Inkscape

Crashes when typing fullwidth characters in expression-evaluating entry widgets

Bug #1751670 reported by shark0r
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
New
Undecided
Unassigned

Bug Description

Inkscape version: latest git revision
OS: Windows 7 and Windows 10. Didn't test other OSes.

Type some fullwidth characters(such as +123) in entry widget with expression-evaluating feature(like X,Y,W,H in Tool Controls Bar), press Enter, and Inkscape crashes immediately.

I have made some study:
In ExpressionEvaluator::ExpressionEvaluator(const char *string, Unit const *unit), expression-evaluator.cpp,
if string(1st parameter) contains fullwidth characters, after running this constructor ExpressionEvaluator::string will be NULL.

And after that in ExpressionEvaluator::evaluate(), passing ExpressionEvaluator::string(=NULL) to g_utf8_validate() will crash Inkscape.

This mostly happened when I typed some Chinese text in the document, and I forgot to switch Chinese input method back.
I don't think that ExpressionEvaluator needs to identify fullwidth characters, treating them as invalid characters is OK, but at least it should not crash the program.

Tags: crash ui win32
Revision history for this message
shark0r (shark0r) wrote :
Revision history for this message
Hachmann (marenhachmann) wrote :

Tried on Linux Mint 18.3 with latest master (0.92+devel (193c56f, 2018-02-22)), and used the rectangle corner radius field. The crash doesn't happen for me, it just goes back to 0.

Revision history for this message
shark0r (shark0r) wrote :

More tests:

In the constructor

ExpressionEvaluator::ExpressionEvaluator(const char *string, Unit const *unit) :
    string(g_locale_to_utf8(string,-1,0,0,0)),
    unit(unit)
{
    ......
}

ExpressionEvaluator::string=NULL because g_locale_to_utf8() returned NULL if string contained fullwidth characters.

  For example:
string = "0.000+1";
gsize bytes_read, bytes_written;
GError gerror = NULL;
g_locale_to_utf8(string,-1, &bytes_read, &bytes_written, &gerror);

  Outputs:
g_locale_to_utf8() return NULL
bytes_read = 5
bytes_written = 5
gerror->message = "Invalid byte sequence in conversion input"

I'm not sure whether g_locale_to_utf8() works differently on Windows and Linux, but can we add something like this to avoid crashing?
if(ExpressionEvaluator::string==NULL)
{
    //No further processing
}

Revision history for this message
Hachmann (marenhachmann) wrote :

Hah, great that you already come up with a possible solution!

Do you think you could create a merge request on gitlab, and discuss with developers there?

https://gitlab.com/inkscape/inkscape

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.