0002352: https://www.giffgaff.com/index/offer crashes NS - MantisBT

2025-12-14 18:57 UTC

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

ID

Project

Category

View Status

Date Submitted

Last Update

0002352

NetSurf

[All Projects] General

public

2015-08-23 17:13

2016-02-16 15:25

Reporter

Dave Higton

Assigned To

Vincent Sanders

Severity

crash

Reproducibility

always

Status

closed

Resolution

fixed

Platform

Iyonix, 512 MiB

OS

RISC OS

OS Version

5.22 (13-Apr-15)

Product Version

3.4

Target Version

3.4

Fixed in Version

3.4

Summary

0002352: https://www.giffgaff.com/index/offer crashes NS

Description

Visit the above URL with JS disabled. NS fetches something like 55 kB, thinks for a few seconds, detects a serious error and exits.

Steps To Reproduce

Just visit the URL.

Additional Information

Does it with CI 2928, but also with 2901 and 2795.

Tags

No tags attached.

Fixed in CI build #

2930

Reported in CI build #

2928

URL of problem page

https://www.giffgaff.com/index/offer

Attached Files

Log.zip (7,682 bytes) 2015-08-23 17:13

Relationships

Relationships

Notes
~0000932 Vincent Sanders (administrator) 2015-08-23 18:57	svg parsing is asploding with a seg fault https://www.giffgaff.com/styleguide/images/sprites/social.svg appears to be the offending svg ==21418== Invalid write of size 4 ==21418== at 0x61683C: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x6154D5: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x6184B8: svgtiny_parse (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x52B734: svg_reformat (svg.c:139) ==21418== by 0x4C6CC8: content__reformat (content.c:366) ==21418== by 0x4EB0C3: browser_window_callback (browser.c:1326) ==21418== by 0x4D1E27: hlcache_content_callback (hlcache.c:191) ==21418== by 0x4C6A42: content_broadcast (content.c:765) ==21418== by 0x4C6EFB: content_set_ready (content.c:311) ==21418== by 0x52B198: svg_convert (svg.c:115) ==21418== by 0x4C7117: content_llcache_callback (content.c:286) ==21418== by 0x4D3DAA: llcache_object_notify_users (llcache.c:2981) ==21418== Address 0x1a56954c is 0 bytes after a block of size 156 alloc'd ==21418== at 0x4C28BED: malloc (vg_replace_malloc.c:263) ==21418== by 0x6156C3: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x6154D5: svgtiny_parse_svg (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x6184B8: svgtiny_parse (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk) ==21418== by 0x52B734: svg_reformat (svg.c:139) ==21418== by 0x4C6CC8: content__reformat (content.c:366) ==21418== by 0x4EB0C3: browser_window_callback (browser.c:1326) ==21418== by 0x4D1E27: hlcache_content_callback (hlcache.c:191) ==21418== by 0x4C6A42: content_broadcast (content.c:765) ==21418== by 0x4C6EFB: content_set_ready (content.c:311) ==21418== by 0x52B198: svg_convert (svg.c:115) ==21418== by 0x4C7117: content_llcache_callback (content.c:286)

~0000933 Vincent Sanders (administrator) 2015-08-23 19:01	with debugging symbols ==27760== Invalid write of size 4 ==27760== at 0x615822: svgtiny_parse_path (svgtiny.c:588) ==27760== by 0x614B90: svgtiny_parse_svg (svgtiny.c:347) ==27760== by 0x614AC7: svgtiny_parse_svg (svgtiny.c:338) ==27760== by 0x614359: svgtiny_parse (svgtiny.c:253) ==27760== by 0x52B6E4: svg_reformat (svg.c:139) ==27760== by 0x4C6C78: content__reformat (content.c:366) ==27760== by 0x4EB073: browser_window_callback (browser.c:1326) ==27760== by 0x4D1DD7: hlcache_content_callback (hlcache.c:191) ==27760== by 0x4C69F2: content_broadcast (content.c:765) ==27760== by 0x4C6EAB: content_set_ready (content.c:311) ==27760== by 0x52B148: svg_convert (svg.c:115) ==27760== by 0x4C70C7: content_llcache_callback (content.c:286) ==27760== Address 0x1a5696bc is 0 bytes after a block of size 156 alloc'd ==27760== at 0x4C28BED: malloc (vg_replace_malloc.c:263) ==27760== by 0x614FAE: svgtiny_parse_path (svgtiny.c:457) ==27760== by 0x614B90: svgtiny_parse_svg (svgtiny.c:347) ==27760== by 0x614AC7: svgtiny_parse_svg (svgtiny.c:338) ==27760== by 0x614359: svgtiny_parse (svgtiny.c:253) ==27760== by 0x52B6E4: svg_reformat (svg.c:139) ==27760== by 0x4C6C78: content__reformat (content.c:366) ==27760== by 0x4EB073: browser_window_callback (browser.c:1326) ==27760== by 0x4D1DD7: hlcache_content_callback (hlcache.c:191) ==27760== by 0x4C69F2: content_broadcast (content.c:765) ==27760== by 0x4C6EAB: content_set_ready (content.c:311) ==27760== by 0x52B148: svg_convert (svg.c:115)

~0000934 Vincent Sanders (administrator) 2015-08-23 22:36	fixed libsvgtiny path allocation so it does not crash, page now renders. although i think we have a bug in the rendering of the svg itself but it does not crash now

~0001297 Vincent Sanders (administrator) 2016-02-16 15:25	Confirmed resolved in 3.4 release

Notes

Date Modified	Username	Field	Change
Issue History
2015-08-23 17:13	Dave Higton	New Issue
2015-08-23 17:13	Dave Higton	File Added: Log.zip
2015-08-23 18:57	Vincent Sanders	Note Added: 0000932
2015-08-23 18:57	Vincent Sanders	Status	new => confirmed
2015-08-23 18:57	Vincent Sanders	Product Version	=> 3.4
2015-08-23 18:57	Vincent Sanders	Target Version	=> 3.4
2015-08-23 19:01	Vincent Sanders	Note Added: 0000933
2015-08-23 22:36	Vincent Sanders	Fixed in CI build #	=> 2930
2015-08-23 22:36	Vincent Sanders	Note Added: 0000934
2015-08-23 22:36	Vincent Sanders	Assigned To	=> Vincent Sanders
2015-08-23 22:36	Vincent Sanders	Status	confirmed => resolved
2015-08-23 22:36	Vincent Sanders	Resolution	open => fixed
2015-08-23 22:36	Vincent Sanders	Fixed in Version	=> 3.4
2016-02-16 15:25	Vincent Sanders	Note Added: 0001297
2016-02-16 15:25	Vincent Sanders	Status	resolved => closed

Issue History