixes this bug (tested on Windows 7 x64 with Inkscape 0.91+devel_64bit r14691).

Cause were uninitialized fields "left/right" of "Geom::OptRect tiltb" in the rare case of certain whitespace characters containing path data that results in an empty bounding box (e.g. a single move-to command).
Normal whitespace characters do *not* contain path data (therefore "_drawable = false" in the conditional) and therefore didn't trigger the bug.

Patrick Storz (ede123) on 2016-03-05
Changed in inkscape:
assignee: nobody → Eduard Braun (eduard-braun2)
status: New → In Progress
jazzynico (jazzynico) on 2016-03-10
Changed in inkscape:
importance: Undecided → High
milestone: none → 0.92
tags: added: crash text
Patrick Storz (ede123) wrote :
Changed in inkscape:
status: In Progress → Fix Committed
Bryce Harrington (bryce) on 2017-01-10
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers