Segmentation violation at magick/draw.c:5076

[yecril71pl]

Code: Select all

/* .NAME wlb --- expose a locale-related bug in MagickWand
 * .SH SYNOPSIS
 * LANG=pl_PL.utf8 gdb wlb
 * .SH BUGS
 * The program crashes with segmentation violation when $LANG == pl_PL.utf8
 *  */

#define TRIGGER_CRASH /* undef to  inhibit the crash */

#include <stdlib.h>
#include <stdio.h>
#include <locale.h>
#include <assert.h>
#include <string.h>
#include <ImageMagick/wand/MagickWand.h>

struct stdnames 
{ char t_locale [07], t_write [06], t_spawn [05], t_empty [01]; } 
const sc_stdnames = { "locale", "write", "spawn" };

static void handle_Magick_error (MagickWand *p_wand)
/* Writes an error message to the standard error */
{ 
	ExceptionType a_sev; 
	register char *const a_descr = MagickGetException (p_wand, &a_sev); 
	if (0 > fprintf (stderr, "%s %s %lu %s", GetMagickModule (), a_descr)) 
{ perror (sc_stdnames. t_write); } MagickRelinquishMemory (a_descr); }
/* !handle_Magick_error X */

int main (int p_arg_count, char const *const p_args []) 
/* 
 * Fills the form with predefined strings.  
 * The form has four pages and the strings are placed on subsequent pages in order.
 */
{ register int a_code = +EXIT_FAILURE; 
		 if (setlocale (LC_ALL, "") == NULL) perror (sc_stdnames. t_locale);
MagickWandGenesis ();
{ register MagickWand *const a_wand = NewMagickWand (); 
if (MagickReadImage (a_wand, "canvas:white") == MagickTrue) /* ?READ_IMAGE_SUCCEEDED Y */  
{ 
	register DrawingWand *const a_draw = NewDrawingWand (); 
	register PixelWand *const a_px = NewPixelWand (); 	/* .H2 FORM DATA */
static unsigned char const sc_message [] = "BUG!";
	PixelSetHSL (a_px, 0, 0, 0);
	#ifdef TRIGGER_CRASH
	DrawSetStrokeColor (a_draw, a_px); 
	#endif
	DrawAnnotation (a_draw, 0, 0, sc_message);
	if (MagickDrawImage (a_wand, a_draw) != MagickTrue) handle_Magick_error (a_wand); 
DestroyPixelWand (a_px); DestroyDrawingWand (a_draw); } 
else /* ?READ_IMAGE_SUCCEEDED N */ handle_Magick_error (a_wand); /* ?READ_IMAGE_SUCCEEDED */ 
DestroyMagickWand (a_wand);
} 
MagickWandTerminus ();
if (fflush (stdout) < 0) 
{ perror (sc_stdnames. t_write); return +EXIT_FAILURE; } else return +a_code;
 }

Program received signal SIGSEGV, Segmentation fault.
TraceBezier (primitive_info=0x7ffff4d14840, number_coordinates=<value optimized out>) at magick/draw.c:5076
5076 TracePoint(p,points);
(gdb) bt
#0 TraceBezier (primitive_info=0x7ffff4d14840, number_coordinates=<value optimized out>) at magick/draw.c:5076
#1 0x00007ffff76e162e in TracePath (image=0x41e950, draw_info=0x47ea30) at magick/draw.c:5419
#2 DrawImage (image=0x41e950, draw_info=0x47ea30) at magick/draw.c:3019
#3 0x00007ffff765c2bf in RenderFreetype (image=0x41e950, draw_info=<value optimized out>, encoding=<value optimized out>, offset=0x7fffffff0470, metrics=<value optimized out>) at magick/annotate.c:1471
#4 0x00007ffff765cd9e in RenderType (image=0x41e950, draw_info=<value optimized out>, offset=0x7fffffff0470, metrics=0x7fffffff03a0) at magick/annotate.c:916
#5 0x00007ffff765e68f in AnnotateImage (image=0x41e950, draw_info=0x46e310) at magick/annotate.c:481
#6 0x00007ffff76dc600 in DrawPrimitive (image=0x41e950, draw_info=<value optimized out>, primitive_info=0x457f80) at magick/draw.c:4402
#7 0x00007ffff76e0471 in DrawImage (image=0x41e950, draw_info=0x415c80) at magick/draw.c:3107
#8 0x00007ffff7b55e64 in MagickDrawImage (wand=0x408a00, drawing_wand=<value optimized out>) at wand/magick-image.c:2759
#9 0x0000000000400dc8 in main (p_arg_count=1, p_args=0x7fffffffdc58) at wlb.c:49

Version: ImageMagick 6.6.9-5 2011-04-11 Q16 http://www.imagemagick.org
Copyright: Copyright (C) 1999-2011 ImageMagick Studio LLC
Features: OpenMP

control_points == 600 (otherwise 3)
quantum == 200 (initially and otherwise 3)

The program crashes on "O" and "c" but it does not crash on "----" or "." or "(" or "\302\267" (middle dot).

quantum gets modified via primitive_info.

Here is your primitive_info for the 1st curve in "c" when localized, note the bogus values for the ordinate:

{
{point = {x = 5, y = -2}, coordinates = 0, primitive = UndefinedPrimitive, method = UndefinedMethod, text = 0x0},
{point = {x = 4, y = 6875}, coordinates = 0, primitive = UndefinedPrimitive, method = UndefinedMethod, text = 0x0},
{point = {x = -0, y = 984375}, coordinates = 0, primitive = UndefinedPrimitive, method = UndefinedMethod, text = 0x0}}

And here it is when not:

{
{point = {x = 5, y = -2}, coordinates = 0, primitive = UndefinedPrimitive, method = UndefinedMethod, text = 0x0},
{point = {x = 4.6875, y = -0.984375}, coordinates = 0, primitive = UndefinedPrimitive, method = UndefinedMethod, text = 0x0},
{point = {x = 4.1093799999999998, y = -0.609375}, coordinates = 0, primitive = UndefinedPrimitive, method = UndefinedMethod, text = 0x0}}

The structure primitive_info is initialized in stack frame #2 based on a binary argument named keyword; the value of the keyword is the same in both runs. The process crashes after hitting magick/draw.c:1815 3rd time. The following keywords are being considered:

1. stroke
2. text
3. path (crash!)

When the keyword is path, the following code is executed:

Code: Select all

      case PathPrimitive:
      {
        char
          *s,
          *t;

        GetMagickToken(q,&q,token);
        length=1;
        t=token;
        for (s=token; *s != '\0'; s=t)
        {
          double
            value;

          value=strtod(s,&t);
          (void) value;
          if (s == t)
            {
              t++;
              continue;
            }
          length+=BezierQuantum;
        }
        break;
      }

token == "M4,-2L5,-2Q4,6875,-0,984375 4,10938,-0,609375Q3,53125,-0,25 2,79688,0Q1,98438,0 1,48438,-0,703125Q1,-1,40625 1,-2,6875Q1,-3,78125 1,35938,-4,82812Q1,73438,-5,89062 2,54688,-6,4375Q3,375,-7 4,-7Q4,9218"…

whereas when $LANG == C you get

token == "M4,-2L5,-2Q4.6875,-0.984375 4.10938,-0.609375Q3.53125,-0.25 2.79688,0Q1.98438,0 1.48438,-0.703125Q1,-1.40625 1,-2.6875Q1,-3.78125 1.35938,-4.82812Q1.73438,-5.89062 2.54688,-6.4375Q3.375,-7 4,-7Q4.9218"…

What happened? Dots turned into commas because that is how you write decimal fractions in Polish; commas remained commas because they are hardwired (probably); strtod is unable to tell decimal separator from number separator (which, BTW, is thousands separator in English); havoc; crash; Profit!!!

Well, since nobody has anything to say, I shall try replacing the comma separating numbers by something else. I am considering space, forward slash and line break for the purpose. I also think it is quite inconvenient and inefficient to store textual representation of numbers in internal data structures; the path should be stored and passed in binary form.

[magick]

Around line magick/draw.c/2851, substitute this code:

Code: Select all

      case PathPrimitive:
      {
        char
          *s,
          *t;

        GetMagickToken(q,&q,token);
        length=1;
        t=token;
        for (s=token; *s != '\0'; s=t)
        {
          double
            value;

          value=strtod(s,&t);
          (void) value;
          if (s == t)
            {
              t++;
              continue;
            }
          length++;
        }
        length=3*length/2+6*BezierQuantum+360;
        break;
      }

Does that resolve the fault?

[yecril71pl]

Around line magick/draw.c/2851, substitute this code:
Does that resolve the fault?

