Package: dia Version: 0.97.2-8 Severity: normal Tags: patch
-- System Information: Debian Release: 7.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.11.0-19-generic (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Versions of packages dia depends on: ii dia-common 0.97.2-8 ii dia-libs 0.97.2-8 ii libart-2.0-2 2.3.21-2 ii libatk1.0-0 2.4.0-2 ii libc6 2.13-38+deb7u2 ii libcairo2 1.12.2-3 ii libfontconfig1 2.9.0-7.1 ii libfreetype6 2.4.9-1.1 ii libgdk-pixbuf2.0-0 2.26.1-1 ii libglib2.0-0 2.33.12+really2.32.4-5 ii libgtk2.0-0 2.24.10-2 ii libpango1.0-0 1.30.0-1 ii libpng12-0 1.2.49-1 ii libxml2 2.8.0+dfsg1-7+nmu3 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages dia recommends: ii gsfonts-x11 0.22 dia suggests no packages. -- no debconf information On a wheezy i386 I ended up with the following arc definition: which originated from the following arc: <dia:object type="Standard - Arc" version="0" id="O1"> <dia:attribute name="obj_pos"> <dia:point val="4.27503,56.9797"/> </dia:attribute> <dia:attribute name="obj_bb"> <dia:rectangle val="4.22385,56.6055;17.8294,57.0309"/> </dia:attribute> <dia:attribute name="conn_endpoints"> <dia:point val="4.27503,56.9797"/> <dia:point val="17.7782,56.6567"/> </dia:attribute> <dia:attribute name="curve_distance"> <dia:real val="0"/> </dia:attribute> <dia:connections> <dia:connection handle="1" to="O0" connection="3"/> </dia:connections> </dia:object> (note curve_distance is 0). This makes dia instances on amd64 platforms crash, but not on i386 platforms: curve_distance == 0 causes center and radius members to contain +/- inf. This eventually creates a segfault at: #0 text_get_line_width (text=0x85292a0, line_no=-2147483648) at ../../lib/text.c:126 in the indexing of lines: 126 return text_line_get_width(text->lines[line_no]); (which get multiplied by 4, shifting off all bits off line_no on the i386 platform, but wreaking havoc on amd64) The fix consist of overriding the supposedly illegal value of 0 to 0.01. I've never modified the dia file directly - I don't know how that 0 ended up there. Possibly it's a rounding issue at serialization? Index: dia-0.97.2/objects/standard/arc.c =================================================================== --- dia-0.97.2.orig/objects/standard/arc.c 2014-08-14 18:57:31.000000000 +0000 +++ dia-0.97.2/objects/standard/arc.c 2014-08-14 22:05:56.234221798 +0000 @@ -878,7 +878,7 @@ arc->curve_distance = 0.1; attr = object_find_attribute(obj_node, "curve_distance"); if (attr != NULL) - arc->curve_distance = data_real(attribute_first_data(attr)); + arc->curve_distance = MAX(0.01, data_real(attribute_first_data(attr))); arc->line_width = 0.1; attr = object_find_attribute(obj_node, PROP_STDNAME_LINE_WIDTH);
crashdia.dia
Description: GNU Zip compressed data