GNOME Bugzilla – Bug 624820
NULL-ptr dereference in rsvg-mask.c:91
Last modified: 2011-11-09 17:25:07 UTC
Library: 2.31.0 compiled with '-O0 -g' Testcase: http://alt.swiecki.net/j/s/sigsegv3.svg $ gdb ./rsvg-convert (gdb) r "SIGSEGV.PC.0x7ffff53aa84c.CODE.1.ADDR.(nil).INSTR.movlpd_xmm1,_[rdi].svg" Program received signal SIGSEGV, Segmentation fault. __strncmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:99 99 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. in ../sysdeps/x86_64/multiarch/../strcmp.S (gdb) up 0x000000000042be08 in rsvg_get_url_string (str=0x0) at rsvg-mask.c:91 91 if (!strncmp (str, "url(", 4)) { (gdb) p str $1 = 0x0 (gdb) bt 0 __strncmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:99 1 0x000000000042be08 in rsvg_get_url_string (str=0x0) at rsvg-mask.c:91 2 0x000000000042b3a8 in rsvg_marker_parse (defs=0x650220, str=0x0) at rsvg-marker.c:195 3 0x000000000040ca32 in rsvg_parse_style_pair (ctx=0x650800, state=0x667a00, name=0x665030 "marker 4 0x000000000040d6df in rsvg_parse_style (ctx=0x650800, state=0x667a00, str=0x666fa0 "fill:none;fi 5 0x000000000040e81d in rsvg_parse_style_attrs (ctx=0x650800, state=0x667a00, tag=0x4399bb "path", 6 0x000000000042c35c in rsvg_node_path_set_atts (self=0x6667b0, ctx=0x650800, atts=0x664450) at rs 7 0x0000000000413156 in rsvg_node_set_atts (node=0x6667b0, ctx=0x650800, atts=0x664450) at rsvg-ba 8 0x000000000040f99a in rsvg_standard_element_start (ctx=0x650800, name=0x6546e7 "path", atts=0x66 9 0x0000000000410714 in rsvg_start_element (data=0x650800, name=0x6546e7 "path", atts=0x651000) at 10 0x00007ffff7604de3 in xmlParseStartTag () from /usr/lib/libxml2.so.2 11 0x00007ffff760ad82 in ?? () from /usr/lib/libxml2.so.2 12 0x00007ffff760bc01 in xmlParseChunk () from /usr/lib/libxml2.so.2 13 0x000000000041176b in rsvg_handle_write_impl (handle=0x650800, buf=0x7ffff7f11010 "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n<!-- Created w "..., count=231957, error=0x7fffffffe4a8) at rsvg-base.c:1164 14 0x00000000004127ad in rsvg_handle_write (handle=0x650800, buf=0x7ffff7f11010 "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n<!-- Created w "..., count=231957, error=0x7fffffffe4a8) at rsvg-base.c:1737 15 0x0000000000409dc5 in rsvg_handle_fill_with_data (handle=0x650800, data=0x7ffff7f11010 "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n<!-- Created n "..., data_len=231957, error=0x7fffffffe4a8) at rsvg-base-file-util.c:38 16 0x0000000000409f36 in rsvg_handle_new_from_file (file_name=0x647730 "SIGSEGV.PC.0x7ffff53aa84c.C 17 0x0000000000407775 in main (argc=1, argv=0x7fffffffe618) at rsvg-convert.c:228
Created attachment 170635 [details] [review] Patch
The URL is 404, can you attach the input file here please?
Fixed on master.