After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 776947 - SIGSEGV in rsvg_internals::length::RsvgLength::normalize::h5c9c1794f7b06aba
SIGSEGV in rsvg_internals::length::RsvgLength::normalize::h5c9c1794f7b06aba
Status: RESOLVED OBSOLETE
Product: librsvg
Classification: Core
Component: general
2.41.x
Other Linux
: Normal major
: ---
Assigned To: librsvg maintainers
librsvg maintainers
Depends on:
Blocks:
 
 
Reported: 2017-01-06 14:26 UTC by yan12125
Modified: 2017-09-01 16:03 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
A crashing sample (7.72 KB, image/svg+xml)
2017-01-06 14:26 UTC, yan12125 		Details

Description yan12125 2017-01-06 14:26:18 UTC 
Created attachment 343023 [details]
A crashing sample

The following test program:

#include <gtk/gtk.h>

int main(int argc, char *argv[])
{
    gtk_init(&argc, &argv);
    GtkStatusIcon *icon;
    icon = gtk_status_icon_new();
    gtk_status_icon_set_from_file(icon, "ibus-chewing-chi-half.svg");
}

Crashes with a probabiliy of 80% on 2.41.0. 2.40.16 works just fine. ibus-chewing-chi-half.svg is attached below. It's from https://raw.githubusercontent.com/definite/ibus-chewing/master/icons/ibus-chewing-chi-half.svg

Here's a sample GDB backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007fffeceb459b in rsvg_internals::length::RsvgLength::normalize::h5c9c1794f7b06aba ()
   from /usr/lib/librsvg-2.so.2
(gdb) bt

+ Trace 237037

  • #0 rsvg_internals::length::RsvgLength::normalize::h5c9c1794f7b06aba
  • #1 get_light_direction
    at rsvg-filter.c line 4320
  • #2 rsvg_filter_primitive_specular_lighting_render
    at rsvg-filter.c line 4693
  • #3 rsvg_filter_primitive_render
    at rsvg-filter.c line 149
  • #4 render_child_if_filter_primitive
    at rsvg-filter.c line 553
  • #5 rsvg_node_foreach_child
    at rsvg-base.c line 466
  • #6 rsvg_filter_render
    at rsvg-filter.c line 599
  • #7 rsvg_cairo_pop_render_stack
    at rsvg-cairo-draw.c line 872
  • #8 rsvg_cairo_pop_discrete_layer
    at rsvg-cairo-draw.c line 927
  • #9 rsvg_cairo_render_path_builder
    at rsvg-cairo-draw.c line 574
  • #10 _rsvg_node_rect_draw
    at rsvg-shapes.c line 460
  • #11 rsvg_node_draw
    at rsvg-structure.c line 56
  • #12 draw_child
    at rsvg-structure.c line 71
  • #13 rsvg_node_foreach_child
    at rsvg-base.c line 466
  • #14 rsvg_node_svg_draw
    at rsvg-structure.c line 319
  • #15 rsvg_node_draw
    at rsvg-structure.c line 56
  • #16 rsvg_handle_render_cairo_sub
    at rsvg-cairo-render.c line 230
  • #17 rsvg_handle_get_pixbuf_sub
    at rsvg.c line 90
  • #18 rsvg_handle_get_pixbuf
    at rsvg.c line 119
  • #19 gdk_pixbuf__svg_image_stop_load
    at io-svg.c line 159
  • #20 0x00007ffff6b68362 in
  • #21 gdk_pixbuf_new_from_file
  • #22 gtk_status_icon_set_from_file
  • #23 main 






Comment 1


Massimo





          2017-01-08 17:44:48 UTC
        



Matching here:

https://git.gnome.org/browse/librsvg/tree/rsvg-filter.c#n4428

data->type to the element_name silences many valgrind warnings 
when opening the file with rsvg-view-3.






Comment 2


Federico Mena Quintero





          2017-09-01 16:03:31 UTC
        



I'm going to close this bug as obsolete.  It seems to work fine with the master branch right now.

I *think* the fix may have come along with the changes to make node creation be done from an array of supported node names, and from the subsequent changes to ensure that child implementations get the correct node type.