View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
---|---|---|---|---|---|---|---|---|---|
0002352 | NetSurf | [All Projects] General | public | 2015-08-23 18:13 | 2016-02-16 15:25 | ||||
Reporter | Dave Higton | ||||||||
Assigned To | Vincent Sanders | ||||||||
Severity | crash | Reproducibility | always | ||||||
Status | closed | Resolution | fixed | ||||||
Platform | Iyonix, 512 MiB | OS | RISC OS | OS Version | 5.22 (13-Apr-15) | ||||
Product Version | 3.4 | ||||||||
Target Version | 3.4 | Fixed in Version | 3.4 | ||||||
Summary | 0002352: https://www.giffgaff.com/index/offer crashes NS | ||||||||
Description | Visit the above URL with JS disabled. NS fetches something like 55 kB, thinks for a few seconds, detects a serious error and exits. | ||||||||
Steps To Reproduce | Just visit the URL. | ||||||||
Additional Information | Does it with CI 2928, but also with 2901 and 2795. | ||||||||
Tags | No tags attached. | ||||||||
Fixed in CI build # | 2930 | ||||||||
Reported in CI build # | 2928 | ||||||||
URL of problem page | https://www.giffgaff.com/index/offer | ||||||||
Attached Files |
|
Notes | |
Vincent Sanders (administrator) 2015-08-23 19:57 |
svg parsing is asploding with a seg fault https://www.giffgaff.com/styleguide/images/sprites/social.svg appears to be the offending svg ==21418== Invalid write of size 4 ==21418== at 0x61683C: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x6154D5: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x6184B8: svgtiny_parse (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x52B734: svg_reformat (svg.c:139) ==21418== by 0x4C6CC8: content__reformat (content.c:366) ==21418== by 0x4EB0C3: browser_window_callback (browser.c:1326) ==21418== by 0x4D1E27: hlcache_content_callback (hlcache.c:191) ==21418== by 0x4C6A42: content_broadcast (content.c:765) ==21418== by 0x4C6EFB: content_set_ready (content.c:311) ==21418== by 0x52B198: svg_convert (svg.c:115) ==21418== by 0x4C7117: content_llcache_callback (content.c:286) ==21418== by 0x4D3DAA: llcache_object_notify_users (llcache.c:2981) ==21418== Address 0x1a56954c is 0 bytes after a block of size 156 alloc'd ==21418== at 0x4C28BED: malloc (vg_replace_malloc.c:263) ==21418== by 0x6156C3: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x6154D5: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x6184B8: svgtiny_parse (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x52B734: svg_reformat (svg.c:139) ==21418== by 0x4C6CC8: content__reformat (content.c:366) ==21418== by 0x4EB0C3: browser_window_callback (browser.c:1326) ==21418== by 0x4D1E27: hlcache_content_callback (hlcache.c:191) ==21418== by 0x4C6A42: content_broadcast (content.c:765) ==21418== by 0x4C6EFB: content_set_ready (content.c:311) ==21418== by 0x52B198: svg_convert (svg.c:115) ==21418== by 0x4C7117: content_llcache_callback (content.c:286) |
Vincent Sanders (administrator) 2015-08-23 20:01 |
with debugging symbols ==27760== Invalid write of size 4 ==27760== at 0x615822: svgtiny_parse_path (svgtiny.c:588) ==27760== by 0x614B90: svgtiny_parse_svg (svgtiny.c:347) ==27760== by 0x614AC7: svgtiny_parse_svg (svgtiny.c:338) ==27760== by 0x614359: svgtiny_parse (svgtiny.c:253) ==27760== by 0x52B6E4: svg_reformat (svg.c:139) ==27760== by 0x4C6C78: content__reformat (content.c:366) ==27760== by 0x4EB073: browser_window_callback (browser.c:1326) ==27760== by 0x4D1DD7: hlcache_content_callback (hlcache.c:191) ==27760== by 0x4C69F2: content_broadcast (content.c:765) ==27760== by 0x4C6EAB: content_set_ready (content.c:311) ==27760== by 0x52B148: svg_convert (svg.c:115) ==27760== by 0x4C70C7: content_llcache_callback (content.c:286) ==27760== Address 0x1a5696bc is 0 bytes after a block of size 156 alloc'd ==27760== at 0x4C28BED: malloc (vg_replace_malloc.c:263) ==27760== by 0x614FAE: svgtiny_parse_path (svgtiny.c:457) ==27760== by 0x614B90: svgtiny_parse_svg (svgtiny.c:347) ==27760== by 0x614AC7: svgtiny_parse_svg (svgtiny.c:338) ==27760== by 0x614359: svgtiny_parse (svgtiny.c:253) ==27760== by 0x52B6E4: svg_reformat (svg.c:139) ==27760== by 0x4C6C78: content__reformat (content.c:366) ==27760== by 0x4EB073: browser_window_callback (browser.c:1326) ==27760== by 0x4D1DD7: hlcache_content_callback (hlcache.c:191) ==27760== by 0x4C69F2: content_broadcast (content.c:765) ==27760== by 0x4C6EAB: content_set_ready (content.c:311) ==27760== by 0x52B148: svg_convert (svg.c:115) |
Vincent Sanders (administrator) 2015-08-23 23:36 |
fixed libsvgtiny path allocation so it does not crash, page now renders. although i think we have a bug in the rendering of the svg itself but it does not crash now |
Vincent Sanders (administrator) 2016-02-16 15:25 |
Confirmed resolved in 3.4 release |
Issue History | |||
Date Modified | Username | Field | Change |
---|---|---|---|
2015-08-23 18:13 | Dave Higton | New Issue | |
2015-08-23 18:13 | Dave Higton | File Added: Log.zip | |
2015-08-23 19:57 | Vincent Sanders | Note Added: 0000932 | |
2015-08-23 19:57 | Vincent Sanders | Status | new => confirmed |
2015-08-23 19:57 | Vincent Sanders | Product Version | => 3.4 |
2015-08-23 19:57 | Vincent Sanders | Target Version | => 3.4 |
2015-08-23 20:01 | Vincent Sanders | Note Added: 0000933 | |
2015-08-23 23:36 | Vincent Sanders | Fixed in CI build # | => 2930 |
2015-08-23 23:36 | Vincent Sanders | Note Added: 0000934 | |
2015-08-23 23:36 | Vincent Sanders | Assigned To | => Vincent Sanders |
2015-08-23 23:36 | Vincent Sanders | Status | confirmed => resolved |
2015-08-23 23:36 | Vincent Sanders | Resolution | open => fixed |
2015-08-23 23:36 | Vincent Sanders | Fixed in Version | => 3.4 |
2016-02-16 15:25 | Vincent Sanders | Note Added: 0001297 | |
2016-02-16 15:25 | Vincent Sanders | Status | resolved => closed |