Bug 668587 – dia segfaults when exporting to a Dia shape file

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 668587 - dia segfaults when exporting to a Dia shape file


Summary:	dia segfaults when exporting to a Dia shape file


Status:	RESOLVED FIXED

Product:	dia
Classification:	Other
Component:	exports
Version:	0.97.x
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	0.97.3
Assigned To:	Dia maintainers
QA Contact:	Dia maintainers

URL:
Whiteboard:

Duplicates:	735552 (view as bug list)
Depends on:
Blocks:

Reported:	2012-01-24 15:27 UTC by Roland Stigge
Modified:	2014-09-08 09:07 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Example dia file for reproducing the bug (1.05 KB, application/x-dia-diagram) 2012-01-24 15:27 UTC, Roland Stigge	Details

Description Roland Stigge 2012-01-24 15:27:32 UTC

Created attachment 205993 [details]
Example dia file for reproducing the bug

Hi,

at Debian, we found the following:

=================================================================
With the attached dia file, when I try to export it to a "shape" file, dia
dies on me (usually with a segfault) and with a message like this one:

*** glibc detected *** dia: invalid fastbin entry (free): 0x09daf2d8 ***

Doing the same operation on the command line (dia -e tree.shape -t shape tree.dia)
leads to the same error message although it doesn't die but it stays
blocked indefinitely (i.e. it never exits).
=================================================================

See also http://bugs.debian.org/657158

I can reproduce this on both i386 and amd64, and with the attached file, I get e.g.

