Crash on trying to open a large .wmf file.

Bug #1572280 reported by Shlomi Fish on 2016-04-19
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Inkscape
High
Patrick Storz
0.92.x
High
Patrick Storz

Bug Description

I tried:

shlomif@telaviv1:~/Backup/Arcs/inkscape-crash-bug$ ls
wmf-that-crashes-inkscape.wmf
shlomif@telaviv1:~/Backup/Arcs/inkscape-crash-bug$ file wmf-that-crashes-inkscape.wmf
wmf-that-crashes-inkscape.wmf: ms-windows metafont .wmf
shlomif@telaviv1:~/Backup/Arcs/inkscape-crash-bug$ /home/shlomif/apps/graphics/inkscape-trunk/bin/inkscape wmf-that-crashes-inkscape.wmf
Entity: line 25: parser error : AttValue length too long
  xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAEOAAAAyoCAIAAAAfEtsI
             ^
Entity: line 25: parser error : attributes construct error
  xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAEOAAAAyoCAIAAAAfEtsI
             ^
Entity: line 25: parser error : Couldn't find end of Start Tag image line 22
  xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAEOAAAAyoCAIAAAAfEtsI
             ^
Entity: line 100142: parser error : internal error: Huge input lookup
        L -1355.28,390.72
                          ^
Entity: line 99646: parser error : internal error: Huge input lookup

Emergency save activated!
Emergency save completed. Inkscape will close now.
If you can reproduce this crash, please file a bug at www.inkscape.org
with a detailed description of the steps leading to the crash, so we can fix it.

(inkscape:30562): Gtk-WARNING **: Theme directory of theme oxygen has no size field

Segmentation fault (core dumped)
shlomif@telaviv1:~/Backup/Arcs/inkscape-crash-bug$

You can find the offending .wmf file here:

http://www.shlomifish.org/Files/files/arcs/inkscape-wmf-crash-bug.tar.xz

(it's a tar.xz archive).

Note that as opposed to https://bugs.launchpad.net/inkscape/+bug/1434721 it's not an EMF file.

I'm on Mageia Linux x86-64 v6 and I built inkscape from bzr using cmake (but it also happens with /usr/bin/inkscape which is inkscape-0.91-7.mga6 .

Alvin Penner (apenner) wrote :

I am not able to unzip this file. Could you attach the file here in a standard zip format?

Shlomi Fish (shlomif-gmail) wrote :

Alvin Penner: this is not a .zip archive but a tar.xz file - see https://en.wikipedia.org/wiki/Tar_%28computing%29 ; https://en.wikipedia.org/wiki/Xz ; If you're using Windows, you can use 7-Zip to unpack such archives, see: http://www.7-zip.org/ . Please download it and use it.

Sorry, but I prefer to educate people rather than aiming for the lowest common denominator.

Alvin Penner (apenner) wrote :

I am using 7-zip and it does not work, I get the following error message

Alvin Penner (apenner) wrote :

sorry about that, my 7-zip was rather old. I used a newer version and now it works. So I loaded the wmf file with the following results:

- crash not reproduced on Windows 7 (32 bit), Inkscape 0.91 r13725 (Jan 30 2015)
- crash not reproduced on Windows XP, Inkscape 0.91+devel r14860 (Apr 19 2016)

Shlomi Fish (shlomif-gmail) wrote :

apenner: hi! Sorry for the inconvenience. 7-zip works perfectly fine with that file and URL on my WinXP VBox VM. The tar.xz's SHA256 sum is:

shlomif@telaviv1:~/Backup/Arcs$ sha256sum inkscape-wmf-crash-bug.tar.xz
9f1c94e1cb9f83ecbcb005df68b0f9abfad3d751f94feeeffafaf82820a388a4 inkscape-wmf-crash-bug.tar.xz
shlomif@telaviv1:~/Backup/Arcs$

Please ascertain the contents match. If it helps , I can try setting up zsync support (see http://zsync.moria.org.uk/ ) which is llike rsync only over HTTP.

