2019-06-25 03:17 BST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0002352NetSurf[All Projects] Generalpublic2016-02-16 15:25
ReporterDave Higton 
Assigned ToVincent Sanders 
SeveritycrashReproducibilityalways 
StatusclosedResolutionfixed 
PlatformIyonix, 512 MiBOSRISC OSOS Version5.22 (13-Apr-15)
Product Version3.4 
Target Version3.4Fixed in Version3.4 
Summary0002352: https://www.giffgaff.com/index/offer crashes NS
DescriptionVisit the above URL with JS disabled. NS fetches something like 55 kB, thinks for a few seconds, detects a serious error and exits.
Steps To ReproduceJust visit the URL.
Additional InformationDoes it with CI 2928, but also with 2901 and 2795.
TagsNo tags attached.
Fixed in CI build #2930
Reported in CI build #2928
URL of problem pagehttps://www.giffgaff.com/index/offer
Attached Files
  • zip file icon Log.zip (7,682 bytes) 2015-08-23 18:13

-Relationships
+Relationships

-Notes
Vincent Sanders

~0000932

Vincent Sanders (administrator)

svg parsing is asploding with a seg fault

https://www.giffgaff.com/styleguide/images/sprites/social.svg

appears to be the offending svg

==21418== Invalid write of size 4
==21418== at 0x61683C: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk)
==21418== by 0x6154D5: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk)
==21418== by 0x6184B8: svgtiny_parse (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk)
==21418== by 0x52B734: svg_reformat (svg.c:139)
==21418== by 0x4C6CC8: content__reformat (content.c:366)
==21418== by 0x4EB0C3: browser_window_callback (browser.c:1326)
==21418== by 0x4D1E27: hlcache_content_callback (hlcache.c:191)
==21418== by 0x4C6A42: content_broadcast (content.c:765)
==21418== by 0x4C6EFB: content_set_ready (content.c:311)
==21418== by 0x52B198: svg_convert (svg.c:115)
==21418== by 0x4C7117: content_llcache_callback (content.c:286)
==21418== by 0x4D3DAA: llcache_object_notify_users (llcache.c:2981)
==21418== Address 0x1a56954c is 0 bytes after a block of size 156 alloc'd
==21418== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==21418== by 0x6156C3: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk)
==21418== by 0x6154D5: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk)
==21418== by 0x6184B8: svgtiny_parse (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk)
==21418== by 0x52B734: svg_reformat (svg.c:139)
==21418== by 0x4C6CC8: content__reformat (content.c:366)
==21418== by 0x4EB0C3: browser_window_callback (browser.c:1326)
==21418== by 0x4D1E27: hlcache_content_callback (hlcache.c:191)
==21418== by 0x4C6A42: content_broadcast (content.c:765)
==21418== by 0x4C6EFB: content_set_ready (content.c:311)
==21418== by 0x52B198: svg_convert (svg.c:115)
==21418== by 0x4C7117: content_llcache_callback (content.c:286)
Vincent Sanders

~0000933

Vincent Sanders (administrator)

with debugging symbols

==27760== Invalid write of size 4
==27760== at 0x615822: svgtiny_parse_path (svgtiny.c:588)
==27760== by 0x614B90: svgtiny_parse_svg (svgtiny.c:347)
==27760== by 0x614AC7: svgtiny_parse_svg (svgtiny.c:338)
==27760== by 0x614359: svgtiny_parse (svgtiny.c:253)
==27760== by 0x52B6E4: svg_reformat (svg.c:139)
==27760== by 0x4C6C78: content__reformat (content.c:366)
==27760== by 0x4EB073: browser_window_callback (browser.c:1326)
==27760== by 0x4D1DD7: hlcache_content_callback (hlcache.c:191)
==27760== by 0x4C69F2: content_broadcast (content.c:765)
==27760== by 0x4C6EAB: content_set_ready (content.c:311)
==27760== by 0x52B148: svg_convert (svg.c:115)
==27760== by 0x4C70C7: content_llcache_callback (content.c:286)
==27760== Address 0x1a5696bc is 0 bytes after a block of size 156 alloc'd
==27760== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==27760== by 0x614FAE: svgtiny_parse_path (svgtiny.c:457)
==27760== by 0x614B90: svgtiny_parse_svg (svgtiny.c:347)
==27760== by 0x614AC7: svgtiny_parse_svg (svgtiny.c:338)
==27760== by 0x614359: svgtiny_parse (svgtiny.c:253)
==27760== by 0x52B6E4: svg_reformat (svg.c:139)
==27760== by 0x4C6C78: content__reformat (content.c:366)
==27760== by 0x4EB073: browser_window_callback (browser.c:1326)
==27760== by 0x4D1DD7: hlcache_content_callback (hlcache.c:191)
==27760== by 0x4C69F2: content_broadcast (content.c:765)
==27760== by 0x4C6EAB: content_set_ready (content.c:311)
==27760== by 0x52B148: svg_convert (svg.c:115)
Vincent Sanders

~0000934

Vincent Sanders (administrator)

fixed libsvgtiny path allocation so it does not crash, page now renders. although i think we have a bug in the rendering of the svg itself but it does not crash now
Vincent Sanders

~0001297

Vincent Sanders (administrator)

Confirmed resolved in 3.4 release
+Notes

-Issue History
Date Modified Username Field Change
2015-08-23 18:13 Dave Higton New Issue
2015-08-23 18:13 Dave Higton File Added: Log.zip
2015-08-23 19:57 Vincent Sanders Note Added: 0000932
2015-08-23 19:57 Vincent Sanders Status new => confirmed
2015-08-23 19:57 Vincent Sanders Product Version => 3.4
2015-08-23 19:57 Vincent Sanders Target Version => 3.4
2015-08-23 20:01 Vincent Sanders Note Added: 0000933
2015-08-23 23:36 Vincent Sanders Fixed in CI build # => 2930
2015-08-23 23:36 Vincent Sanders Note Added: 0000934
2015-08-23 23:36 Vincent Sanders Assigned To => Vincent Sanders
2015-08-23 23:36 Vincent Sanders Status confirmed => resolved
2015-08-23 23:36 Vincent Sanders Resolution open => fixed
2015-08-23 23:36 Vincent Sanders Fixed in Version => 3.4
2016-02-16 15:25 Vincent Sanders Note Added: 0001297
2016-02-16 15:25 Vincent Sanders Status resolved => closed
+Issue History