Bug 1023744 - xfig crashes when creating lines with linestyle 4
xfig crashes when creating lines with linestyle 4
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: xfig (Show other bugs)
20
i686 Linux
unspecified Severity high
: ---
: ---
Assigned To: Hans de Goede
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-27 11:14 EDT by Maurizio Paolini
Modified: 2014-01-15 00:53 EST (History)
6 users (show)

See Also:
Fixed In Version: xfig-3.2.5-41.c.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-14 03:36:56 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Maurizio Paolini 2013-10-27 11:14:03 EDT
Description of problem: xfig crashes when creating polylines with linestyle 4
(dash-dot) and possibly higher values

Version-Release number of selected component (if applicable):
xfig-3.2.5-36.b.fc19.i686

How reproducible:
create a polyline with linestyle dash-dot (internal code 4)

Steps to Reproduce:
1. Start xfig,
2. select polyline drawing,
3. select linestyle "-." (dash-dot)
4. create a polyline

Actual results: xfig crashes


Expected results: xfig should not crash
Comment 1 Maurizio Paolini 2013-10-28 18:52:10 EDT
Actually dash-dot is linestyle 3 (the one causing the problem), not 4.

There is an apparent out-of-bounds error in a piece of code from w_drawprim.c (line 1373 and following):

            for (il =0; il<nd; il ++) {
                if (fl[il] != 0.) {
                    if (fl[il] * style_val * display_zoomscale > 255.0)
                        dash_list[op][il] = (char) 255; /* too large for X! */
                    else
                        dash_list[op][il] = (char) round(fl[il] * style_val *
                                        display_zoomscale);
                } else {
                    dash_list[op][il] = (char)display_zoomscale;
                }
                if (dash_list[op][il]==0)       /* take care for rounding to zero ! */
                        dash_list[op][il]=1;
            }

In the test case we have nd=4 so that il can be as large as 2 and 3, whereas matrix dash_list is apparently declared as "static unsigned dash_list[16][2]"
I do not know how to fix this.
Comment 2 Hans de Goede 2013-10-29 06:28:18 EDT
Hi,

Thanks for the bug report and the initial investigation of the bug. I've put this on my todo list, no promises when exactly I'll get around to fixing it, but I'll try to make some time for this sometime during the next couple of weeks.

Regards,

Hans
Comment 3 Maurizio Paolini 2013-10-29 06:47:38 EDT
(In reply to Hans de Goede from comment #2)

A quick workaround would be to change the declared dimension of dash_list
from dash_list[16][2] to dash_list[16][8]:

===========================================================================
--- xfig.3.2.5b/w_drawprim.c.linestyle  2013-10-29 08:02:47.447300424 +0100
+++ xfig.3.2.5b/w_drawprim.c    2013-10-29 08:05:19.933394086 +0100
@@ -1265,7 +1265,7 @@
 }


-static unsigned char dash_list[16][2] = {{255, 255}, {255, 255},
+static unsigned char dash_list[16][8] = {{255, 255}, {255, 255},
                                        {255, 255}, {255, 255},
                                        {255, 255}, {255, 255},
                                        {255, 255}, {255, 255},
===========================================================================

and I also prepared a revised rpm package for my personal use.  However
it is not clear to me how dash_list should be initialized (or if it actually
needs to be initialized at all).

> Hi,
> 
> Thanks for the bug report and the initial investigation of the bug. I've put
> this on my todo list, no promises when exactly I'll get around to fixing it,
> but I'll try to make some time for this sometime during the next couple of
> weeks.
> 
> Regards,
> 
> Hans
Comment 4 David Kaufmann 2013-12-08 09:33:40 EST
(In reply to Maurizio Paolini from comment #3)
> A quick workaround would be to change the declared dimension of dash_list
> from dash_list[16][2] to dash_list[16][8]:
> 
> ===========================================================================
> --- xfig.3.2.5b/w_drawprim.c.linestyle  2013-10-29 08:02:47.447300424 +0100
> +++ xfig.3.2.5b/w_drawprim.c    2013-10-29 08:05:19.933394086 +0100
> @@ -1265,7 +1265,7 @@
>  }
> 
> 
> -static unsigned char dash_list[16][2] = {{255, 255}, {255, 255},
> +static unsigned char dash_list[16][8] = {{255, 255}, {255, 255},
>                                         {255, 255}, {255, 255},
>                                         {255, 255}, {255, 255},
>                                         {255, 255}, {255, 255},
> ===========================================================================
> 
> and I also prepared a revised rpm package for my personal use.  However
> it is not clear to me how dash_list should be initialized (or if it actually
> needs to be initialized at all).
As I didn't see the reported bug I did search the bug myself and (also) created a custom rpm.
If anyone else has this bug and *did* look for reported bugs - my Package with exactly that fix and also bumped to the next version (3.2.5c) can be found on copr:
http://copr-be.cloud.fedoraproject.org/results/astra/xfig/ (f18,f19,f20)

