Debian Bug report logs - #758166
dia: Invalid arc in .dia crashes amd64 (but not i386)

version graph

Package: dia; Maintainer for dia is Philippe SWARTVAGHER <phil.swart@gmx.fr>; Source for dia is src:dia (PTS, buildd, popcon).

Reported by: Sander Brandenburg <sander.brandenburg@gmail.com>

Date: Thu, 14 Aug 2014 22:15:02 UTC

Severity: normal

Tags: patch

Found in version dia/0.97.2-8

Fixed in version dia/0.97.3-1

Done: Roland Stigge <stigge@antcom.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, sander.brandenburg@gmail.com, Debian Dia Team <pkg-dia-team@lists.alioth.debian.org>:
Bug#758166; Package dia. (Thu, 14 Aug 2014 22:15:06 GMT) (full text, mbox, link).

Acknowledgement sent to Sander Brandenburg <sander.brandenburg@gmail.com>:
New Bug report received and forwarded. Copy sent to sander.brandenburg@gmail.com, Debian Dia Team <pkg-dia-team@lists.alioth.debian.org>. (Thu, 14 Aug 2014 22:15:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Sander Brandenburg <sander.brandenburg@gmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: dia: Invalid arc in .dia crashes amd64 (but not i386)
Date: Thu, 14 Aug 2014 22:12:00 +0000
[Message part 1 (text/plain, inline)]
Package: dia
Version: 0.97.2-8
Severity: normal
Tags: patch


-- System Information:
Debian Release: 7.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11.0-19-generic (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash

Versions of packages dia depends on:
ii  dia-common          0.97.2-8
ii  dia-libs            0.97.2-8
ii  libart-2.0-2        2.3.21-2
ii  libatk1.0-0         2.4.0-2
ii  libc6               2.13-38+deb7u2
ii  libcairo2           1.12.2-3
ii  libfontconfig1      2.9.0-7.1
ii  libfreetype6        2.4.9-1.1
ii  libgdk-pixbuf2.0-0  2.26.1-1
ii  libglib2.0-0        2.33.12+really2.32.4-5
ii  libgtk2.0-0         2.24.10-2
ii  libpango1.0-0       1.30.0-1
ii  libpng12-0          1.2.49-1
ii  libxml2             2.8.0+dfsg1-7+nmu3
ii  zlib1g              1:1.2.7.dfsg-13

Versions of packages dia recommends:
ii  gsfonts-x11  0.22

dia suggests no packages.

-- no debconf information

On a wheezy i386 I ended up with the following arc definition:
which originated from the following arc:
    <dia:object type="Standard - Arc" version="0" id="O1">
      <dia:attribute name="obj_pos">
        <dia:point val="4.27503,56.9797"/>
      </dia:attribute>
      <dia:attribute name="obj_bb">
        <dia:rectangle val="4.22385,56.6055;17.8294,57.0309"/>
      </dia:attribute>
      <dia:attribute name="conn_endpoints">
        <dia:point val="4.27503,56.9797"/>
        <dia:point val="17.7782,56.6567"/>
      </dia:attribute>
      <dia:attribute name="curve_distance">
        <dia:real val="0"/>
      </dia:attribute>
      <dia:connections>
        <dia:connection handle="1" to="O0" connection="3"/>
      </dia:connections>
    </dia:object>

(note curve_distance is 0). This makes dia instances on amd64 platforms crash, but not on i386 platforms:
curve_distance == 0 causes center and radius members to contain +/- inf.

This eventually creates a segfault at:
#0  text_get_line_width (text=0x85292a0, line_no=-2147483648) at ../../lib/text.c:126
in the indexing of lines:
126	  return text_line_get_width(text->lines[line_no]);
(which get multiplied by 4, shifting off all bits off line_no on the i386 platform, but wreaking havoc on amd64)

The fix consist of overriding the supposedly illegal value of 0 to 0.01. I've never modified the dia file 
directly - I don't know how that 0 ended up there. Possibly it's a rounding issue at serialization?

Index: dia-0.97.2/objects/standard/arc.c
===================================================================
--- dia-0.97.2.orig/objects/standard/arc.c	2014-08-14 18:57:31.000000000 +0000
+++ dia-0.97.2/objects/standard/arc.c	2014-08-14 22:05:56.234221798 +0000
@@ -878,7 +878,7 @@
   arc->curve_distance = 0.1;
   attr = object_find_attribute(obj_node, "curve_distance");
   if (attr != NULL)
-    arc->curve_distance = data_real(attribute_first_data(attr));
+    arc->curve_distance = MAX(0.01, data_real(attribute_first_data(attr)));
 
   arc->line_width = 0.1;
   attr = object_find_attribute(obj_node, PROP_STDNAME_LINE_WIDTH);

[crashdia.dia (application/x-gzip, attachment)]

Reply sent to Roland Stigge <stigge@antcom.de>:
You have taken responsibility. (Sun, 07 Sep 2014 09:36:06 GMT) (full text, mbox, link).

Notification sent to Sander Brandenburg <sander.brandenburg@gmail.com>:
Bug acknowledged by developer. (Sun, 07 Sep 2014 09:36:06 GMT) (full text, mbox, link).

