Bug 689958 – webkit svg parsing regression with libxml2 2.9.0

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 689958 - webkit svg parsing regression with libxml2 2.9.0


Summary:	webkit svg parsing regression with libxml2 2.9.0


Status:	RESOLVED FIXED

Product:	libxml2
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Daniel Veillard
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2012-12-10 10:01 UTC by Dan Winship
Modified:	2012-12-21 03:15 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
svg (649 bytes, image/svg+xml) 2012-12-10 10:02 UTC, Dan Winship		Details
js (435 bytes, text/plain) 2012-12-10 10:02 UTC, Dan Winship		Details
patch (443 bytes, patch) 2012-12-10 10:02 UTC, Dan Winship	none	Details \| Review

Description Dan Winship 2012-12-10 10:01:38 UTC

With libxml2 2.9.0, WebKit now fails to correctly parse certain SVG files.

Save the first two attachments here to the same directory, and try to open the svg in epiphany. With libxml2 2.8.0, you'll see a green polygon, which will then immediately get redrawn to intersect itself. With libxml2 2.9.0, you'll see the polygon, but it doesn't redraw, because the javascript isn't getting run.

The regression appears to have happened in http://git.gnome.org/browse/libxml2/commit/?id=5353bbf, and the attached patch appears to fix it, though I'm not sure if it's actually *right*...

Comment 1 Dan Winship 2012-12-10 10:02:01 UTC

Created attachment 231128 [details]
svg

Comment 2 Dan Winship 2012-12-10 10:02:21 UTC

Created attachment 231129 [details]
js

Comment 3 Dan Winship 2012-12-10 10:02:43 UTC

Created attachment 231130 [details] [review]
patch

Comment 4 Daniel Veillard 2012-12-10 13:29:00 UTC

  Hi Dan,

 thanks for the report and the patch though I'm afraid a bit more work
may be needed.
I will have to find the details. The problem is that we are entering
the internal subset, and we can only exit it once the sequence ']>' is
found. The '>' actually can occur in many places in the internal subset
so that's not a good candidate, it may fix your issue in that case but
sounds wrong. I may actually need a real code fix to avoid this, I will
debug the issue but I'm right back from vacations and with a pile of
stuff to sort out :-) . Later this week, ping me if you didn't heard from
me within a couple of days !

Daniel

P.S.: I just looked at the svg and there isn't internal subset, just a
DOCTYPE, so the bug might be somewhere else. TODO

Comment 5 Daniel Veillard 2012-12-21 03:15:47 UTC

okay i double checked and the patch is correct, when entering that parser
state we do look for '>' and not ']' , I think the result is that the parsing
sequence of the SVG file is changed and the actual parse is completed only
when the whole file is loaded, i.e. when reaching the last chunk. Why this
influences the actual handling of the SVG is a bit surprizing, it's just that
the file will be parser all at once instead of progressingly, but if the
patch fixes the issue, no problem, it is right anyway :-)


http://git.gnome.org/browse/libxml2/commit/?id=cf8f0424db45c43ecda812b7c238ece5e2398107

  Commited, thanks !

Daniel