Illustrator CS SVG won't load: namespace URIs in entities

Bug #166371 reported by Kwixson on 2005-03-05
42
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Inkscape
Critical
Martin Owens
inkscape (Debian)
Fix Released
Unknown
inkscape (Ubuntu)
High
Unassigned

Bug Description

Opening an SVG exported from Illustrator CS on Windows
XP crashes Inkscape on Windows XP with the message:

<inkscape.exe:2296>: Warning **: SVGView: error loading
document

Tags: svg Edit Tag help

Related branches

Kwixson (kwixson) wrote :

Forgot to mention... using version
Inkscape-0.41-1.win32.exe, with build,
Inkscape0503040100.zip copied over it.

Does not work because namespace URIs are in entities, so
Inkscape does not recognize the namespaces it needs:

michigan_line_drawing.svg:18: parser warning : xmlns: URI
&ns_svg; is not absolute
         xmlns="&ns_svg;" xmlns:xlink="&ns_xlink;"
xmlns:a="http://ns.adobe.com/AdobeSV
                         ^
michigan_line_drawing.svg:22: parser warning : xmlns: URI
&ns_vars; is not absolute
                <variableSets xmlns="&ns_vars;">
                                                ^
michigan_line_drawing.svg:25: parser warning : xmlns: URI
&ns_custom; is not absolute
                                <v:sampleDataSets
xmlns="&ns_custom;" xmlns:v="&ns_vars;"></v:sampleDataSet

          ^
michigan_line_drawing.svg:28: parser warning : xmlns: URI
&ns_sfw; is not absolute
                <sfw xmlns="&ns_sfw;">
                                      ^

Bug Importer (bug-importer) wrote :

How does libxml handle entities? Is this a bug (/missing
feature) in libxml, or is inkscape not doing what libxml
expects us to do with entities?

I haven't looked much yet, but yes it seems to be a bug in
libxml because we explicitly enable entity expansion, and in
all other places entities are correctly expanded.

Jon A. Cruz (jon-joncruz) wrote :

xmlns="&ns_svg;" is the key one that kills our load. The
others are just generating warnings.

Chris-lilley (chris-lilley) wrote :

surely inkscape should be looking at the parsed value.
However, the DOM (which can't decide if its for borowsers or
for editing tools) preserves the fact that there was
originally an entity there. Looks like you need to be asking
for the flattened text node content of the attribute.

Jon A. Cruz (jon-joncruz) wrote :

Added parsing call option to mirror behavior from 0.41 and
expand entities.

I seems like the bug reappeared.

I'm using version 0.48.4-0.1ubuntu2 of the package inkscape and tried to open a bunch of SVGs that start like this:

<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
 <!ENTITY ns_svg "http://www.w3.org/2000/svg">
 <!ENTITY ns_xlink "http://www.w3.org/1999/xlink">
]>
<svg version="1.1" id="Ebene_1" xmlns="&ns_svg;" xmlns:xlink="&ns_xlink;" ...>

The complaint is the same as above. If the document element is edited to read this:

<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" ...>

it works. Seemingly the entities are not expanded.

I don't have the source code so I can't fix this myself. But this seems to be a good candidate for a regression test.

su_v (suv-lp) wrote :

@Matthias Jordan - the recent regression (Inkscape 0.48.4 and trunk) is tracked in
- Bug #1093433 “XML Entities used for namespace declarations prevent file loading in trunk and 0.48.4”
  <https://bugs.launchpad.net/inkscape/+bug/1093433>

su_v (suv-lp) wrote :

AFAIU the newly added Ubuntu bug task should be removed again from this old report (bug #166371) - members of the Inkscape bug team apparently lack privileges to do so.

suv-lp: Is this bug here fixed? Or was it fixed?

An further: What has bug #1093433 to do with this bug? Is it a regression of this bug?

Changed in inkscape (Ubuntu):
status: New → Incomplete
su_v (suv-lp) wrote :

Turns out that the fix for
- Bug #1025185 “XXE vulnerability during rasterization of SVG images”
  <http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931>
reverted the fix for this one:
- Bug #166371 “Illustrator CS SVG won't load: namespace URIs in entities”
  <http://inkscape.svn.sourceforge.net/viewvc/inkscape?view=revision&revision=7900>

-> reopening this report, and marking bug #1093433 (which was filed to track that recent regression) as duplicate of this one.

Changed in inkscape:
status: Fix Released → Triaged
su_v (suv-lp) on 2013-07-14
Changed in inkscape:
milestone: none → 0.49
tags: added: blocker svg
Changed in inkscape (Ubuntu):
status: Incomplete → Confirmed
Martin Owens (doctormo) wrote :

I added XML_PARSE_NONET to try and test the effects with bug 1025185, but while I could get this file to work, I couldn't test the failure in that bug. Is there any more details so we could test how to parse the xml while walking this line?

Martin Owens (doctormo) wrote :

Testing with r12504 of trunk, the bug can not be duplicated. All files with entities in their headers are loaded correctly and the NONET option has been tested to make sure it's still in effect and the XXE vuln has been tested for both local and net loading.

I'm going to go back through revs to see where it was fixed, but for now this bug Is fixed.