=================================================================
$ dia tree.dia 
*** glibc detected *** dia-normal: invalid fastbin entry (free): 0x094fb210 ***
======= Backtrace: =========
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6aa81)[0xf6927a81]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6c2e8)[0xf69292e8]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(cfree+0x6d)[0xf692c39d]
/lib/i386-linux-gnu/libglib-2.0.so.0(+0x4c38b)[0xf6c4b38b]
======= Memory map: ========
08048000-080c8000 r-xp 00000000 08:11 4301996                            /usr/bin/dia-normal
080c8000-080c9000 r--p 0007f000 08:11 4301996                            /usr/bin/dia-normal
080c9000-080cc000 rw-p 00080000 08:11 4301996                            /usr/bin/dia-normal
080cc000-080cd000 rw-p 00000000 00:00 0 
08e21000-0953a000 rw-p 00000000 00:00 0                                  [heap]
ef48b000-ef4c5000 r-xp 00000000 08:11 3194977                            /usr/lib/i386-linux-gnu/libcroco-0.6.so.3.0.1
ef4c5000-ef4c8000 rw-p 00039000 08:11 3194977                            /usr/lib/i386-linux-gnu/libcroco-0.6.so.3.0.1
ef4c8000-ef4ff000 r-xp 00000000 08:11 3195078                            /usr/lib/i386-linux-gnu/librsvg-2.so.2.34.2
ef4ff000-ef500000 rw-p 00037000 08:11 3195078                            /usr/lib/i386-linux-gnu/librsvg-2.so.2.34.2
ef500000-ef532000 rw-p 00000000 00:00 0 
ef532000-ef600000 ---p 00000000 00:00 0 
ef622000-ef62d000 r--p 00000000 08:11 4098055                            /usr/share/fonts/cantarell/Cantarell-Bold.otf
ef62d000-ef62e000 ---p 00000000 00:00 0 
ef62e000-efe2e000 rw-p 00000000 00:00 0 
efe2e000-efe2f000 ---p 00000000 00:00 0 
efe2f000-f062f000 rw-p 00000000 00:00 0 
f062f000-f0643000 r-xp 00000000 08:11 3440660                            /usr/lib/i386-linux-gnu/gio/modules/libgioremote-volume-monitor.so
f0643000-f0644000 rw-p 00013000 08:11 3440660                            /usr/lib/i386-linux-gnu/gio/modules/libgioremote-volume-monitor.so
f0644000-f0660000 r--p 00000000 08:11 3639402                            /usr/share/fonts/truetype/liberation/LiberationSansNarrow-Regular.ttf
f0660000-f067b000 r--p 00000000 08:11 3639417                            /usr/share/fonts/truetype/liberation/LiberationSansNarrow-Bold.ttf
f067b000-f0697000 r--p 00000000 08:11 3639402                            /usr/share/fonts/truetype/liberation/LiberationSansNarrow-Regular.ttf
f0697000-f06b3000 r--p 00000000 08:11 3639402                            /usr/share/fonts/truetype/liberation/LiberationSansNarrow-Regular.ttf
f06b3000-f06ce000 r--p 00000000 08:11 3639417                            /usr/share/fonts/truetype/liberation/LiberationSansNarrow-Bold.ttf
f06ce000-f06e9000 r--p 00000000 08:11 3639417                            /usr/share/fonts/truetype/liberation/LiberationSansNarrow-Bold.ttf
f06e9000-f06f8000 r--p 00000000 08:11 1188016                            /usr/share/fonts/truetype/mathematica/VeraBd.ttf
f06f8000-f0727000 r-xp 00000000 08:11 3096914                            /usr/lib/i386-linux-gnu/libbluray.so.1.1.0
f0727000-f0728000 r--p 0002e000 08:11 3096914                            /usr/lib/i386-linux-gnu/libbluray.so.1.1.0
f0728000-f0729000 rw-p 0002f000 08:11 3096914                            /usr/lib/i386-linux-gnu/libbluray.so.1.1.0
f0729000-f0737000 r-xp 00000000 08:11 3383352                            /lib/i386-linux-gnu/libudev.so.0.13.0
f0737000-f0738000 r--p 0000d000 08:11 3383352                            /lib/i386-linux-gnu/libudev.so.0.13.0
f0738000-f0739000 rw-p 0000e000 08:11 3383352                            /lib/i386-linux-gnu/libudev.so.0.13.0
f0739000-f0781000 r-xp 00000000 08:11 1867787                            /lib/i386-linux-gnu/libdbus-1.so.3.5.8
f0781000-f0782000 r--p 00048000 08:11 1867787                            /lib/i386-linux-gnu/libdbus-1.so.3.5.8
f0782000-f0783000 rw-p 00049000 08:11 1867787                            /lib/i386-linux-gnu/libdbus-1.so.3.5.8
f0786000-f0797000 r--p 00000000 08:11 1188025                            /usr/share/fonts/truetype/mathematica/Vera.ttf
