View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
---|---|---|---|---|---|---|---|---|---|
0002251 | NetSurf | [All Projects] General | public | 2015-01-07 20:32 | 2015-03-10 23:42 | ||||
Reporter | James Audubon | ||||||||
Assigned To | Vincent Sanders | ||||||||
Severity | crash | Reproducibility | always | ||||||
Status | closed | Resolution | fixed | ||||||
Product Version | 3.3 | ||||||||
Target Version | 3.3 | Fixed in Version | 3.3 | ||||||
Summary | 0002251: Crash at https://www.one.com/pay.do?ocode=WygJGHAdefDavwXK | ||||||||
Description | Have been sent this link to an invoice Netsurf crashes complaining of a serious error and spits out a log file, attached. Not sure if page has javascript or other nasties not compatible with Netsurf but should render something or nothing instead of crashing? Thanks. | ||||||||
Steps To Reproduce | Go to https://www.one.com/pay.do?ocode=WygJGHAdefDavwXK | ||||||||
Tags | No tags attached. | ||||||||
Fixed in CI build # | 2525 | ||||||||
Reported in CI build # | 2509 | ||||||||
URL of problem page | https://www.one.com/pay.do?ocode=WygJGHAdefDavwXK | ||||||||
Attached Files |
|
Notes | |
Vincent Sanders (administrator) 2015-01-11 17:15 |
This is actually a libsvgtiny memory corruption. I attache dteh svg that explodes. valgrind output: $ valgrind ./nsgtk https://www.one.com/static/images/onecom/sprite.svg?v=1420457225767 ==3738== Memcheck, a memory error detector ==3738== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==3738== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==3738== Command: ./nsgtk https://www.one.com/static/images/onecom/sprite.svg?v=1420457225767 ==3738== ==3738== Invalid write of size 4 ==3738== at 0x4FF399: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x5017C8: svgtiny_parse (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4B6D54: svg_reformat (svg.c:139) ==3738== by 0x451B08: content__reformat (content.c:365) ==3738== by 0x475E83: browser_window_callback (browser.c:1328) ==3738== by 0x45C718: hlcache_content_callback (hlcache.c:191) ==3738== by 0x451882: content_broadcast (content.c:702) ==3738== by 0x451D4B: content_set_ready (content.c:310) ==3738== by 0x4B67B8: svg_convert (svg.c:115) ==3738== Address 0x1218a1b8 is 0 bytes after a block of size 296 alloc'd ==3738== at 0x4C28BED: malloc (vg_replace_malloc.c:263) ==3738== by 0x4FEAF3: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x5017C8: svgtiny_parse (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4B6D54: svg_reformat (svg.c:139) ==3738== by 0x451B08: content__reformat (content.c:365) ==3738== by 0x475E83: browser_window_callback (browser.c:1328) ==3738== by 0x45C718: hlcache_content_callback (hlcache.c:191) ==3738== by 0x451882: content_broadcast (content.c:702) ==3738== by 0x451D4B: content_set_ready (content.c:310) ==3738== ==3738== Invalid write of size 4 ==3738== at 0x4FF3B1: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x5017C8: svgtiny_parse (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4B6D54: svg_reformat (svg.c:139) ==3738== by 0x451B08: content__reformat (content.c:365) ==3738== by 0x475E83: browser_window_callback (browser.c:1328) ==3738== by 0x45C718: hlcache_content_callback (hlcache.c:191) ==3738== by 0x451882: content_broadcast (content.c:702) ==3738== by 0x451D4B: content_set_ready (content.c:310) ==3738== by 0x4B67B8: svg_convert (svg.c:115) ==3738== Address 0x1218a1bc is 4 bytes after a block of size 296 alloc'd ==3738== at 0x4C28BED: malloc (vg_replace_malloc.c:263) ==3738== by 0x4FEAF3: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4FE925: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x5017C8: svgtiny_parse (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==3738== by 0x4B6D54: svg_reformat (svg.c:139) ==3738== by 0x451B08: content__reformat (content.c:365) ==3738== by 0x475E83: browser_window_callback (browser.c:1328) ==3738== by 0x45C718: hlcache_content_callback (hlcache.c:191) ==3738== by 0x451882: content_broadcast (content.c:702) ==3738== by 0x451D4B: content_set_ready (content.c:310) and so on |
Vincent Sanders (administrator) 2015-01-15 13:28 |
Fixed issue in libsvgtiny which should mean the latest CI build will not crash like this any more (though I do not think it will render properly yet) |
Vincent Sanders (administrator) 2015-03-10 23:42 |
Confirmed fixed in 3.3 release |
Issue History | |||
Date Modified | Username | Field | Change |
---|---|---|---|
2015-01-07 20:32 | James Audubon | New Issue | |
2015-01-07 20:32 | James Audubon | File Added: Log | |
2015-01-11 17:13 | Vincent Sanders | File Added: sprite.svg | |
2015-01-11 17:15 | Vincent Sanders | Note Added: 0000566 | |
2015-01-11 17:15 | Vincent Sanders | Status | new => confirmed |
2015-01-11 17:15 | Vincent Sanders | Description Updated | View Revisions |
2015-01-11 17:15 | Vincent Sanders | Steps to Reproduce Updated | View Revisions |
2015-01-15 13:28 | Vincent Sanders | Fixed in CI build # | => 2525 |
2015-01-15 13:28 | Vincent Sanders | Note Added: 0000569 | |
2015-01-15 13:28 | Vincent Sanders | Assigned To | => Vincent Sanders |
2015-01-15 13:28 | Vincent Sanders | Status | confirmed => resolved |
2015-01-15 13:28 | Vincent Sanders | Resolution | open => fixed |
2015-01-15 13:28 | Vincent Sanders | Product Version | => 3.3 |
2015-01-15 13:28 | Vincent Sanders | Fixed in Version | => 3.3 |
2015-01-16 09:03 | Vincent Sanders | Target Version | => 3.3 |
2015-03-10 23:42 | Vincent Sanders | Note Added: 0000749 | |
2015-03-10 23:42 | Vincent Sanders | Status | resolved => closed |