Bug 777155 – Zero-sized pattern crashes the rendering code

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 777155 - Zero-sized pattern crashes the rendering code


Summary:	Zero-sized pattern crashes the rendering code


Status:	RESOLVED FIXED

Product:	librsvg
Classification:	Core
Component:	general
Version:	2.41.x
Hardware:	Other All

Importance:	Normal major
Target Milestone:	---
Assigned To:	librsvg maintainers
QA Contact:	librsvg maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2017-01-11 21:56 UTC by Federico Mena Quintero
Modified:	2017-01-11 22:00 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
zero-sized-pattern.svg (1.50 KB, image/svg+xml) 2017-01-11 21:56 UTC, Federico Mena Quintero	Details

Description Federico Mena Quintero 2017-01-11 21:56:45 UTC

Created attachment 343332 [details]
zero-sized-pattern.svg

The boom.tar.gz referenced in http://seclists.org/oss-sec/2016/q3/7 contains a fuzzed SVG with a zero-sized pattern.  This crashes the rendering code, as it tries to invert a zero-sized scaling matrix.

Attaching the file for reference.

Comment 1 Federico Mena Quintero 2017-01-11 22:00:16 UTC

Fixed in commit 45d855f82ba6ddaa534f42ee22783a90955bb160.