f0797000-f07a8000 r--p 00000000 08:11 1188025                            /usr/share/fonts/truetype/mathematica/Vera.ttf
f07a8000-f07bf000 r-xp 00000000 08:11 4065213                            /usr/lib/i386-linux-gnu/gvfs/libgvfscommon.so
f07bf000-f07c0000 rw-p 00017000 08:11 4065213                            /usr/lib/i386-linux-gnu/gvfs/libgvfscommon.so
f07c0000-f07ec000 r-xp 00000000 08:11 3440736                            /usr/lib/i386-linux-gnu/gio/modules/libgvfsdbus.so
f07ec000-f07ed000 rw-p 0002b000 08:11 3440736                            /usr/lib/i386-linux-gnu/gio/modules/libgvfsdbus.so
f07ed000-f167d000 r--p 00000000 08:11 3235950                            /usr/share/icons/hicolor/icon-theme.cache
f167d000-f5638000 r--p 00000000 08:11 3244361                            /usr/share/icons/gnome/icon-theme.cache
f5638000-f5698000 rw-s 00000000 00:04 1605643                            /SYSV00000000 (deleted)
f5698000-f56d3000 r-xp 00000000 08:11 3163111                            /usr/lib/libxslt.so.1.1.26
f56d3000-f56d4000 rw-p 0003b000 08:11 3163111                            /usr/lib/libxslt.so.1.1.26
f56dc000-f56e2000 r-xp 00000000 08:11 3474868                            /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-xpm.so
f56e2000-f56e3000 rw-p 00005000 08:11 3474868                            /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-xpm.so
f56e3000-f56f0000 r-xp 00000000 08:11 3449403                            /usr/lib/i386-linux-gnu/dia/libgrafcet_objects.so
f56f0000-f56f1000 r--p 0000c000 08:11 3449403                            /usr/lib/i386-linux-gnu/dia/libgrafcet_objects.so
f56f1000-f56f3000 rw-p 0000d000 08:11 3449403                            /usr/lib/i386-linux-gnu/dia/libgrafcet_objects.so
f56f3000-f56f7000 r-xp 00000000 08:11 3449397                            /usr/lib/i386-linux-gnu/dia/libcustom_lines_objects.so
f56f7000-f56f8000 r--p 00003000 08:11 3449397                            /usr/lib/i386-linux-gnu/dia/libcustom_lines_objects.so
f56f8000-f56f9000 rw-p 00004000 08:11 3449397                            /usr/lib/i386-linux-gnu/dia/libcustom_lines_objects.so
f56f9000-f56fd000 r-xp 00000000 08:11 3449391                            /usr/lib/i386-linux-gnu/dia/libxslt_filter.so
f56fd000-f56fe000 r--p 00003000 08:11 3449391                            /usr/lib/i386-linux-gnu/dia/libxslt_filter.so
f56fe000-f56ff000 rw-p 00004000 08:11 3449391                            /usr/lib/i386-linux-gnu/dia/libxslt_filter.so
f56ff000-f5707000 r-xp 00000000 08:11 3449381                            /usr/lib/i386-linux-gnu/dia/libistar_objects.so
f5707000-f5708000 r--p 00007000 08:11 3449381                            /usr/lib/i386-linux-gnu/dia/libistar_objects.so
f5708000-f570a000 rw-p 00008000 08:11 3449381                            /usr/lib/i386-linux-gnu/dia/libistar_objects.so
f570a000-f571c000 r-xp 00000000 08:11 3449401                            /usr/lib/i386-linux-gnu/dia/libpostscript_filter.so
f571c000-f571f000 r--p 00011000 08:11 3449401                            /usr/lib/i386-linux-gnu/dia/libpostscript_filter.so
f571f000-f5720000 rw-p 00014000 08:11 3449401                            /usr/lib/i386-linux-gnu/dia/libpostscript_filter.so
f5720000-f5728000 r-xp 00000000 08:11 3449425                            /usr/lib/i386-linux-gnu/dia/libnetwork_objects.so
f5728000-f5729000 r--p 00007000 08:11 3449425                            /usr/lib/i386-linux-gnu/dia/libnetwork_objects.so
f5729000-f572b000 rw-p 00008000 08:11 3449425                            /usr/lib/i386-linux-gnu/dia/libnetwork_objects.so
f572b000-f5734000 r-xp 00000000 08:11 3449393                            /usr/lib/i386-linux-gnu/dia/libdxf_filter.so
f5734000-f5735000 r--p 00008000 08:11 3449393                            /usr/lib/i386-linux-gnu/dia/libdxf_filter.so
f5735000-f5736000 rw-p 00009000 08:11 3449393                            /usr/lib/i386-linux-gnu/dia/libdxf_filter.so
f5736000-f5743000 r-xp 00000000 08:11 3449411                            /usr/lib/i386-linux-gnu/dia/libcustom_objects.so
