desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #29256
[Bug 825497] Re: eog crashed with SIGSEGV in rsvg_filter_primitive_render()
** Description changed:
-
- eg/librsvg crashes when attempting to call NULL while opening the attached reproducer. Marking initially as vuln since i did not check whether the call address can be changed to something else than just NULL. Backtrace:
+ eog/librsvg crashes when attempting to call NULL while opening the
+ attached reproducer. Marking initially as vuln since i did not check
+ whether the call address can be changed to something else than just
+ NULL. Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7d81b70 (LWP 17083)]
0x00000000 in ?? ()
(gdb) bt
#0 0x00000000 in ?? ()
- #1 0x002b7d08 in rsvg_filter_primitive_render (ctx=0x8357b28,
- self=<optimized out>) at rsvg-filter.c:85
- #2 rsvg_filter_render (self=0x82e57f8, source=0x82ce4f8, context=0x82ddfd0,
- bounds=0x82f9140, channelmap=0x2cf6cb "2103") at rsvg-filter.c:499
+ #1 0x002b7d08 in rsvg_filter_primitive_render (ctx=0x8357b28,
+ self=<optimized out>) at rsvg-filter.c:85
+ #2 rsvg_filter_render (self=0x82e57f8, source=0x82ce4f8, context=0x82ddfd0,
+ bounds=0x82f9140, channelmap=0x2cf6cb "2103") at rsvg-filter.c:499
#3 0x002ca0e7 in rsvg_cairo_pop_render_stack (ctx=0x82ddfd0)
- at rsvg-cairo-draw.c:970
+ at rsvg-cairo-draw.c:970
#4 rsvg_cairo_pop_discrete_layer (ctx=0x82ddfd0) at rsvg-cairo-draw.c:1023
#5 0x002c71cf in rsvg_pop_discrete_layer (ctx=0x82ddfd0) at rsvg-base.c:2049
- #6 0x002c3df3 in _rsvg_node_text_type_children (ctx=0x82ddfd0, x=0xb7d80b80,
- y=0xb7d80b88, lastwasspace=0xb7d80b9c, self=<optimized out>)
- at rsvg-text.c:188
- #7 0x002c40d9 in _rsvg_node_text_draw (self=0x82ffe50, ctx=0x82ddfd0,
- dominate=0) at rsvg-text.c:254
+ #6 0x002c3df3 in _rsvg_node_text_type_children (ctx=0x82ddfd0, x=0xb7d80b80,
+ y=0xb7d80b88, lastwasspace=0xb7d80b9c, self=<optimized out>)
+ at rsvg-text.c:188
+ #7 0x002c40d9 in _rsvg_node_text_draw (self=0x82ffe50, ctx=0x82ddfd0,
+ dominate=0) at rsvg-text.c:254
#8 0x002bdd54 in rsvg_node_draw (self=0x82ffe50, ctx=0x82ddfd0, dominate=0)
- at rsvg-structure.c:69
- #9 0x002be1c7 in _rsvg_node_draw_children (self=0x82ff7e8, ctx=0x82ddfd0,
- dominate=0) at rsvg-structure.c:87
+ at rsvg-structure.c:69
+ #9 0x002be1c7 in _rsvg_node_draw_children (self=0x82ff7e8, ctx=0x82ddfd0,
+ dominate=0) at rsvg-structure.c:87
#10 0x002bdd54 in rsvg_node_draw (self=0x82ff7e8, ctx=0x82ddfd0, dominate=0)
- at rsvg-structure.c:69
- #11 0x002be1c7 in _rsvg_node_draw_children (self=0x82fec40, ctx=0x82ddfd0,
- dominate=0) at rsvg-structure.c:87
+ at rsvg-structure.c:69
+ #11 0x002be1c7 in _rsvg_node_draw_children (self=0x82fec40, ctx=0x82ddfd0,
+ dominate=0) at rsvg-structure.c:87
