After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 621636 - crashed with SIGSEGV in rsvg_css_parse_xml_attribute_string
crashed with SIGSEGV in rsvg_css_parse_xml_attribute_string
Status: RESOLVED FIXED
Product: librsvg
Classification: Core
Component: general
unspecified
Other Linux
: Normal critical
: ---
Assigned To: librsvg maintainers
librsvg maintainers
Depends on:
Blocks:
 
 
Reported: 2010-06-15 13:02 UTC by Pedro Villavicencio
Modified: 2011-11-14 12:40 UTC
See Also:
GNOME target: ---
GNOME version: 2.29/2.30

Attachments
Fix (950 bytes, patch)
2010-07-09 00:02 UTC, Hiroyuki Ikezoe 		none Details | Review

Description Pedro Villavicencio 2010-06-15 13:02:56 UTC 
this report has been filed here:

https://bugs.edge.launchpad.net/ubuntu/+source/librsvg/+bug/594120

"eog segfaults when opening the attached SVG file."

"Hilo 2 (Thread 0xb7e08b70 (LWP 3200)):

+ Trace 222415

  • #0 rsvg_css_parse_xml_attribute_string
    at rsvg-css.c line 1250
  • #1 rsvg_processing_instruction
    at rsvg-base.c line 919
  • #2 xmlParsePI__internal_alias
    at parser.c line 4897
  • #3 xmlParseTryOrFinish
    at parser.c line 11126
  • #4 xmlParseChunk__internal_alias
    at parser.c line 11602
  • #5 rsvg_handle_write_impl
    at rsvg-base.c line 1128
  • #6 ??
    from /usr/lib/gtk-2.0/2.10.0/loaders/svg_loader.so
  • #7 IA__gdk_pixbuf_loader_write
    at /build/buildd/gtk+2.0-2.20.1/gdk-pixbuf/gdk-pixbuf-loader.c line 473
  • #8 eog_image_real_load
    at eog-image.c line 991
  • #9 eog_image_load
    at eog-image.c line 1206
  • #10 eog_job_load_run
    at eog-jobs.c line 336
  • #11 eog_job_run
    at eog-jobs.c line 153
  • #12 handle_job
    at eog-job-queue.c line 77
  • #13 eog_render_thread
    at eog-job-queue.c line 146
  • #14 g_thread_create_proxy
    at /build/buildd/glib2.0-2.24.1/glib/gthread.c line 1893
  • #15 start_thread
    at pthread_create.c line 300
  • #16 clone
    at ../sysdeps/unix/sysv/linux/i386/clone.S line 130
  • #0 __kernel_vsyscall
  • #1 *__GI___poll
    at ../sysdeps/unix/sysv/linux/poll.c line 87
  • #2 IA__g_poll
    at /build/buildd/glib2.0-2.24.1/glib/gpoll.c line 127
  • #3 g_main_context_poll
    at /build/buildd/glib2.0-2.24.1/glib/gmain.c line 2904
  • #4 g_main_context_iterate
    at /build/buildd/glib2.0-2.24.1/glib/gmain.c line 2586
  • #5 IA__g_main_loop_run
    at /build/buildd/glib2.0-2.24.1/glib/gmain.c line 2799
  • #6 IA__gtk_main
    at /build/buildd/gtk+2.0-2.20.1/gtk/gtkmain.c line 1219
  • #7 main
    at main.c line 239 






Comment 1


Hiroyuki Ikezoe





          2010-06-16 11:51:31 UTC
        



Can you attach the problematic svg file here, please?






Comment 2


Pedro Villavicencio





          2010-06-16 13:42:39 UTC
        



oh yes sorry , it was attached to launchpad so i'm linking it here: http://launchpadlibrarian.net/50316115/sample.svg.gz . Thanks Hiroyuki.






Comment 3


Christian Persch





          2010-06-26 13:56:54 UTC
        



Confirmed on librsvg git master.






Comment 4


Hiroyuki Ikezoe





          2010-07-09 00:02:30 UTC
        



Created attachment 165524 [details] [review]
Fix






Comment 5


Christian Persch





          2011-11-14 12:40:26 UTC
        



Fixed on master. Unfortunately libxml2 has no support for parsing the contents of the <?xml-stylesheet ... ?> as pseudo-attributes according to xml-stylesheet spec [http://www.w3.org/TR/xml-stylesheet/], but this is near enough.