f5743000-f5744000 r--p 0000c000 08:11 3449411                            /usr/lib/i386-linux-gnu/dia/libcustom_objects.so
f5744000-f5745000 rw-p 0000d000 08:11 3449411                            /usr/lib/i386-linux-gnu/dia/libcustom_objects.so
f5745000-f5749000 r-xp 00000000 08:11 3449429                            /usr/lib/i386-linux-gnu/dia/libshape_filter.so
f5749000-f574a000 r--p 00003000 08:11 3449429                            /usr/lib/i386-linux-gnu/dia/libshape_filter.so
f574a000-f574b000 rw-p 00004000 08:11 3449429                            /usr/lib/i386-linux-gnu/dia/libshape_filter.so
f574b000-f5757000 r-xp 00000000 08:11 3449375                            /usr/lib/i386-linux-gnu/dia/libxfig_filter.so
f5757000-f5758000 r--p 0000b000 08:11 3449375                            /usr/lib/i386-linux-gnu/dia/libxfig_filter.so
f5758000-f5759000 rw-p 0000c000 08:11 3449375                            /usr/lib/i386-linux-gnu/dia/libxfig_filter.so
f5759000-f575b000 rw-p 00000000 00:00 0 
f575b000-f576b000 r-xp 00000000 08:11 3449395                            /usr/lib/i386-linux-gnu/dia/libdb_objects.so
f576b000-f576c000 r--p 00010000 08:11 3449395                            /usr/lib/i386-linux-gnu/dia/libdb_objects.so
f576c000-f576e000 rw-p 00011000 08:11 3449395                            /usr/lib/i386-linux-gnu/dia/libdb_objects.so
f576e000-f5777000 r-xp 00000000 08:11 3449365                            /usr/lib/i386-linux-gnu/dia/libfs_objects.so
f5777000-f5778000 r--p 00008000 08:11 3449365                            /usr/lib/i386-linux-gnu/dia/libfs_objects.so
f5778000-f577a000 rw-p 00009000 08:11 3449365                            /usr/lib/i386-linux-gnu/dia/libfs_objects.so
f577a000-f5782000 r-xp 00000000 08:11 3449405                            /usr/lib/i386-linux-gnu/dia/libcairo_filter.so
f5782000-f5783000 ---p 00008000 08:11 3449405                            /usr/lib/i386-linux-gnu/dia/libcairo_filter.so
f5783000-f5784000 r--p 00008000 08:11 3449405                            /usr/lib/i386-linux-gnu/dia/libcairo_filter.so
f5784000-f5785000 rw-p 00009000 08:11 3449405                            /usr/lib/i386-linux-gnu/dia/libcairo_filter.so
f5785000-f57be000 r-xp 00000000 08:11 3260666                            /usr/lib/python2.7/dist-packages/gtk-2.0/atk.so
f57be000-f57c2000 rw-p 00039000 08:11 3260666                            /usr/lib/python2.7/dist-packages/gtk-2.0/atk.so
f57c2000-f57e2000 r-xp 00000000 08:11 3260669                            /usr/lib/python2.7/dist-packages/gtk-2.0/pango.so
f57e2000-f57e6000 rw-p 0001f000 08:11 3260669                            /usr/lib/python2.7/dist-packages/gtk-2.0/pango.so
f57e6000-f5847000 rw-p 00000000 00:00 0 
f5847000-f5892000 r-xp 00000000 08:11 4278484                            /usr/lib/python2.7/dist-packages/gtk-2.0/gio/_gio.so
f5892000-f589a000 rw-p 0004a000 08:11 4278484                            /usr/lib/python2.7/dist-packages/gtk-2.0/gio/_gio.so
f589a000-f5ac1000 r-xp 00000000 08:11 3277225                            /usr/lib/python2.7/dist-packages/gtk-2.0/gtk/_gtk.so
f5ac1000-f5aed000 rw-p 00227000 08:11 3277225                            /usr/lib/python2.7/dist-packages/gtk-2.0/gtk/_gtk.so
f5aed000-f5b2e000 rw-p 00000000 00:00 0 
f5b2f000-f5b35000 r-xp 00000000 08:11 3449423                            /usr/lib/i386-linux-gnu/dia/libjackson_objects.so
f5b35000-f5b36000 r--p 00005000 08:11 3449423                            /usr/lib/i386-linux-gnu/dia/libjackson_objects.so
f5b36000-f5b37000 rw-p 00006000 08:11 3449423                            /usr/lib/i386-linux-gnu/dia/libjackson_objects.so
f5b37000-f5b3b000 r-xp 00000000 08:11 3260667                            /usr/lib/python2.7/dist-packages/gtk-2.0/pangocairo.so
f5b3b000-f5b3c000 rw-p 00003000 08:11 3260667                            /usr/lib/python2.7/dist-packages/gtk-2.0/pangocairo.so
f5b3c000-f5b5c000 r-xp 00000000 08:11 4278490                            /usr/lib/python2.7/dist-packages/gobject/_gobject.so
