ports/142903: Inkscape hangs for an infinite loop when opening a file

Thinker K.F. Li thinker at branda.to
Sun Jan 17 07:30:03 UTC 2010 

>Number:         142903
>Category:       ports
>Synopsis:       Inkscape hangs for an infinite loop when opening a file
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 17 07:30:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Thinker K.F. Li
>Release:        FreeBSD 9.0-CURRENT i386
>Organization:
branda.to
>Environment:
System: FreeBSD eeebox.branda.to 9.0-CURRENT FreeBSD 9.0-CURRENT #2: Sun Sep 13 12:59:28 CST 2009 thinker at eeebox.branda.to:/usr/src/sys/i386/compile/eeebox i386

>Description:

	Inkscape hangs for an infinite loop when opening a file or a
	new file when Inkscape is running with empty content.  It was
	casued by accessing invalid memory.
	Inkscape::DocumentSubset::Relations:_doRemove() keeps
	accessing a block of memory, immediately, after freeing it.
	It may fine and be hidden for other OS, but, for FreeBSD,
	free() would clean content of passed memory block and explose
	the issue.

>How-To-Repeat:

	1. Run Inkscape without passing any argument.
	2. Open a SVG file or open a new document.
	3. Inkscape will no more response for any command (infinite loop).

>Fix:

	Apply following patch to postponse releasing until the block
	of memory is no more used.

--- patch-src-document-subset.cpp begins here ---
--- src/document-subset.cpp.orig	2010-01-17 13:47:18.000000000 +0800
+++ src/document-subset.cpp	2010-01-17 13:49:59.000000000 +0800
@@ -184,9 +184,6 @@
 
     void _doRemove(SPObject *obj) {
         Record &record=records[obj];
-        record.release_connection.disconnect();
-        record.position_changed_connection.disconnect();
-        records.erase(obj);
 
         if ( record.parent == NULL ) {
             Record &root = records[NULL];
@@ -198,6 +195,12 @@
             }
         }
 
+	/* Record must be ereased after removing from root, or
+	 * content of record would be invalided. */
+        record.release_connection.disconnect();
+        record.position_changed_connection.disconnect();
+        records.erase(obj);
+	
         removed_signal.emit(obj);
         sp_object_unref(obj);
     }
--- patch-src-document-subset.cpp ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list