#12 0x002bdd54 in rsvg_node_draw (self=0x82fec40, ctx=0x82ddfd0, dominate=0)
---Type <return> to continue, or q <return> to quit---
- at rsvg-structure.c:69
- #13 0x002be0bf in rsvg_node_svg_draw (self=0x82ec768, ctx=0x82ddfd0,
- dominate=0) at rsvg-structure.c:326
+ at rsvg-structure.c:69
+ #13 0x002be0bf in rsvg_node_svg_draw (self=0x82ec768, ctx=0x82ddfd0,
+ dominate=0) at rsvg-structure.c:326
#14 0x002bdd54 in rsvg_node_draw (self=0x82ec768, ctx=0x82ddfd0, dominate=0)
- at rsvg-structure.c:69
- #15 0x002be1c7 in _rsvg_node_draw_children (self=0x8306a80, ctx=0x82ddfd0,
- dominate=0) at rsvg-structure.c:87
+ at rsvg-structure.c:69
+ #15 0x002be1c7 in _rsvg_node_draw_children (self=0x8306a80, ctx=0x82ddfd0,
+ dominate=0) at rsvg-structure.c:87
#16 0x002bdd54 in rsvg_node_draw (self=0x8306a80, ctx=0x82ddfd0, dominate=0)
- at rsvg-structure.c:69
- #17 0x002be0bf in rsvg_node_svg_draw (self=0x82e8940, ctx=0x82ddfd0,
- dominate=0) at rsvg-structure.c:326
+ at rsvg-structure.c:69
+ #17 0x002be0bf in rsvg_node_svg_draw (self=0x82e8940, ctx=0x82ddfd0,
+ dominate=0) at rsvg-structure.c:326
#18 0x002bdd54 in rsvg_node_draw (self=0x82e8940, ctx=0x82ddfd0, dominate=0)
- at rsvg-structure.c:69
- #19 0x002cb804 in rsvg_handle_render_cairo_sub (handle=0x80eb738, cr=0xa98520,
- id=0x0) at rsvg-cairo-render.c:234
+ at rsvg-structure.c:69
+ #19 0x002cb804 in rsvg_handle_render_cairo_sub (handle=0x80eb738, cr=0xa98520,
+ id=0x0) at rsvg-cairo-render.c:234
#20 0x002cbd53 in rsvg_handle_get_pixbuf_sub (handle=0x80eb738, id=0x0)
- at rsvg.c:101
+ at rsvg.c:101
#21 0x002cbe53 in rsvg_handle_get_pixbuf (handle=0x80eb738) at rsvg.c:137
#22 0x08062a91 in eog_image_load ()
#23 0x08066424 in ?? ()
#24 0x080676a4 in eog_job_run ()
#25 0x080650e1 in ?? ()
#26 0x00e39444 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
---Type <return> to continue, or q <return> to quit---
#27 0x00ee3d31 in start_thread (arg=0xb7d81b70) at pthread_create.c:304
#28 0x00fc9e3e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
Backtrace stopped: Not enough registers or memory available to unwind further
ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: eog 3.1.4-0ubuntu2
ProcVersionSignature: Ubuntu 3.0-3.4-generic 3.0.0-rc5
Uname: Linux 3.0-3-generic i686
Architecture: i386
Date: Fri Aug 12 23:53:54 2011
Disassembly: => 0x0: Cannot access memory at address 0x0
ExecutablePath: /usr/bin/eog
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Alpha i386 (20110705.1)
ProcCmdline: eog sample.svg
ProcEnviron:
- SHELL=/bin/bash
- LANG=en_US.UTF-8
+ SHELL=/bin/bash
+ LANG=en_US.UTF-8
SegvAnalysis:
- Segfault happened at: 0x0: Cannot access memory at address 0x0
- PC (0x00000000) not located in a known VMA region (needed executable region)!