Changed in inkscape:
assignee: Jon A. Cruz (jon-joncruz) → Martin Owens (doctormo)
status: Triaged → Fix Committed
ScislaC (scislac) on 2013-09-10
Changed in inkscape:
status: Fix Committed → Confirmed
su_v (suv-lp) wrote :

Martin Owens wrote:
> Testing with r12504 of trunk, the bug can not be duplicated.
> status: Triaged → Fix Committed

Can not confirm this being fixed, tested and issue still reproduced with Inkscape 0.48+devel r12504 on
- Ubuntu 13.04 (VM 64bit, trunk PPA)
- Ubuntu 12.10 (VM 64bit, local build)
- Ubuntu 12.04 (VM 64bit, trunk PPA)
- OS X 10.7.5 (local builds, up-to-date MacPorts for dependencies)

with two random sample files from the related ports:
<https://bugs.launchpad.net/inkscape/+bug/166371/+attachment/173238/+files/michigan_line_drawing.svg>
<https://bugs.launchpad.net/inkscape/+bug/1118698/+attachment/3519609/+files/Clean.svg>

Since it apparently works for Martin, it might be of interest for others to know which OS he used for testing, with which version of libxml2 installed (is it patched by the distribution?), which sample SVG files, and which local changes to Inkscape trunk are applied that might affect the tests.

Proposing to revert latest status change and reopen the report.

ScislaC (scislac) wrote :

Martin,

I can still confirm with 12504, it is not fixed. If you by chance had opened the file in Firefox and saved it, Firefox stripped the relevant line from the file (that's how they get around the XXE vuln). If using Firefox, if you just Right-click>Save Link As, it will leave the line intact as FF doesn't parse it. Changed back to confirmed as suv also can reproduce it.

Martin Owens (doctormo) wrote :

ScislaC: I can confirm the replacement in Firefox. Now that I have real entries, I've tested it completely and read up more on libxml2 mailing list. It looks like the parsing of SYSTEM/PUBLIC entity data caused them to drop the NOENT replacement option, giving us no option to disable SYSTEM/PUBLIC parsing or introducing custom entities before the parser croaks.

Thus, I'm convinced that a patch to libxml2 is the only solution without hacking inkscape to read in the xml first and search and replace entities from a set list for illustrator files. Which I would hate to have to do.

Martin Owens (doctormo) wrote :

See branch proposed for merging. I've asked for review because it's not clean code.

Martin Owens (doctormo) on 2013-09-12
Changed in inkscape:
status: Confirmed → Fix Committed
su_v (suv-lp) on 2013-09-12
tags: added: backport-proposed
removed: blocker
Changed in inkscape (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → High
Johan Engelen (johanengelen) wrote :

backported in r9985.
Please test.

su_v (suv-lp) on 2013-11-12
Changed in inkscape:
milestone: 0.49 → 0.48.5
Kris (kris-degussem) on 2013-12-11
tags: removed: backport-proposed
Changed in inkscape:
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package inkscape - 0.48.5-2ubuntu1

---------------
inkscape (0.48.5-2ubuntu1) utopic; urgency=medium

  * Merge with Debian Unstable (LP: #1358863). Fixes several Ubuntu bugs:
    - Illustrator CS SVG won't load: namespace URIs in entities (LP: #166371)
    - inkscape crashed with SIGSEGV in
      sp_dtw_color_profile_event() (LP: #966441)
    - inkscape crashed with SIGSEGV (LP: #1051017)
    - inkscape crashed with SIGSEGV in Inkscape::Preferences::_getNode()
      (LP: #1163241)
    - save a copy reverts to save as (LP: #529843)
    - Extension to braille not working on Xubuntu 12.10 (LP: #1090865)
  * Remaining changes:
    - debian/control:
      + Set Ubuntu Developer as maintainer,
      + build-depend on dh-translation to handle Ubuntu translation,
      + demote pstoedit from Recommends to Suggests (because it's in universe),
    - debian/patches/0006_add_unity_quicklist_support.patch: add.
    - debian/patches/series: update.
    - debian/rules:
      + add dh_translation to handle Ubuntu translation
  * Drop debian/patches/librevenge.patch (superseded by
      debian/patches/0006-Update_to_new_libwpg.patch)

inkscape (0.48.5-2) unstable; urgency=medium

  * debian/patches/: patchset updated
    - 0006-Update_to_new_libwpg.patch added (Closes: #753430)
      Thanks to Rene Engelhard (rene) for the patch.
  * debian/control: build-dependencies updated
    - librevenge-dev added
    - libwpd-dev (>= 0.9.0) dropped
    - libwpg-dev (>= 0.2.0) bumped to libwpg-dev (>= 0.3.0)
  * debian/: dh-autoreconf usage applied

inkscape (0.48.5-1) unstable; urgency=medium

  [ Luca Bruno ]
  * debian/rules: fix FTBFS on alpha (Closes: #738155)

  [ Mattia Rizzolo ]
  * debian/patches/: patchset updated against v0.48.5
    - 0004-Fix_FTBFS_on_gcc-4.8.patch refreshed
    - 0005-Fix_FreeType_include.patch dropped (applied upstream)
    - 0006-Fix_FTBFS_on_poppler-0.26.patch dropped (applied upstream)
    - 0005-Fix_FTBFS_due_to_tests.patch added

  [ Matteo F. Vescovi ]
  * Imported Upstream version 0.48.5
 -- Alex Valavanis <email address hidden> Tue, 19 Aug 2014 19:10:32 +0100

Changed in inkscape (Ubuntu):
status: Triaged → Fix Released
Changed in inkscape (Debian):
status: Unknown → Confirmed
Changed in inkscape (Debian):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.