f5b5c000-f5b5e000 rw-p 00020000 08:11 4278490                            /usr/lib/python2.7/dist-packages/gobject/_gobject.so
f5b5e000-f5b6d000 r-xp 00000000 08:11 4278487                            /usr/lib/python2.7/dist-packages/glib/_glib.so
f5b6d000-f5b6f000 rw-p 0000e000 08:11 4278487                            /usr/lib/python2.7/dist-packages/glib/_glib.so
f5b6f000-f5c33000 rw-p 00000000 00:00 0 
f5c33000-f5c4f000 r-xp 00000000 08:11 3383354                            /lib/i386-linux-gnu/libgcc_s.so.1
f5c4f000-f5c50000 rw-p 0001b000 08:11 3383354                            /lib/i386-linux-gnu/libgcc_s.so.1
f5c50000-f5de6000 r-xp 00000000 08:11 3285437                            /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0
f5de6000-f5dfb000 rw-p 00196000 08:11 3285437                            /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0
f5dfb000-f5dfe000 rw-p 00000000 00:00 0 
f5dfe000-f5e47000 r-xp 00000000 08:11 3285609                            /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
f5e47000-f5e4b000 rw-p 00049000 08:11 3285609                            /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
f5e4b000-f5e4d000 r-xp 00000000 08:11 1261812                            /lib/i386-linux-gnu/i686/cmov/libutil-2.13.so
f5e4d000-f5e4e000 r--p 00001000 08:11 1261812                            /lib/i386-linux-gnu/i686/cmov/libutil-2.13.so
f5e4e000-f5e4f000 rw-p 00002000 08:11 1261812                            /lib/i386-linux-gnu/i686/cmov/libutil-2.13.so
f5e4f000-f60b4000 r-xp 00000000 08:11 3162217                            /usr/lib/libpython2.7.so.1.0
f60b4000-f60b5000 r--p 00264000 08:11 3162217                            /usr/lib/libpython2.7.so.1.0
f60b5000-f610a000 rw-p 00265000 08:11 3162217                            /usr/lib/libpython2.7.so.1.0
f610a000-f6116000 rw-p 00000000 00:00 0 
f6116000-f611b000 r-xp 00000000 08:11 4278485                            /usr/lib/python2.7/dist-packages/gtk-2.0/gio/unix.so
f611b000-f611c000 rw-p 00005000 08:11 4278485                            /usr/lib/python2.7/dist-packages/gtk-2.0/gio/unix.so
f611c000-f612d000 r-xp 00000000 08:11 2367580                            /usr/lib/pyshared/python2.7/cairo/_cairo.so
f612d000-f6130000 rw-p 00011000 08:11 2367580                            /usr/lib/pyshared/python2.7/cairo/_cairo.so
f6130000-f6133000 r-xp 00000000 08:11 3169650                            /usr/lib/libpyglib-2.0-python2.7.so.0.0.0
f6133000-f6134000 rw-p 00003000 08:11 3169650                            /usr/lib/libpyglib-2.0-python2.7.so.0.0.0
f6134000-f613b000 r--s 00000000 08:11 3209810                            /usr/lib/i386-linux-gnu/gconv/gconv-modules.cache
f613b000-f6153000 r-xp 00000000 08:11 3449409                            /usr/lib/i386-linux-gnu/dia/libpython_plugin.so
f6153000-f6154000 r--p 00017000 08:11 3449409                            /usr/lib/i386-linux-gnu/dia/libpython_plugin.so
f6154000-f6156000 rw-p 00018000 08:11 3449409                            /usr/lib/i386-linux-gnu/dia/libpython_plugin.so
f6156000-f617f000 r-xp 00000000 08:11 3449389                            /usr/lib/i386-linux-gnu/dia/libvdx_filter.so
f617f000-f6180000 r--p 00029000 08:11 3449389                            /usr/lib/i386-linux-gnu/dia/libvdx_filter.so
f6180000-f6181000 rw-p 0002a000 08:11 3449389                            /usr/lib/i386-linux-gnu/dia/libvdx_filter.so/usr/bin/dia: line 6: 24719 Aborted                 dia-normal --integrated "$@"
=================================================================

Thanks for considering.

bye,
  Roland

Comment 1 Hans Breuer 2012-04-08 11:11:45 UTC

The fix for bug 665648 introduced a memory corruption.
Now the #if-0'ed code as well as the #else branch respect
DiaSvgRender::get_fill_style() having a const return.

http://git.gnome.org./browse/dia/commit/?id=47bb76af3ba20b5e83be79a874df02c405934899

Comment 2 Hans Breuer 2013-08-16 09:24:16 UTC

Adjust potential target milestone, this is already on the dia-0-97 branch.

Comment 3 Hans Breuer 2014-09-08 09:07:09 UTC

*** Bug 735552 has been marked as a duplicate of this bug. ***