Recompiling the thing will take some time; I expect, since you have not solved the problem with the ambiguity in token, the best you can count on in this case is no crash but distorted output.

[magick]

We're unsure how to fix "strtod is unable to tell decimal separator from number separator." We're not prepared to deal with binary numbers just yet. Perhaps we can use a separator that is not a comma.

[yecril71pl]

We're unsure how to fix "strtod is unable to tell decimal separator from number separator." We're not prepared to deal with binary numbers just yet. Perhaps we can use a separator that is not a comma.

As I said, I suggest using a space, a newline or a slash.

For the time being, confirmed in 6.6.9.8.

[magick]

Add

• (void) setlocale(LC_NUMERIC,"C");

just before you call MagickWandGenesis().

[yecril71pl]

Add

• (void) setlocale(LC_NUMERIC,"C");

just before you call MagickWandGenesis().

That will fix the demo but it will break my application (the demo is an excerpt thereof). Such decisions should be left to the end user.

[magick]

Try ImageMagick 6.6.9-9. We replaced the comma separator with a white space.

[yecril71pl]

Try ImageMagick 6.6.9-9. We replaced the comma separator with a white space.

In the 4th invocation of TraceBezier:

*** glibc detected *** /home/krzysztof/Dokumenty/prog/C/wlb: free(): invalid pointer: 0x000000000059a850 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x733b6)[0x7ffff6fd63b6]
/lib64/libc.so.6(cfree+0x6c)[0x7ffff6fdb2dc]
/usr/lib64/libMagickCore.so.4(RelinquishMagickMemory+0x1f)[0x7ffff7739b3f]
/usr/lib64/libMagickCore.so.4(+0xbd284)[0x7ffff76d0284]
/usr/lib64/libMagickCore.so.4(DrawImage+0x38e6)[0x7ffff76de736]
/usr/lib64/libMagickCore.so.4(+0x4629f)[0x7ffff765929f]
/usr/lib64/libMagickCore.so.4(+0x46d7e)[0x7ffff7659d7e]
/usr/lib64/libMagickCore.so.4(AnnotateImage+0x3af)[0x7ffff765b67f]
/usr/lib64/libMagickCore.so.4(DrawPrimitive+0x690)[0x7ffff76d9710]
/usr/lib64/libMagickCore.so.4(DrawImage+0x2781)[0x7ffff76dd5d1]
/usr/lib64/libMagickWand.so.4(MagickDrawImage+0xa4)[0x7ffff7b56a94]
/home/krzysztof/Dokumenty/prog/C/wlb[0x400dd2]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7ffff6f81bfd]
/home/krzysztof/Dokumenty/prog/C/wlb[0x400bf9]
======= Memory map: ========
00400000-00402000 r-xp 00000000 08:07 4335 /home/krzysztof/Dokumenty/prog/C/wlb
00402000-00403000 rw-p 00001000 08:07 4335 /home/krzysztof/Dokumenty/prog/C/wlb
00403000-005b9000 rw-p 00000000 00:00 0 [heap]
7ffff0000000-7ffff0021000 rw-p 00000000 00:00 0
7ffff0021000-7ffff4000000 ---p 00000000 00:00 0
7ffff4ad9000-7ffff4aee000 r-xp 00000000 08:06 210 /lib64/libgcc_s.so.1
7ffff4aee000-7ffff4ced000 ---p 00015000 08:06 210 /lib64/libgcc_s.so.1
7ffff4ced000-7ffff4cee000 r--p 00014000 08:06 210 /lib64/libgcc_s.so.1
7ffff4cee000-7ffff4cef000 rw-p 00015000 08:06 210 /lib64/libgcc_s.so.1
7ffff4d15000-7ffff4d48000 r--p 00000000 08:06 31080 /usr/share/fonts/truetype/ariali.ttf
7ffff4d48000-7ffff4d4a000 r-xp 00000000 08:06 325955 /usr/lib64/ImageMagick-6.6.9/modules-Q16/coders/xc.so
7ffff4d4a000-7ffff4f49000 ---p 00002000 08:06 325955 /usr/lib64/ImageMagick-6.6.9/modules-Q16/coders/xc.so
7ffff4f49000-7ffff4f4a000 r--p 00001000 08:06 325955 /usr/lib64/ImageMagick-6.6.9/modules-Q16/coders/xc.so
7ffff4f4a000-7ffff4f4b000 rw-p 00002000 08:06 325955 /usr/lib64/ImageMagick-6.6.9/modules-Q16/coders/xc.so
7ffff4f4b000-7ffff4f4d000 r-xp 00000000 08:06 264242 /usr/lib64/libXau.so.6.0.0
7ffff4f4d000-7ffff514d000 ---p 00002000 08:06 264242 /usr/lib64/libXau.so.6.0.0
7ffff514d000-7ffff514e000 r--p 00002000 08:06 264242 /usr/lib64/libXau.so.6.0.0
7ffff514e000-7ffff514f000 rw-p 00003000 08:06 264242 /usr/lib64/libXau.so.6.0.0
7ffff514f000-7ffff5176000 r-xp 00000000 08:06 1512 /lib64/libexpat.so.1.5.2
7ffff5176000-7ffff5376000 ---p 00027000 08:06 1512 /lib64/libexpat.so.1.5.2
7ffff5376000-7ffff5378000 r--p 00027000 08:06 1512 /lib64/libexpat.so.1.5.2
7ffff5378000-7ffff5379000 rw-p 00029000 08:06 1512 /lib64/libexpat.so.1.5.2
7ffff5379000-7ffff5381000 r-xp 00000000 08:06 4862 /lib64/librt-2.11.3.so
7ffff5381000-7ffff5580000 ---p 00008000 08:06 4862 /lib64/librt-2.11.3.so
7ffff5580000-7ffff5581000 r--p 00007000 08:06 4862 /lib64/librt-2.11.3.so
7ffff5581000-7ffff5582000 rw-p 00008000 08:06 4862 /lib64/librt-2.11.3.so
7ffff5582000-7ffff5584000 r-xp 00000000 08:06 4215 /lib64/libdl-2.11.3.so
7ffff5584000-7ffff5784000 ---p 00002000 08:06 4215 /lib64/libdl-2.11.3.so
7ffff5784000-7ffff5785000 r--p 00002000 08:06 4215 /lib64/libdl-2.11.3.so
7ffff5785000-7ffff5786000 rw-p 00003000 08:06 4215 /lib64/libdl-2.11.3.so
7ffff5786000-7ffff57a2000 r-xp 00000000 08:06 267872 /usr/lib64/libxcb.so.1.1.0
7ffff57a2000-7ffff59a1000 ---p 0001c000 08:06 267872 /usr/lib64/libxcb.so.1.1.0
7ffff59a1000-7ffff59a2000 r--p 0001b000 08:06 267872 /usr/lib64/libxcb.so.1.1.0
7ffff59a2000-7ffff59a3000 rw-p 0001c000 08:06 267872 /usr/lib64/libxcb.so.1.1.0
7ffff59a3000-7ffff59ac000 r-xp 00000000 08:06 268509 /usr/lib64/libltdl.so.7.2.1
7ffff59ac000-7ffff5bab000 ---p 00009000 08:06 268509 /usr/lib64/libltdl.so.7.2.1
7ffff5bab000-7ffff5bac000 r--p 00008000 08:06 268509 /usr/lib64/libltdl.so.7.2.1
7ffff5bac000-7ffff5bad000 rw-p 00009000 08:06 268509 /usr/lib64/libltdl.so.7.2.1
7ffff5bad000-7ffff5bc3000 r-xp 00000000 08:06 2102 /lib64/libz.so.1.2.5
7ffff5bc3000-7ffff5dc3000 ---p 00016000 08:06 2102 /lib64/libz.so.1.2.5
7ffff5dc3000-7ffff5dc4000 r--p 00016000 08:06 2102 /lib64/libz.so.1.2.5
7ffff5dc4000-7ffff5dc5000 rw-p 00017000 08:06 2102 /lib64/libz.so.1.2.5
7ffff5dc5000-7ffff5dd2000 r-xp 00000000 08:06 526 /lib64/libbz2.so.1.0.6
7ffff5dd2000-7ffff5fd2000 ---p 0000d000 08:06 526 /lib64/libbz2.so.1.0.6
7ffff5fd2000-7ffff5fd3000 r--p 0000d000 08:06 526 /lib64/libbz2.so.1.0.6
7ffff5fd3000-7ffff5fd4000 rw-p 0000e000 08:06 526 /lib64/libbz2.so.1.0.6
7ffff5fd4000-7ffff5fe6000 r-xp 00000000 08:06 264263 /usr/lib64/libXext.so.6.4.0
7ffff5fe6000-7ffff61e5000 ---p 00012000 08:06 264263 /usr/lib64/libXext.so.6.4.0
7ffff61e5000-7ffff61e6000 r--p 00011000 08:06 264263 /usr/lib64/libXext.so.6.4.0
7ffff61e6000-7ffff61e7000 rw-p 00012000 08:06 264263 /usr/lib64/libXext.so.6.4.0
7ffff61e7000-7ffff621c000 r-xp 00000000 08:06 268426 /usr/lib64/libfontconfig.so.1.4.4
7ffff621c000-7ffff641c000 ---p 00035000 08:06 268426 /usr/lib64/libfontconfig.so.1.4.4
7ffff641c000-7ffff641d000 r--p 00035000 08:06 268426 /usr/lib64/libfontconfig.so.1.4.4
7ffff641d000-7ffff641e000 rw-p 00036000 08:06 268426 /usr/lib64/libfontconfig.so.1.4.4
7ffff641e000-7ffff64a2000 r-xp 00000000 08:06 264295 /usr/lib64/libfreetype.so.6.6.2
7ffff64a2000-7ffff66a2000 ---p 00084000 08:06 264295 /usr/lib64/libfreetype.so.6.6.2
7ffff66a2000-7ffff66a7000 r--p 00084000 08:06 264295 /usr/lib64/libfreetype.so.6.6.2
7ffff66a7000-7ffff66a8000 rw-p 00089000 08:06 264295 /usr/lib64/libfreetype.so.6.6.2
7ffff66a8000-7ffff66dd000 r-xp 00000000 08:06 269930 /usr/lib64/liblcms.so.1.0.19
7ffff66dd000-7ffff68dc000 ---p 00035000 08:06 269930 /usr/lib64/liblcms.so.1.0.19
7ffff68dc000-7ffff68dd000 r--p 00034000 08:06 269930 /usr/lib64/liblcms.so.1.0.19
7ffff68dd000-7ffff68de000 rw-p 00035000 08:06 269930 /usr/lib64/liblcms.so.1.0.19
7ffff68de000-7ffff68e1000 rw-p 00000000 00:00 0
7ffff68e1000-7ffff6937000 r-xp 00000000 08:06 4233 /lib64/libm-2.11.3.so
7ffff6937000-7ffff6b36000 ---p 00056000 08:06 4233 /lib64/libm-2.11.3.so
7ffff6b36000-7ffff6b37000 r--p 00055000 08:06 4233 /lib64/libm-2.11.3.so
7ffff6b37000-7ffff6b38000 rw-p 00056000 08:06 4233 /lib64/libm-2.11.3.so
7ffff6b38000-7ffff6b45000 r-xp 00000000 08:06 268394 /usr/lib64/libgomp.so.1.0.0
7ffff6b45000-7ffff6d44000 ---p 0000d000 08:06 268394 /usr/lib64/libgomp.so.1.0.0
7ffff6d44000-7ffff6d45000 r--p 0000c000 08:06 268394 /usr/lib64/libgomp.so.1.0.0
7ffff6d45000-7ffff6d46000 rw-p 0000d000 08:06 268394 /usr/lib64/libgomp.so.1.0.0
7ffff6d46000-7ffff6d5d000 r-xp 00000000 08:06 1476 /lib64/libpthread-2.11.3.so
7ffff6d5d000-7ffff6f5d000 ---p 00017000 08:06 1476 /lib64/libpthread-2.11.3.so
7ffff6f5d000-7ffff6f5e000 r--p 00017000 08:06 1476 /lib64/libpthread-2.11.3.so
7ffff6f5e000-7ffff6f5f000 rw-p 00018000 08:06 1476 /lib64/libpthread-2.11.3.so
7ffff6f5f000-7ffff6f63000 rw-p 00000000 00:00 0
7ffff6f63000-7ffff70c7000 r-xp 00000000 08:06 33 /lib64/libc-2.11.3.so
7ffff70c7000-7ffff72c6000 ---p 00164000 08:06 33 /lib64/libc-2.11.3.so
7ffff72c6000-7ffff72ca000 r--p 00163000 08:06 33 /lib64/libc-2.11.3.so
7ffff72ca000-7ffff72cb000 rw-p 00167000 08:06 33 /lib64/libc-2.11.3.so
7ffff72cb000-7ffff72d0000 rw-p 00000000 00:00 0
7ffff72d0000-7ffff740d000 r-xp 00000000 08:06 268763 /usr/lib64/libX11.so.6.3.0
7ffff740d000-7ffff760d000 ---p 0013d000 08:06 268763 /usr/lib64/libX11.so.6.3.0
7ffff760d000-7ffff760e000 r--p 0013d000 08:06 268763 /usr/lib64/libX11.so.6.3.0
7ffff760e000-7ffff7613000 rw-p 0013e000 08:06 268763 /usr/lib64/libX11.so.6.3.0
7ffff7613000-7ffff7844000 r-xp 00000000 08:06 325976 /usr/lib64/libMagickCore.so.4.0.1
Program received signal SIGABRT, Aborted.
0x00007ffff6f95ab5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0 0x00007ffff6f95ab5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007ffff6f96fb6 in abort () at abort.c:92
#2 0x00007ffff6fd0dd3 in __libc_message (do_abort=2, fmt=0x7ffff70919b0 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
#3 0x00007ffff6fd63b6 in malloc_printerr (action=3, str=0x7ffff708eb7e "free(): invalid pointer", ptr=<value optimized out>) at malloc.c:6261
#4 0x00007ffff6fdb2dc in __libc_free (mem=<value optimized out>) at malloc.c:3733
#5 0x00007ffff7739b3f in RelinquishMagickMemory (memory=<value optimized out>) at magick/memory.c:754
#6 0x00007ffff76d0284 in TraceBezier (primitive_info=0x596080, number_coordinates=<value optimized out>) at magick/draw.c:5088
#7 0x00007ffff76de736 in TracePath (image=0x41e830, draw_info=0x561be0) at magick/draw.c:5420
#8 DrawImage (image=0x41e830, draw_info=0x561be0) at magick/draw.c:3020
#9 0x00007ffff765929f in RenderFreetype (image=0x41e830, draw_info=<value optimized out>, encoding=<value optimized out>, offset=0x7fffffff0480, metrics=<value optimized out>) at magick/annotate.c:1458
#10 0x00007ffff7659d7e in RenderType (image=0x41e830, draw_info=<value optimized out>, offset=0x7fffffff0480, metrics=0x7fffffff03b0) at magick/annotate.c:903
#11 0x00007ffff765b67f in AnnotateImage (image=0x41e830, draw_info=0x46e210) at magick/annotate.c:481
#12 0x00007ffff76d9710 in DrawPrimitive (image=0x41e830, draw_info=<value optimized out>, primitive_info=0x457e80) at magick/draw.c:4403
#13 0x00007ffff76dd5d1 in DrawImage (image=0x41e830, draw_info=0x415c90) at magick/draw.c:3108
#14 0x00007ffff7b56a94 in MagickDrawImage (wand=0x408a00, drawing_wand=<value optimized out>) at wand/magick-image.c:2759
#15 0x0000000000400dd2 in main (p_arg_count=1, p_args=0x7fffffffdc58) at wlb.c:50

and I still get control_points == 600, and *primitive_info shows the same shift: the mantissa, if any, is treated as the following number. I can see at magick/draw.c:2860 that the numbers are separated by spaces:

M4 -2L5 -2Q4,6875 -0,984375 4,10938 -0,609375Q3,53125 -0,25 2,79688 0Q1,98438 0 1,48438 -0,703125Q1 -1,40625 1 -2,6875Q1 -3,78125 1,35938 -4,82812Q1,73438 -5,89062 2,54688 -6,4375Q3,375 -7 4 -7Q4,9218

However, stdtod is unable to read them back anyway which is strange; however, the first loop only calculates the length and throws away the values (I cannot approve of this; it is much cheaper to grow a buffer than to reinvoke strtod).

Please observe:

• TracePath still assumes that the separator is a comma;
• GetMagickToken still expects the comma as a separator (at magick/token.c:233 &al.);

Note also that you invoke strtod three times for every number: once in counting the elements, once in tokenizing and only the last call actually fills in the value. No wonder IM is soo slooow (at least when it is rendering text)

[magick]

We'll use strtod_l() and specify the C locale in ImageMagick 6.6.9-10 Beta to fix the problem you reported. Unfortunately vsnprintf_l() is not available yet in glibc (it is available under Windows). We'll use uselocale() instead for Linux until vsnprintf_l() is supported.