GNOME Bugzilla – Bug 511072
imagemap crashes when opening a map with too many points
Last modified: 2008-10-30 20:08:27 UTC
Hi, I've created an imagemap with the gimp. Saved the map. When I try to open the map file, the plugin crashes. It crashes when there's more than 161 couples of coordinates. This one works : <area shape="poly" coords="131,6,125,22,120,28,130,29,130,32,127,34,125,34,122,31,115,30,112,31,110,31,108,38,105,38,101,33,100,26,99,16,92,16,88,11,83,19,86,19,91,24,95,30,92,33,92,38,95,44,98,50,99,55,93,54,92,51,89,51,92,56,88,58,84,58,79,65,79,67,75,70,75,78,75,80,86,84,86,85,75,85,75,81,70,81,70,80,72,79,72,73,65,74,65,73,63,74,60,77,60,82,64,82,66,80,68,81,68,85,71,87,71,91,72,93,76,93,79,90,83,90,84,91,90,91,90,93,93,95,96,96,99,99,99,102,103,102,104,104,109,104,112,108,112,110,109,115,107,124,105,125,103,125,101,127,101,130,96,137,95,137,95,140,92,141,91,143,90,146,88,148,89,151,88,153,95,154,96,156,89,160,84,159,81,154,81,147,80,145,80,138,81,137,81,130,82,130,82,121,76,116,73,109,72,107,72,102,75,99,75,95,70,95,70,93,68,93,68,91,66,89,64,89,63,87,52,87,52,80,49,80,45,75,45,72,43,72,43,69,39,65,39,56,40,56,40,52,40,48,37,43,35,41,29,38,22,43,15,46,11,46,11,44,17,42,17,41,14,39,14,35,15,34,15,30,17,29,17,26,23,23,29,23,29,24,36,24,39,25,39,26,42,26,44,24,47,24,53,25,53,26,56,26,56,24,54,24,53,22,48,21,51,17,55,13,61,10,69,10" alt="usa" href="#" > This one crashes : <area shape="poly" coords="131,6,125,22,120,28,130,29,130,32,127,34,125,34,122,31,115,30,112,31,110,31,108,38,105,38,101,33,100,26,99,16,92,16,88,11,83,19,86,19,91,24,95,30,92,33,92,38,95,44,98,50,99,55,93,54,92,51,89,51,92,56,88,58,84,58,79,65,79,67,75,70,75,78,75,80,86,84,86,85,75,85,75,81,70,81,70,80,72,79,72,73,65,74,65,73,63,74,60,77,60,82,64,82,66,80,68,81,68,85,71,87,71,91,72,93,76,93,79,90,83,90,84,91,90,91,90,93,93,95,96,96,99,99,99,102,103,102,104,104,109,104,112,108,112,110,109,115,107,124,105,125,103,125,101,127,101,130,96,137,95,137,95,140,92,141,91,143,90,146,88,148,89,151,88,153,95,154,96,156,89,160,84,159,81,154,81,147,80,145,80,138,81,137,81,130,82,130,82,121,76,116,73,109,72,107,72,102,75,99,75,95,70,95,70,93,68,93,68,91,66,89,64,89,63,87,52,87,52,80,49,80,45,75,45,72,43,72,43,69,39,65,39,56,40,56,40,52,40,48,37,43,35,41,29,38,22,43,15,46,11,46,11,44,17,42,17,41,14,39,14,35,15,34,15,30,17,29,17,26,23,23,29,23,29,24,36,24,39,25,39,26,42,26,44,24,47,24,53,25,53,26,56,26,56,24,54,24,53,22,48,21,51,17,55,13,61,10,69,10,71,8" alt="usa" href="#" >
Please attach the map file that triggers the crash to this bug-report.
Created attachment 103360 [details] Map file with set of coordinates which cause seg fault in imagemap The first part of a stack trace I get (in SVN GIMP) is:
+ Trace 186239
The problem is in line 334 of imap_csim.y which declares "char id[1024]" with the comment "Large enough to hold all polygon points!". Of the two sets of co-ordinates given above, the first one has a length of 1021 characters (excluding terminating NUL), and the second one has a length of 1026 characters (less the NUL).
I have increased the buffer size to 4096 in both branches: 2008-01-22 Sven Neumann <sven@gimp.org> * plug-ins/imagemap/imap_csim.y: increased buffer size. Addresses bug #511072. * plug-ins/imagemap/imap_csim_parse.[ch]: regenerated. Let's keep this report open for a proper fix.
Created attachment 103457 [details] The map file that crashes this file has been created by the imagemap plugin. It has been saved successfully but can not be opened again
That map file has the same problem as the second set of co-ordinates you provided at the top of this report. To put it simply, you have too many points in your image map. The number of characters between the double quote marks after "coords=" in the image map file can not exceed 1023 characters or you will not be able to load the image map file. Sven has increased the number of characters available to hold the list of points but you won't see that change until the next release of GIMP. If you don't want to wait, you can compile the image map plug-in from the Subversion sources or find someone to do that for you.
I verified that the given file can now be read. Of course the code will still crash if a much larger map file is loaded. But I think we can move this away from the 2.4 milestone now.
I tried to compile the plugin, Installed the sources from svn, installed lots of devel packages, tried to install gegl (last 0.0.14) from gegl.org (crashes gegl-0.0.14/docs/gallery). Do I really need to compile the whole gimp just to have the imagemap plugin or can I just compile the imagemap plugin alone ? Chag
If at all you would use the stable branch (gimp-2-4). It is not recommended to use the unstable development version at the moment. And of course you don't need to compile everything if all you need is a fix in one of the plug-ins. But this bug tracker is not a help forum. If you are not familiar with building software from source, then please wait for the GIMP 2.4.4 release.
Created attachment 103784 [details] [review] Remove fixed buffer sizes used for links, comments, and strings. The attached patch file removes the fixed character array used to hold strings, links, comments, and co-ordinate lists. The space for these items is allocated dynamically. The maximum number of characters is now restricted only by what the Flex/Lex parser can handle. The default buffer length in Flex is 16384 characters but this can be changed by defining YY_BUF_SIZE in the .l files.
Cool. Please commit that to trunk together with the generated files.
2008-01-27 Kevin Cozens <kcozens@cvs.gnome.org> * plug-ins/imagemap/imap_cern.l: * plug-ins/imagemap/imap_cern.y: * plug-ins/imagemap/imap_csim.l: * plug-ins/imagemap/imap_csim.y: * plug-ins/imagemap/imap_ncsa.l: * plug-ins/imagemap/imap_ncsa.y: Dynamically allocate space to hold comments, links, strings, and co-ordinate lists. Fixes bug #511072. * plug-ins/imagemap/imap_cern_lex.c: * plug-ins/imagemap/imap_cern_parse.c: * plug-ins/imagemap/imap_cern_parse.h: * plug-ins/imagemap/imap_csim_lex.c: * plug-ins/imagemap/imap_csim_parse.c: * plug-ins/imagemap/imap_csim_parse.h: * plug-ins/imagemap/imap_ncsa_lex.c: * plug-ins/imagemap/imap_ncsa_parse.c: * plug-ins/imagemap/imap_ncsa_parse.h: Regenerated.