After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 624835 - NULL-ptr derecence (write) in rsvg-filter.c:1211
NULL-ptr derecence (write) in rsvg-filter.c:1211
Status: RESOLVED FIXED
Product: librsvg
Classification: Core
Component: general
2.31.x
Other Linux
: Normal normal
: ---
Assigned To: librsvg maintainers
librsvg maintainers
: 655606 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2010-07-20 14:22 UTC by Robert Swiecki
Modified: 2011-11-09 17:19 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Patch (1.20 KB, patch)
2010-09-20 06:51 UTC, Kurosawa Takeshi 		none Details | Review

Description Robert Swiecki 2010-07-20 14:22:44 UTC 
Library 2.31.0 compiled with '-O0 -g'

Link: http://alt.swiecki.net/j/s/sigsegv5.svg

$ gdb ./rsvg-convert

(gdb) r "SIGSEGV.PC.0x420254.CODE.1.ADDR.(nil).INSTR.movsd_xmm0,_[rax].svg"

Program received signal SIGSEGV, Segmentation fault.
0x0000000000420254 in rsvg_filter_primitive_convolve_matrix_set_atts (self=0x65ffd0, ctx=0x655000, atts=0x65dde0) at rsvg-filter.c:1211
1211	                filter->divisor += filter->KernelMatrix[j + i * filter->orderx];

(gdb) p filter->KernelMatrix
$1 = (double *) 0x0

0  0x0000000000420254 in rsvg_filter_primitive_convolve_matrix_set_atts (self=0x65ffd0, ct
1  0x0000000000413156 in rsvg_node_set_atts (node=0x65ffd0, ctx=0x655000, atts=0x65dde0) a
2  0x000000000040f99a in rsvg_standard_element_start (ctx=0x655000, name=0x6588d6 "feConvo
3  0x0000000000410714 in rsvg_start_element (data=0x655000, name=0x6588d6 "feConvolveMatri
4  0x00007ffff7604de3 in xmlParseStartTag () from /usr/lib/libxml2.so.2
5  0x00007ffff760ad82 in ?? () from /usr/lib/libxml2.so.2
6  0x00007ffff760bc01 in xmlParseChunk () from /usr/lib/libxml2.so.2
7  0x000000000041176b in rsvg_handle_write_impl (handle=0x655000, 
    buf=0x64ffd0 "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<!DOCTYPE svg PUBLIC \"-//W
 count=8744, error=0x7fffffffe4a8) at rsvg-base.c:1164
8  0x00000000004127ad in rsvg_handle_write (handle=0x655000, 
    buf=0x64ffd0 "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<!DOCTYPE svg PUBLIC \"-//W
 count=8744, error=0x7fffffffe4a8) at rsvg-base.c:1737
9  0x0000000000409dc5 in rsvg_handle_fill_with_data (handle=0x655000, 
    data=0x64ffd0 "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<!DOCTYPE svg PUBLIC \"-//
, data_len=8744, error=0x7fffffffe4a8) at rsvg-base-file-util.c:38
10 0x0000000000409f36 in rsvg_handle_new_from_file (file_name=0x6465f0 "SIGSEGV.PC.0x42025
11 0x0000000000407775 in main (argc=1, argv=0x7fffffffe618) at rsvg-convert.c:228
Comment 1 Kurosawa Takeshi 2010-09-20 06:51:54 UTC 
Created attachment 170630 [details] [review]
Patch
Comment 2 Christian Persch 2011-09-06 11:28:05 UTC 
The URL is 404, can you attach the input file here please?
Comment 3 Christian Persch 2011-11-07 22:10:55 UTC 
*** Bug 655606 has been marked as a duplicate of this bug. ***
Comment 4 Christian Persch 2011-11-07 22:11:45 UTC 
There's a testcase in bug 655606 with attachment 192889 [details].
Comment 5 Christian Persch 2011-11-09 17:19:22 UTC 
Fixed on master.