the srpm is found on my server:
http://ionic.at/xfig-3.2.5-38.c.fc19.src.rpm

Best regards,
David
Comment 5 Maurizio Paolini 2013-12-21 12:45:23 EST
After upgrading to the latest Fedora 20, the bug is still there.
Any news?
Comment 6 Michal Srb 2014-01-03 04:32:43 EST
Thanks Maurizio and David. I've applied David's patch. I believe it fixes this issue. David also noticed that there is a new upstream version of xfig (3.2.5c). I've opened separate bug for it (#1048127).

Thanks guys and sorry for the delay.
Comment 7 Michal Srb 2014-01-03 04:34:11 EST
Update for F19 and F20 will follow.
Comment 8 Hans de Goede 2014-01-03 04:42:56 EST
Hi all,

Indeed thanks  Maurizio and David for the input and patches. And Michal thanks for taking care of this, I've had it on my todo list for a while now but other stuff got in the way. Do you plan to also take care of the 3.2.5c update? I think it would make sense to push 3.2.5.c for F20+, and let F-19 stay at the old version so that "conservative" Fedora users keep the old version for now.

David send me  a patch for updating to 3.2.5c by private mail I'll attach that to the bug you've filed.

Regards,

Hans
Comment 9 Michal Srb 2014-01-03 04:52:07 EST
Yup, I will take care of 3.2.5c update for F20+ ;)
Comment 10 Fedora Update System 2014-01-03 05:00:38 EST
xfig-3.2.5-38.b.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/xfig-3.2.5-38.b.fc20
Comment 11 Fedora Update System 2014-01-03 05:01:54 EST
xfig-3.2.5-38.b.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/xfig-3.2.5-38.b.fc19
Comment 12 Fedora Update System 2014-01-03 18:26:30 EST
Package xfig-3.2.5-38.b.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing xfig-3.2.5-38.b.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-0153/xfig-3.2.5-38.b.fc20
then log in and leave karma (feedback).
Comment 13 Fedora Update System 2014-01-06 07:57:17 EST
xfig-3.2.5-41.c.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/xfig-3.2.5-41.c.fc20
Comment 14 lnie 2014-01-06 23:16:41 EST
xfig-3.2.5-37.b.fc20 crash when I simply draw a circle,
crash is gone in 3.2.5-41.c.fc20
Comment 15 Maurizio Paolini 2014-01-07 05:21:10 EST
what is the line style?

(In reply to lnie from comment #14)
> xfig-3.2.5-37.b.fc20 crash when I simply draw a circle,
> crash is gone in 3.2.5-41.c.fc20
Comment 16 lnie 2014-01-07 21:40:23 EST
the default one:style 1
Comment 17 Maurizio Paolini 2014-01-08 08:47:35 EST
How strange... I am not able to reproduce the problem. I just tried with

$ rpm -qa | grep xfig
xfig-common-3.2.5-37.b.fc20.i686
xfig-3.2.5-37.b.fc20.i686
$ xfig

and I do not experience the crash that you report.  I do see it if I use
the fourth ("line-dot") line style, but not with the default line style.
All other parameters are at their default value.
I have an "i686" architecture (32 bit)

(In reply to lnie from comment #16)
> the default one:style 1
Comment 18 Fedora Update System 2014-01-14 03:36:56 EST
xfig-3.2.5-38.b.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2014-01-15 00:53:58 EST
xfig-3.2.5-41.c.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.