Hi Steve, On Sun, Aug 03, 2008 at 06:47:44PM +0100, Steve Cotton wrote: > severity 493363 grave > tags 493363 + patch > quit > > Severity justification: This bug allocates memory in an infinite > loop, which leads to the system near-freezing while thrashing, > until the Xserver crashes. > >From opening the attached minimal test case image in Konqueror, > it's less than ten seconds before the system starts thrashing. > > > In SVGAnimatedPointsImpl::parsePoints there's a for loop over an > iterator. Each time through the loop takes two elements from the > iterator, but only tests the exit condition once. > > A malformed SVG polygon with an odd number of coordinates will > trigger the bug. A minimal test case is attached, as is a patch > which will silently ignore such malformed polygons (while still > rendering the rest of the SVG). >
Nice. could you forward this patch to the KDE SVN, so they can merge it into KDE 3.5.10? I would do but it is your patch :D Ana -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]