Shlomi Fish (shlomif-gmail) wrote :

apenner: I see - thanks for trying. How much RAM did you have? I have 8 GB of RAM and some swap. Also - it's possible this problem is 32-bits and/or Linux-specific.

Shlomi Fish (shlomif-gmail) wrote :

I've now tried it with inkscape-0.91 from the 32-bits .msi on a WinXP VM and it opened the file fine enough. I'm going to try in a Debian Stretch x86-64 VM to see if the problem is mageia-specific.

su_v (suv-lp) wrote :

> parser error : AttValue length too long

@Shlomi - compare libxml2 versions; affected systems probably use newer libxml2 (>= 2.9.0). 32bit devlibs on the other hand include rather dated libxml2 2.7.7. Likely related earlier reports (import of foreign vector formats with large embedded bitmaps):
bug #1412912, bug #1243011

tags: added: bitmap importing wmf
Shlomi Fish (shlomif-gmail) wrote :

OK, it also happens on a Debian Stretch x86-64 VM. @su_v: thanks for the update. The systems in question are using libxml2-2.9.x.

jazzynico (jazzynico) wrote :

Reproduced on Xubuntu 15.10 with Inkscape 0.91, libxml-2.9.2. Backtrace attached.
Not reproduced with trunk rev. 14861. The image doesn't load (same console messages) but Inkscape doesn't crash.

Changed in inkscape:
importance: Undecided → High
status: New → Triaged
Shlomi Fish (shlomif-gmail) wrote :

This is a backtrace generated by inkscape trunk on mageia v6 x86-64 with lib64xml2-devel-2.9.3-2.mga6 .

Lucio (luciomarinelli) wrote :

I get the error "Si è verificato un errore interno ed Inkscape verrà chiuso immediatamente." also when opening much smaller WMF files (see attached). Using Ubuntu 16.04.1 LTS (Xenial Xerus) 64-bit and Inkscape 0.91

Alvin Penner (apenner) wrote :

re-testing the file 'wmf-that-crashes-inkscape.wmf' from comment 1 on Windows 10:

- problem not reproduced on Inkscape 0.92.0 r15299 (32 bit exe build). The file loads normally with no warnings.

- problem reproduced on Windows 10, Inkscape trunk Inkscape 0.92+devel 15388. I get the DOS exit messages:

C:\Users\penne_000\AppData\Roaming\InkscapeBZR\build\inkscape>inkscape
Entity: line 25: parser error : AttValue length too long
  xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAEOAAAAyoCAIAAAAfEtsI
             ^
Entity: line 25: parser error : attributes construct error
  xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAEOAAAAyoCAIAAAAfEtsI
             ^
Entity: line 25: parser error : Couldn't find end of Start Tag image line 22
  xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAEOAAAAyoCAIAAAAfEtsI
             ^
Entity: line 100142: parser error : internal error: Huge input lookup
        L -1355.28,390.72
                          ^
Entity: line 99646: parser error : Char 0x0 out of allowed range
Entity: line 99646: parser error : Premature end of data in tag svg line 2

Patrick Storz (ede123) wrote :

Fixed in
http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/15654

Please test the change thoroughly. If no regressions are found I think this would be a good candidate for backporting to 0.92.x.

Changed in inkscape:
status: Triaged → Fix Committed
assignee: nobody → Eduard Braun (eduard-braun2)
jazzynico (jazzynico) on 2017-04-30
Changed in inkscape:
milestone: none → 0.93
tags: added: backport-proposed
jazzynico (jazzynico) wrote :

Fix confirmed on Xubuntu 16.04, lp:inkscape rev. 15657. The image now loads correctly, with no console message.

Shlomi Fish (shlomif-gmail) wrote :

This is confirmed to be fixed on mageia linux v6 x86-64.

su_v (suv-lp) on 2017-07-17
tags: removed: backport-proposed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers