GNOME Bugzilla – Bug 621088
Crash when rendering tests/svg1.1/svg/masking-path-04-b.svg
Last modified: 2017-09-01 15:04:06 UTC
Program received signal SIGABRT, Aborted. 0x00007ffff4257a75 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. in ../nptl/sysdeps/unix/sysv/linux/raise.c (gdb) bt
+ Trace 222320
Created attachment 165521 [details] [review] Fix
Created attachment 165522 [details] [review] Fix with test data. I am sorry, the previous patch did not have test data.
The crash was already fixed on master; the remaining bits are just the + if (!clipping) + rsvg_bbox_insert (...) bits. Are these required? I can't see a rendering difference with or without them in the masking-path-04-b.svg testcase.
*** Bug 654642 has been marked as a duplicate of this bug. ***
*** Bug 630733 has been marked as a duplicate of this bug. ***
The reason for the crash is that rsvg_cairo_clip_render_new() creates an invalid clip_render->super --- the parent class RsvgCairoRender. The RsvgCairoRender is left with an uninitialized bbox field. I'm fixing this, along with text clipping in general.
Review of attachment 165522 [details] [review]: We don't need to special-case "is_clipping"; we need to guarantee that there is a valid bbox field in the RsvgCairoClipRender->super. Also, we need to maintain the bbox as usual in rsvg_cairo_render_pango_layout(); otherwise clipped objects won't know their viewport size. I'll replace this patch with an improved one.
Fixed in the librsvg-2.40 branch in these commits: 66c0f991db5ffe3e20f8d30c629d1c71148c746f 63ddae44a21405b6cb2dae9e465574d3c48c47d9 Fixed in the master branch in these commits: 589e2dcf53bd05213bb17ed48e24d3f166e4fc92 bdc1d2c6975c7882351b3fe0401fee1448444767