Ubuntu
librsvg2 package

SVGs with duplicate IDs cause Nautilus/eog to crash

Bug #35434 reported by William Grant on 2006-03-18

6

Affects		Status	Importance	Assigned to	Milestone
	librsvg	Fix Released	Medium	gnome-bugs #361267
	librsvg2 (Ubuntu)	Fix Released	Medium	Ubuntu Desktop Bugs

Bug Description

Attempting to render an SVG which attempts to <use> a duplicate ID causes the application to crash (Nautilus, eog, whatever). The following code,for example triggers the bug:

<svg>
        <defs>
                <polygon id="buggy" />
        </defs>

        <g id="buggy">
                <use xlink:href="#buggy" />
        </g>
</svg>

That code is bad and wrong, but shouldn't cause a segfault in the calling application! It took quite some time to work out that it was in fact that problem causing Nautilus to be unable to start (I had an offending SVG on my desktop).

Should be pretty easy to fix, I think.

Note: the original reporter indicated the bug was in package 'librsvg2'; however, that package was not published in Ubuntu.

Revision history for this message

William Grant (wgrant) wrote on 2006-03-18:

#1

Moved to package librsvg2-2, instead of librsvg2 which doesn't exist in Ubuntu.

Revision history for this message

Yuki Izumi (kivikakk) wrote on 2006-03-18:

#2

Also happens for me; the desktop icons crash along with the rest of nautilus regardless of if the actual offending SVG file is on it, or in a directory elsewhere that nautilus is showing.

Revision history for this message

Daniel Robitaille (robitaille) wrote on 2006-10-10:

#3

I can confirm this bug in both Dapper and Edgy Beta.

Revision history for this message

Daniel Holbach (dholbach) wrote on 2006-10-10:

#4

Can you please attach such a file?

Revision history for this message

William Grant (wgrant) wrote on 2006-10-10:

#5

An offending file. Edit (164 bytes, image/svg+xml)

Revision history for this message

Daniel Holbach (dholbach) wrote on 2006-10-10:

#6

Backtrace:

#0 0x00002b4d68a9b540 in ____strtod_l_internal () from /lib/libc.so.6
#1 0x00002b4d68261f0d in IA__g_ascii_strtod (nptr=0x2b4d662fdc15 "1", endptr=0x40001348) at /usr/include/stdlib.h:330
#2 0x00002b4d662dbdc7 in _rsvg_css_parse_length (str=0x2b4d6c1c2020 ",") at rsvg-css.c:103
#3 0x00002b4d662f3a14 in rsvg_state_init (state=0x1b06040) at rsvg-styles.c:64
#4 0x00002b4d662f3cce in rsvg_state_push (ctx=0x1a64210) at rsvg-styles.c:1452
#5 0x00002b4d662f0752 in rsvg_node_use_draw (self=0x1a6f3f0, ctx=0x1a64210, dominate=<value optimized out>) at rsvg-structure.c:199
#6 0x00002b4d662ef9b2 in rsvg_node_draw (self=0x640a90, ctx=0x1a64210, dominate=0) at rsvg-structure.c:54
#7 0x00002b4d662efbe3 in _rsvg_node_draw_children (self=0x1a6ed60, ctx=0x1a64210, dominate=1) at rsvg-structure.c:73
#8 0x00002b4d662ef9b2 in rsvg_node_draw (self=0x640a90, ctx=0x1a64210, dominate=0) at rsvg-structure.c:54
#9 0x00002b4d662f0762 in rsvg_node_use_draw (self=0x1a6f3f0, ctx=0x1a64210, dominate=<value optimized out>) at rsvg-structure.c:200
#10 0x00002b4d662ef9b2 in rsvg_node_draw (self=0x640a90, ctx=0x1a64210, dominate=0) at rsvg-structure.c:54
#11 0x00002b4d662efbe3 in _rsvg_node_draw_children (self=0x1a6ed60, ctx=0x1a64210, dominate=1) at rsvg-structure.c:73
#12 0x00002b4d662ef9b2 in rsvg_node_draw (self=0x640a90, ctx=0x1a64210, dominate=0) at rsvg-structure.c:54
#13 0x00002b4d662f0762 in rsvg_node_use_draw (self=0x1a6f3f0, ctx=0x1a64210, dominate=<value optimized out>) at rsvg-structure.c:200
#14 0x00002b4d662ef9b2 in rsvg_node_draw (self=0x640a90, ctx=0x1a64210, dominate=0) at rsvg-structure.c:54
#15 0x00002b4d662efbe3 in _rsvg_node_draw_children (self=0x1a6ed60, ctx=0x1a64210, dominate=1) at rsvg-structure.c:73
#16 0x00002b4d662ef9b2 in rsvg_node_draw (self=0x640a90, ctx=0x1a64210, dominate=0) at rsvg-structure.c:54

Changed in librsvg2:
status:	Needs Info → Confirmed

Revision history for this message

Daniel Holbach (dholbach) wrote on 2006-10-10:

#7

...

The backtrace goes on and on for pages like that :-)

Revision history for this message

Daniel Holbach (dholbach) wrote on 2006-10-10:

#8

I forwarded the bug to the upstream developers: http://bugzilla.gnome.org/show_bug.cgi?id=361267

Bug Watch Updater (bug-watch-updater) on 2006-10-11

Changed in librsvg:
status:	Unknown → Unconfirmed

Revision history for this message

Daniel Holbach (dholbach) wrote on 2006-11-03:

#9

Fixed upstream in CVS.

Changed in librsvg2:
status:	Confirmed → Fix Committed

Bug Watch Updater (bug-watch-updater) on 2006-11-03

Changed in librsvg:
status:	Unconfirmed → Fix Released

Revision history for this message

Henrik Nilsen Omma (henrik) wrote on 2007-06-01:

#10

Should have been fixed in Gnome 2.16.x according to upstream, but I still get the same crash in 2.18 (Feisty).

Changed in librsvg2:
status:	Fix Committed → Needs Info

Revision history for this message

sam tygier (samtygier) wrote on 2007-06-05:

#11

This is fixed gutsy.

opening the attached file in EOG gives an error message
"Could not load image 'test.svg'
Error displaying image"

That looks like correct behaviour to me (though maybe the error message should say that the file is not valid svg)

Changed in librsvg2:
status:	Needs Info → Fix Released

Bug Watch Updater (bug-watch-updater) on 2010-09-15

Changed in librsvg:
importance:	Unknown → Medium

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

An offending file. Edit

Add attachment

Remote bug watches

gnome-bugs #361267
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.