Message #10 received at 758166-close@bugs.debian.org (full text, mbox, reply):

From: Roland Stigge <stigge@antcom.de>
To: 758166-close@bugs.debian.org
Subject: Bug#758166: fixed in dia 0.97.3-1
Date: Sun, 07 Sep 2014 09:34:21 +0000
Source: dia
Source-Version: 0.97.3-1

We believe that the bug you reported is fixed in the latest version of
dia, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 758166@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Roland Stigge <stigge@antcom.de> (supplier of updated dia package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 07 Sep 2014 11:20:09 +0200
Source: dia
Binary: dia-common dia-libs dia dia-gnome
Architecture: source all amd64
Version: 0.97.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Dia Team <pkg-dia-team@lists.alioth.debian.org>
Changed-By: Roland Stigge <stigge@antcom.de>
Description:
 dia        - Diagram editor
 dia-common - Diagram editor (common files)
 dia-gnome  - Diagram editor (GNOME version)
 dia-libs   - Diagram editor (library files)
Closes: 758166
Changes:
 dia (0.97.3-1) unstable; urgency=medium
 .
   * New upstream release
   * Fix crash on amd64, thanks to Sander Brandenburg
     <sander.brandenburg@gmail.com> (Closes: #758166)
Checksums-Sha1:
 1896f20451527b08d19c135f9274575f1d84bf73 2257 dia_0.97.3-1.dsc
 316393951daebd186ba387e1cd6e34160a458c39 5548500 dia_0.97.3.orig.tar.xz
 487ec503c29b184252ef6b64ab8312b6d843122b 33572 dia_0.97.3-1.debian.tar.xz
 038dd94057fe7f19bbd2add3ff7726ac6153af77 4044720 dia-common_0.97.3-1_all.deb
 f302b57d855e594fe7b75958940786f8a3212e7b 715670 dia-libs_0.97.3-1_amd64.deb
 d9e06ac82130bc8883a4d26a7eba79af701df4dd 197628 dia_0.97.3-1_amd64.deb
 6f2e9c2a8ce6e97cdda305d533e710942da791cf 199036 dia-gnome_0.97.3-1_amd64.deb
Checksums-Sha256:
 fe7682a0e54a3c5cf8a9266e9d321bfc343a83003e945010daefaeb9eadc6388 2257 dia_0.97.3-1.dsc
 22914e48ef48f894bb5143c5efc3d01ab96e0a0cde80de11058d3b4301377d34 5548500 dia_0.97.3.orig.tar.xz
 6a1e215f02ffa6c8c588bfd397a2627d3f17ec15b08cd47ec1dbebc771ecfbfa 33572 dia_0.97.3-1.debian.tar.xz
 3904971c9f27cce0789eaeaea97301c6be79c01e0a09d25f00b830c3e9969d7a 4044720 dia-common_0.97.3-1_all.deb
 5d800357d12dae9d8ee2258e1b8a8db0e23c3de55e0e3719d7e503491ff0a640 715670 dia-libs_0.97.3-1_amd64.deb
 dbaf882b3ff8586d00e785d8e4e75e10976882c96527f71419e948cf147f6058 197628 dia_0.97.3-1_amd64.deb
 b4c7f51e35aad4e4b0afe1854199b2869281253c072cfade87232e2c7a49b8d8 199036 dia-gnome_0.97.3-1_amd64.deb
Files:
 99de701003b87fbd27e6b68d8b4f14f6 4044720 graphics optional dia-common_0.97.3-1_all.deb
 29244c25938bb96c772d0983fa1b2822 715670 graphics optional dia-libs_0.97.3-1_amd64.deb
 3f9ad21a32facb05856066a1112a1d62 197628 graphics optional dia_0.97.3-1_amd64.deb
 fa1aacb9124e25482873096f5af258eb 199036 gnome optional dia-gnome_0.97.3-1_amd64.deb
 3f3aa043398ab44b1ac5ddcf439d8871 2257 graphics optional dia_0.97.3-1.dsc
 0e744a0f6a6c4cb6a089e4d955392c3c 5548500 graphics optional dia_0.97.3.orig.tar.xz
 5729cd606312d9bd2122e6cf9fb1d65e 33572 graphics optional dia_0.97.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVAwlTvQbKGJYx7B5AQK5fw//ScS4KJs3ozEV4ITMbmyVod9lxSARBQXL
UMoQ+nYnvLcnmZakhz79gbBCb3hQhAvj2bUKDet8H3EHI0WNeokJt2kPO9ijYNJk
cbaRyp73RUvFtF7IQu7IdzSX1NJMDcT+htk07wqURsLiRo7Gi9JdbsBEW0h643Hj
tkAYtEitojbJ4wOLBezo8W818czhMS5sH5qMDe2JqRtXU6bkxUttVu8D4+TrR/iA
xo1Qu8DPE1+1Cb3rgHl/XuGX2pc5gkLIRl7Q93iy4iqcb13Z8D9F3nBogcbZvHip
goRvLJuBl6HP/z7LZiycOJOCHJ5XAEWUcIkOcTHu8KPrVo/tr/0fhqoNfu6qiz/d
lQjWP/fEYefdCNliCnFq++2q0zthDhAhOwre7QGgC3WyXYthXafwj5YlDWu2uZjl
tghoiu131mOlXQO042YHnuVTWkJAjNaRRsfop32otaINGkY+PfXsflMcj0T4Smgb
0jIta0Bm+xcaQLRnLUPfl/XbkBiTXFcV40o/6h8bmy4tDalTLe7IcKU1Xxuc0v3Q
or0aHa3Dx4J/yAzMT7EdIDEI1SlH/7synFissMZOyHHzHOmF5aElwaVQXxw2ekvZ
Ezv2/4JQAsmrMAI4IKI+ratQTJeo7wxssCSEL4KwQA2IpWzrxFL55FHMcVOyr4/F
JYj8Feda2Ig=
=drzL
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 11 Oct 2014 07:34:04 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 08:15:04 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.