- Stack memory exhausted (SP below stack segment)
+ Segfault happened at: 0x0: Cannot access memory at address 0x0
+ PC (0x00000000) not located in a known VMA region (needed executable region)!
+ Stack memory exhausted (SP below stack segment)
SegvReason: executing NULL VMA
Signal: 11
SourcePackage: eog
StacktraceTop:
- ?? ()
- rsvg_filter_primitive_render (ctx=0xa03e438, self=<optimized out>) at rsvg-filter.c:85
- rsvg_filter_render (self=0x9fe10f0, source=0x9fb44f8, context=0x9fb7118, bounds=0x9fceba0, channelmap=0x4a56cb "2103") at rsvg-filter.c:499
- rsvg_cairo_pop_render_stack (ctx=0x9fb7118) at rsvg-cairo-draw.c:970
- rsvg_cairo_pop_discrete_layer (ctx=0x9fb7118) at rsvg-cairo-draw.c:1023
+ ?? ()
+ rsvg_filter_primitive_render (ctx=0xa03e438, self=<optimized out>) at rsvg-filter.c:85
+ rsvg_filter_render (self=0x9fe10f0, source=0x9fb44f8, context=0x9fb7118, bounds=0x9fceba0, channelmap=0x4a56cb "2103") at rsvg-filter.c:499
+ rsvg_cairo_pop_render_stack (ctx=0x9fb7118) at rsvg-cairo-draw.c:970
+ rsvg_cairo_pop_discrete_layer (ctx=0x9fb7118) at rsvg-cairo-draw.c:1023
Title: eog crashed with SIGSEGV in rsvg_filter_primitive_render()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to librsvg in Ubuntu.
https://bugs.launchpad.net/bugs/825497
Title:
eog crashed with SIGSEGV in rsvg_filter_primitive_render()
Status in libRSVG - SVG Rendering Library:
Fix Released
Status in “librsvg” package in Ubuntu:
Fix Released
Bug description:
eog/librsvg crashes when attempting to call NULL while opening the
attached reproducer. Marking initially as vuln since i did not check
whether the call address can be changed to something else than just
NULL. Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7d81b70 (LWP 17083)]
0x00000000 in ?? ()
(gdb) bt
#0 0x00000000 in ?? ()
#1 0x002b7d08 in rsvg_filter_primitive_render (ctx=0x8357b28,
self=<optimized out>) at rsvg-filter.c:85
#2 rsvg_filter_render (self=0x82e57f8, source=0x82ce4f8, context=0x82ddfd0,
bounds=0x82f9140, channelmap=0x2cf6cb "2103") at rsvg-filter.c:499
#3 0x002ca0e7 in rsvg_cairo_pop_render_stack (ctx=0x82ddfd0)
at rsvg-cairo-draw.c:970
#4 rsvg_cairo_pop_discrete_layer (ctx=0x82ddfd0) at rsvg-cairo-draw.c:1023
#5 0x002c71cf in rsvg_pop_discrete_layer (ctx=0x82ddfd0) at rsvg-base.c:2049
#6 0x002c3df3 in _rsvg_node_text_type_children (ctx=0x82ddfd0, x=0xb7d80b80,
y=0xb7d80b88, lastwasspace=0xb7d80b9c, self=<optimized out>)
at rsvg-text.c:188
#7 0x002c40d9 in _rsvg_node_text_draw (self=0x82ffe50, ctx=0x82ddfd0,
dominate=0) at rsvg-text.c:254
#8 0x002bdd54 in rsvg_node_draw (self=0x82ffe50, ctx=0x82ddfd0, dominate=0)
at rsvg-structure.c:69
#9 0x002be1c7 in _rsvg_node_draw_children (self=0x82ff7e8, ctx=0x82ddfd0,
dominate=0) at rsvg-structure.c:87
#10 0x002bdd54 in rsvg_node_draw (self=0x82ff7e8, ctx=0x82ddfd0, dominate=0)
at rsvg-structure.c:69
#11 0x002be1c7 in _rsvg_node_draw_children (self=0x82fec40, ctx=0x82ddfd0,
