From sander.brandenburg at gmail.com Thu Aug 14 22:12:00 2014 From: sander.brandenburg at gmail.com (Sander Brandenburg) Date: Thu, 14 Aug 2014 22:12:00 +0000 Subject: [Pkg-dia-team] Bug#758166: dia: Invalid arc in .dia crashes amd64 (but not i386) Message-ID: <20140814221200.29357.6463.reportbug@sander-laptop.local> Package: dia Version: 0.97.2-8 Severity: normal Tags: patch -- System Information: Debian Release: 7.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.11.0-19-generic (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Versions of packages dia depends on: ii dia-common 0.97.2-8 ii dia-libs 0.97.2-8 ii libart-2.0-2 2.3.21-2 ii libatk1.0-0 2.4.0-2 ii libc6 2.13-38+deb7u2 ii libcairo2 1.12.2-3 ii libfontconfig1 2.9.0-7.1 ii libfreetype6 2.4.9-1.1 ii libgdk-pixbuf2.0-0 2.26.1-1 ii libglib2.0-0 2.33.12+really2.32.4-5 ii libgtk2.0-0 2.24.10-2 ii libpango1.0-0 1.30.0-1 ii libpng12-0 1.2.49-1 ii libxml2 2.8.0+dfsg1-7+nmu3 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages dia recommends: ii gsfonts-x11 0.22 dia suggests no packages. -- no debconf information On a wheezy i386 I ended up with the following arc definition: which originated from the following arc: (note curve_distance is 0). This makes dia instances on amd64 platforms crash, but not on i386 platforms: curve_distance == 0 causes center and radius members to contain +/- inf. This eventually creates a segfault at: #0 text_get_line_width (text=0x85292a0, line_no=-2147483648) at ../../lib/text.c:126 in the indexing of lines: 126 return text_line_get_width(text->lines[line_no]); (which get multiplied by 4, shifting off all bits off line_no on the i386 platform, but wreaking havoc on amd64) The fix consist of overriding the supposedly illegal value of 0 to 0.01. I've never modified the dia file directly - I don't know how that 0 ended up there. Possibly it's a rounding issue at serialization? Index: dia-0.97.2/objects/standard/arc.c =================================================================== --- dia-0.97.2.orig/objects/standard/arc.c 2014-08-14 18:57:31.000000000 +0000 +++ dia-0.97.2/objects/standard/arc.c 2014-08-14 22:05:56.234221798 +0000 @@ -878,7 +878,7 @@ arc->curve_distance = 0.1; attr = object_find_attribute(obj_node, "curve_distance"); if (attr != NULL) - arc->curve_distance = data_real(attribute_first_data(attr)); + arc->curve_distance = MAX(0.01, data_real(attribute_first_data(attr))); arc->line_width = 0.1; attr = object_find_attribute(obj_node, PROP_STDNAME_LINE_WIDTH); -------------- next part -------------- A non-text attachment was scrubbed... Name: crashdia.dia Type: application/x-gzip Size: 640 bytes Desc: not available URL: