GNOME Bugzilla – Bug 302781
Dia should not crash on highly broken files (created by PostgreSQL Autodoc)
Last modified: 2019-03-20 11:19:33 UTC
Steps to reproduce: 1. Generate a document with PostgreSQL Autodoc 2. Load the resulting .dia file with Dia Stack trace: ** (dia:41078): WARNING **: No attribute obj_pos (0x0) or no data(0x0) in this attribute ** (dia:41078): WARNING **: No attribute obj_bb (0x0) or no data(0x0) in this attribute ** (dia:41078): WARNING **: No attribute elem_corner (0x0) or no data(0x0) in this attribute ** (dia:41078): WARNING **: No attribute elem_width (0x0) or no data(0x0) in this attribute ** (dia:41078): WARNING **: No attribute elem_height (0x0) or no data(0x0) in this attribute GLib-ERROR **: gmem.c:141: failed to allocate 18446744073709551584 bytes Other information: These documents used to load fine in older versions of dia. Moving the objects would connect the lines to the correct place. Dia is free to reject the file, but crashing is definitely the wrong answer.
Created attachment 45961 [details] Crasher Document
Can't make it crash here, neither in newest CVS or 0.94. What operating system are you using?
FreeBSD on AMD64. It was brought to my attention because a user of PostgreSQL Autodoc sent me some information. Applying these changes to the document template (generated via perls HTML::Template) works around the crash. http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/autodoc/autodoc/zigzag.dia.tmpl.diff?r1=1.4&r2=1.5
Still would like to find out about the crash. Here's what valgrind on i86 has to say about it: ==6584== Invalid read of size 8 ==6584== at 0x3419E09B: draw_polyline_with_arrows (geometry.h:323) ==6584== by 0x352E4F46: dependency_draw (dependency.c:241) ==6584== by 0x341A076B: draw_object (diagdkrenderer.c:947) ==6584== by 0x8070898: ddisplay_obj_render (display.c:552) ==6584== Address 0x3705B050 is 16 bytes before a block of size 64 alloc'd ==6584== at 0x3414B2F4: malloc (in /usr/lib/valgrind/vgpreload_addrcheck.so) ==6584== by 0x347DCD26: g_malloc (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x347EE79D: g_memdup (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x34193EDB: pointarrayprop_set_from_offset (prop_geomtypes.c:525)==6584== ==6584== Invalid read of size 8 ==6584== at 0x3419E0A3: draw_polyline_with_arrows (geometry.h:324) ==6584== by 0x352E4F46: dependency_draw (dependency.c:241) ==6584== by 0x341A076B: draw_object (diagdkrenderer.c:947) ==6584== by 0x8070898: ddisplay_obj_render (display.c:552) ==6584== Address 0x3705B058 is 8 bytes before a block of size 64 alloc'd ==6584== at 0x3414B2F4: malloc (in /usr/lib/valgrind/vgpreload_addrcheck.so) ==6584== by 0x347DCD26: g_malloc (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x347EE79D: g_memdup (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x34193EDB: pointarrayprop_set_from_offset (prop_geomtypes.c:525)==6584== ==6584== Invalid read of size 8 ==6584== at 0x34170F44: calculate_arrow_point (geometry.h:125) ==6584== by 0x3419E148: draw_polyline_with_arrows (diarenderer.c:944) ==6584== by 0x352E4F46: dependency_draw (dependency.c:241) ==6584== by 0x341A076B: draw_object (diagdkrenderer.c:947) ==6584== Address 0x3705B050 is 16 bytes before a block of size 64 alloc'd ==6584== at 0x3414B2F4: malloc (in /usr/lib/valgrind/vgpreload_addrcheck.so) ==6584== by 0x347DCD26: g_malloc (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x347EE79D: g_memdup (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x34193EDB: pointarrayprop_set_from_offset (prop_geomtypes.c:525)==6584== ==6584== Invalid read of size 8 ==6584== at 0x34170F4A: calculate_arrow_point (geometry.h:126) ==6584== by 0x3419E148: draw_polyline_with_arrows (diarenderer.c:944) ==6584== by 0x352E4F46: dependency_draw (dependency.c:241) ==6584== by 0x341A076B: draw_object (diagdkrenderer.c:947) ==6584== Address 0x3705B058 is 8 bytes before a block of size 64 alloc'd ==6584== at 0x3414B2F4: malloc (in /usr/lib/valgrind/vgpreload_addrcheck.so) ==6584== by 0x347DCD26: g_malloc (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x347EE79D: g_memdup (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x34193EDB: pointarrayprop_set_from_offset (prop_geomtypes.c:525)==6584== ==6584== Invalid read of size 8 ==6584== at 0x34170781: calculate_arrow (geometry.h:125) ==6584== by 0x3417580E: arrow_draw (arrows.c:472) ==6584== by 0x3419E3CF: draw_polyline_with_arrows (diarenderer.c:964) ==6584== by 0x352E4F46: dependency_draw (dependency.c:241) ==6584== Address 0x3705B050 is 16 bytes before a block of size 64 alloc'd ==6584== at 0x3414B2F4: malloc (in /usr/lib/valgrind/vgpreload_addrcheck.so) ==6584== by 0x347DCD26: g_malloc (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x347EE79D: g_memdup (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x34193EDB: pointarrayprop_set_from_offset (prop_geomtypes.c:525)==6584== ==6584== Invalid read of size 8 ==6584== at 0x34170788: calculate_arrow (geometry.h:126) ==6584== by 0x3417580E: arrow_draw (arrows.c:472) ==6584== by 0x3419E3CF: draw_polyline_with_arrows (diarenderer.c:964) ==6584== by 0x352E4F46: dependency_draw (dependency.c:241) ==6584== Address 0x3705B058 is 8 bytes before a block of size 64 alloc'd ==6584== at 0x3414B2F4: malloc (in /usr/lib/valgrind/vgpreload_addrcheck.so) ==6584== by 0x347DCD26: g_malloc (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x347EE79D: g_memdup (in /opt/gnome/lib/libglib-2.0.so.0.400.6) ==6584== by 0x34193EDB: pointarrayprop_set_from_offset (prop_geomtypes.c:525)data_render(100%) took 56.33 seconds
IMO you should convince your tool provider to not create highly broken files, though I admit it would be nice if Dia would not crash on those. But it didn't crash on me either.
Removing patch keyword, as the patch is for autodia rather than for dia.
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/dia/issues/140.