dominate=0) at rsvg-structure.c:87
#12 0x002bdd54 in rsvg_node_draw (self=0x82fec40, ctx=0x82ddfd0, dominate=0)
---Type <return> to continue, or q <return> to quit---
at rsvg-structure.c:69
#13 0x002be0bf in rsvg_node_svg_draw (self=0x82ec768, ctx=0x82ddfd0,
dominate=0) at rsvg-structure.c:326
#14 0x002bdd54 in rsvg_node_draw (self=0x82ec768, ctx=0x82ddfd0, dominate=0)
at rsvg-structure.c:69
#15 0x002be1c7 in _rsvg_node_draw_children (self=0x8306a80, ctx=0x82ddfd0,
dominate=0) at rsvg-structure.c:87
#16 0x002bdd54 in rsvg_node_draw (self=0x8306a80, ctx=0x82ddfd0, dominate=0)
at rsvg-structure.c:69
#17 0x002be0bf in rsvg_node_svg_draw (self=0x82e8940, ctx=0x82ddfd0,
dominate=0) at rsvg-structure.c:326
#18 0x002bdd54 in rsvg_node_draw (self=0x82e8940, ctx=0x82ddfd0, dominate=0)
at rsvg-structure.c:69
#19 0x002cb804 in rsvg_handle_render_cairo_sub (handle=0x80eb738, cr=0xa98520,
id=0x0) at rsvg-cairo-render.c:234
#20 0x002cbd53 in rsvg_handle_get_pixbuf_sub (handle=0x80eb738, id=0x0)
at rsvg.c:101
#21 0x002cbe53 in rsvg_handle_get_pixbuf (handle=0x80eb738) at rsvg.c:137
#22 0x08062a91 in eog_image_load ()
#23 0x08066424 in ?? ()
#24 0x080676a4 in eog_job_run ()
#25 0x080650e1 in ?? ()
#26 0x00e39444 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
---Type <return> to continue, or q <return> to quit---
#27 0x00ee3d31 in start_thread (arg=0xb7d81b70) at pthread_create.c:304
#28 0x00fc9e3e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
Backtrace stopped: Not enough registers or memory available to unwind further
ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: eog 3.1.4-0ubuntu2
ProcVersionSignature: Ubuntu 3.0-3.4-generic 3.0.0-rc5
Uname: Linux 3.0-3-generic i686
Architecture: i386
Date: Fri Aug 12 23:53:54 2011
Disassembly: => 0x0: Cannot access memory at address 0x0
ExecutablePath: /usr/bin/eog
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Alpha i386 (20110705.1)
ProcCmdline: eog sample.svg
ProcEnviron:
SHELL=/bin/bash
LANG=en_US.UTF-8
SegvAnalysis:
Segfault happened at: 0x0: Cannot access memory at address 0x0
PC (0x00000000) not located in a known VMA region (needed executable region)!
Stack memory exhausted (SP below stack segment)
SegvReason: executing NULL VMA
Signal: 11
SourcePackage: eog
StacktraceTop:
?? ()
rsvg_filter_primitive_render (ctx=0xa03e438, self=<optimized out>) at rsvg-filter.c:85
rsvg_filter_render (self=0x9fe10f0, source=0x9fb44f8, context=0x9fb7118, bounds=0x9fceba0, channelmap=0x4a56cb "2103") at rsvg-filter.c:499
rsvg_cairo_pop_render_stack (ctx=0x9fb7118) at rsvg-cairo-draw.c:970
rsvg_cairo_pop_discrete_layer (ctx=0x9fb7118) at rsvg-cairo-draw.c:1023
Title: eog crashed with SIGSEGV in rsvg_filter_primitive_render()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
To manage notifications about this bug go to:
https://bugs.launchpad.net/librsvg/+bug/825497/+subscriptions
