After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 624820 - NULL-ptr dereference in rsvg-mask.c:91
NULL-ptr dereference in rsvg-mask.c:91
Status: RESOLVED FIXED
Product: librsvg
Classification: Core
Component: general
2.31.x
Other Linux
: Normal normal
: ---
Assigned To: librsvg maintainers
librsvg maintainers
Depends on:
Blocks:
 
 
Reported: 2010-07-20 12:09 UTC by Robert Swiecki
Modified: 2011-11-09 17:25 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Patch (2.79 KB, patch)
2010-09-20 08:00 UTC, Kurosawa Takeshi
none Details | Review

Description Robert Swiecki 2010-07-20 12:09:09 UTC
Library: 2.31.0 compiled with '-O0 -g'

Testcase: http://alt.swiecki.net/j/s/sigsegv3.svg

$ gdb ./rsvg-convert
(gdb) r "SIGSEGV.PC.0x7ffff53aa84c.CODE.1.ADDR.(nil).INSTR.movlpd_xmm1,_[rdi].svg"

Program received signal SIGSEGV, Segmentation fault.
__strncmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:99
99	../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory.
	in ../sysdeps/x86_64/multiarch/../strcmp.S

(gdb) up
0x000000000042be08 in rsvg_get_url_string (str=0x0) at rsvg-mask.c:91
91	    if (!strncmp (str, "url(", 4)) {

(gdb) p str
$1 = 0x0

(gdb) bt
0  __strncmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:99
1  0x000000000042be08 in rsvg_get_url_string (str=0x0) at rsvg-mask.c:91
2  0x000000000042b3a8 in rsvg_marker_parse (defs=0x650220, str=0x0) at rsvg-marker.c:195
3  0x000000000040ca32 in rsvg_parse_style_pair (ctx=0x650800, state=0x667a00, name=0x665030 "marker
4  0x000000000040d6df in rsvg_parse_style (ctx=0x650800, state=0x667a00, str=0x666fa0 "fill:none;fi
5  0x000000000040e81d in rsvg_parse_style_attrs (ctx=0x650800, state=0x667a00, tag=0x4399bb "path",
6  0x000000000042c35c in rsvg_node_path_set_atts (self=0x6667b0, ctx=0x650800, atts=0x664450) at rs
7  0x0000000000413156 in rsvg_node_set_atts (node=0x6667b0, ctx=0x650800, atts=0x664450) at rsvg-ba
8  0x000000000040f99a in rsvg_standard_element_start (ctx=0x650800, name=0x6546e7 "path", atts=0x66
9  0x0000000000410714 in rsvg_start_element (data=0x650800, name=0x6546e7 "path", atts=0x651000) at
10 0x00007ffff7604de3 in xmlParseStartTag () from /usr/lib/libxml2.so.2
11 0x00007ffff760ad82 in ?? () from /usr/lib/libxml2.so.2
12 0x00007ffff760bc01 in xmlParseChunk () from /usr/lib/libxml2.so.2
13 0x000000000041176b in rsvg_handle_write_impl (handle=0x650800, 
    buf=0x7ffff7f11010 "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n<!-- Created w
  "..., count=231957, error=0x7fffffffe4a8) at rsvg-base.c:1164
14 0x00000000004127ad in rsvg_handle_write (handle=0x650800, 
    buf=0x7ffff7f11010 "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n<!-- Created w
  "..., count=231957, error=0x7fffffffe4a8) at rsvg-base.c:1737
15 0x0000000000409dc5 in rsvg_handle_fill_with_data (handle=0x650800, 
    data=0x7ffff7f11010 "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n<!-- Created 
n  "..., data_len=231957, error=0x7fffffffe4a8) at rsvg-base-file-util.c:38
16 0x0000000000409f36 in rsvg_handle_new_from_file (file_name=0x647730 "SIGSEGV.PC.0x7ffff53aa84c.C
17 0x0000000000407775 in main (argc=1, argv=0x7fffffffe618) at rsvg-convert.c:228
Comment 1 Kurosawa Takeshi 2010-09-20 08:00:42 UTC
Created attachment 170635 [details] [review]
Patch
Comment 2 Christian Persch 2011-09-06 11:27:06 UTC
The URL is 404, can you attach the input file here please?
Comment 3 Christian Persch 2011-11-09 17:25:07 UTC
Fixed on master.