Ubuntu
librsvg package

Crash where feBlend filter above viewport

Bug #377896 reported by Daniel Pope
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
librsvg (Ubuntu)
New
Low
Ubuntu Desktop Bugs

Bug Description

One of my SVG files caused a crash in RSVG which crashes Nautilus. I have boiled this down to a minimal test case (attached). It seems RSVG crashes when any feBlend filter is applied outside and above the viewport. When it crosses onto the viewport, or is left, right or below of the viewport, no crash occurs.

I'm running Jaunty x86_64.

(gdb) backtrace
#0 0x00007f6f3f4cc00d in rsvg_filter_blend (mode=normal, in=<value optimized out>, in2=0x16c90a0, output=<value optimized out>, boundarys={x0 = 324, y0 = -44, x1 = 386, y1 = -44}, channelmap=0x16d5dc0) at rsvg-filter.c:829
#1 0x00007f6f3f4d4302 in rsvg_filter_primitive_blend_render (self=0x16dab80, ctx=0x16d5d10) at rsvg-filter.c:858
#2 0x00007f6f3f4cf0e3 in rsvg_filter_render (self=0x16da470, source=0x16c90a0, bg=<value optimized out>, context=<value optimized out>, bounds=<value optimized out>, channelmap=0x7f6f3f4e98dc "2103") at rsvg-filter.c:83
#3 0x00007f6f3f4e313d in rsvg_cairo_pop_discrete_layer (ctx=0x16d1490) at rsvg-cairo-draw.c:989
#4 0x00007f6f3f4e519b in rsvg_cairo_render_path (ctx=0x16d1490, bpath_def=0x16db8b0) at rsvg-cairo-draw.c:638
#5 0x00007f6f3f4dfd71 in rsvg_render_path (ctx=0x16d1490, d=<value optimized out>) at rsvg-base.c:1836
#6 0x00007f6f3f4d8fce in rsvg_node_draw (self=0x16dc8c0, ctx=0x16d1490, dominate=0) at rsvg-structure.c:68
#7 0x00007f6f3f4d94e3 in _rsvg_node_draw_children (self=0x16d87b0, ctx=0x16d1490, dominate=0) at rsvg-structure.c:86
#8 0x00007f6f3f4d8fce in rsvg_node_draw (self=0x16d87b0, ctx=0x16d1490, dominate=0) at rsvg-structure.c:68
#9 0x00007f6f3f4d93d3 in rsvg_node_svg_draw (self=0x16d8ac0, ctx=0x16d1490, dominate=<value optimized out>) at rsvg-structure.c:326
#10 0x00007f6f3f4d8fce in rsvg_node_draw (self=0x16d8ac0, ctx=0x16d1490, dominate=0) at rsvg-structure.c:68
#11 0x00007f6f3f4e5dac in rsvg_handle_render_cairo_sub (handle=0x16d4800, cr=0x16d1000, id=<value optimized out>) at rsvg-cairo-render.c:231
#12 0x0000000000402289 in main (argc=1, argv=0x7fff47b14ed8) at rsvg-convert.c:317

Revision history for this message
Daniel Pope (djpope) wrote :
Revision history for this message
Sebastien Bacher (seb128) wrote :

thank you for your bug report, could you add a svg example to the bug?

Changed in librsvg (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Sebastien Bacher (seb128) wrote :

There is one, I only got the first comment by email when I replied

Changed in librsvg (Ubuntu):
assignee: nobody → Ubuntu Desktop Bugs (desktop-bugs)
status: Incomplete → New
Revision history for this message
Kurosawa Takeshi (takenspc) wrote :

This bug seems a duplication of #566474 which was fixed in upstream and lucid.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.