** Description changed: - - eg/librsvg crashes when attempting to call NULL while opening the attached reproducer. Marking initially as vuln since i did not check whether the call address can be changed to something else than just NULL. Backtrace: + eog/librsvg crashes when attempting to call NULL while opening the + attached reproducer. Marking initially as vuln since i did not check + whether the call address can be changed to something else than just + NULL. Backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb7d81b70 (LWP 17083)] 0x00000000 in ?? () (gdb) bt #0 0x00000000 in ?? () - #1 0x002b7d08 in rsvg_filter_primitive_render (ctx=0x8357b28, - self=<optimized out>) at rsvg-filter.c:85 - #2 rsvg_filter_render (self=0x82e57f8, source=0x82ce4f8, context=0x82ddfd0, - bounds=0x82f9140, channelmap=0x2cf6cb "2103") at rsvg-filter.c:499 + #1 0x002b7d08 in rsvg_filter_primitive_render (ctx=0x8357b28, + self=<optimized out>) at rsvg-filter.c:85 + #2 rsvg_filter_render (self=0x82e57f8, source=0x82ce4f8, context=0x82ddfd0, + bounds=0x82f9140, channelmap=0x2cf6cb "2103") at rsvg-filter.c:499 #3 0x002ca0e7 in rsvg_cairo_pop_render_stack (ctx=0x82ddfd0) - at rsvg-cairo-draw.c:970 + at rsvg-cairo-draw.c:970 #4 rsvg_cairo_pop_discrete_layer (ctx=0x82ddfd0) at rsvg-cairo-draw.c:1023 #5 0x002c71cf in rsvg_pop_discrete_layer (ctx=0x82ddfd0) at rsvg-base.c:2049 - #6 0x002c3df3 in _rsvg_node_text_type_children (ctx=0x82ddfd0, x=0xb7d80b80, - y=0xb7d80b88, lastwasspace=0xb7d80b9c, self=<optimized out>) - at rsvg-text.c:188 - #7 0x002c40d9 in _rsvg_node_text_draw (self=0x82ffe50, ctx=0x82ddfd0, - dominate=0) at rsvg-text.c:254 + #6 0x002c3df3 in _rsvg_node_text_type_children (ctx=0x82ddfd0, x=0xb7d80b80, + y=0xb7d80b88, lastwasspace=0xb7d80b9c, self=<optimized out>) + at rsvg-text.c:188 + #7 0x002c40d9 in _rsvg_node_text_draw (self=0x82ffe50, ctx=0x82ddfd0, + dominate=0) at rsvg-text.c:254 #8 0x002bdd54 in rsvg_node_draw (self=0x82ffe50, ctx=0x82ddfd0, dominate=0) - at rsvg-structure.c:69 - #9 0x002be1c7 in _rsvg_node_draw_children (self=0x82ff7e8, ctx=0x82ddfd0, - dominate=0) at rsvg-structure.c:87 + at rsvg-structure.c:69 + #9 0x002be1c7 in _rsvg_node_draw_children (self=0x82ff7e8, ctx=0x82ddfd0, + dominate=0) at rsvg-structure.c:87 #10 0x002bdd54 in rsvg_node_draw (self=0x82ff7e8, ctx=0x82ddfd0, dominate=0) - at rsvg-structure.c:69 - #11 0x002be1c7 in _rsvg_node_draw_children (self=0x82fec40, ctx=0x82ddfd0, - dominate=0) at rsvg-structure.c:87 + at rsvg-structure.c:69 + #11 0x002be1c7 in _rsvg_node_draw_children (self=0x82fec40, ctx=0x82ddfd0, + dominate=0) at rsvg-structure.c:87 #12 0x002bdd54 in rsvg_node_draw (self=0x82fec40, ctx=0x82ddfd0, dominate=0) ---Type <return> to continue, or q <return> to quit--- - at rsvg-structure.c:69 - #13 0x002be0bf in rsvg_node_svg_draw (self=0x82ec768, ctx=0x82ddfd0, - dominate=0) at rsvg-structure.c:326 + at rsvg-structure.c:69 + #13 0x002be0bf in rsvg_node_svg_draw (self=0x82ec768, ctx=0x82ddfd0, + dominate=0) at rsvg-structure.c:326 #14 0x002bdd54 in rsvg_node_draw (self=0x82ec768, ctx=0x82ddfd0, dominate=0) - at rsvg-structure.c:69 - #15 0x002be1c7 in _rsvg_node_draw_children (self=0x8306a80, ctx=0x82ddfd0, - dominate=0) at rsvg-structure.c:87 + at rsvg-structure.c:69 + #15 0x002be1c7 in _rsvg_node_draw_children (self=0x8306a80, ctx=0x82ddfd0, + dominate=0) at rsvg-structure.c:87 #16 0x002bdd54 in rsvg_node_draw (self=0x8306a80, ctx=0x82ddfd0, dominate=0) - at rsvg-structure.c:69 - #17 0x002be0bf in rsvg_node_svg_draw (self=0x82e8940, ctx=0x82ddfd0, - dominate=0) at rsvg-structure.c:326 + at rsvg-structure.c:69 + #17 0x002be0bf in rsvg_node_svg_draw (self=0x82e8940, ctx=0x82ddfd0, + dominate=0) at rsvg-structure.c:326 #18 0x002bdd54 in rsvg_node_draw (self=0x82e8940, ctx=0x82ddfd0, dominate=0) - at rsvg-structure.c:69 - #19 0x002cb804 in rsvg_handle_render_cairo_sub (handle=0x80eb738, cr=0xa98520, - id=0x0) at rsvg-cairo-render.c:234 + at rsvg-structure.c:69 + #19 0x002cb804 in rsvg_handle_render_cairo_sub (handle=0x80eb738, cr=0xa98520, + id=0x0) at rsvg-cairo-render.c:234 #20 0x002cbd53 in rsvg_handle_get_pixbuf_sub (handle=0x80eb738, id=0x0) - at rsvg.c:101 + at rsvg.c:101 #21 0x002cbe53 in rsvg_handle_get_pixbuf (handle=0x80eb738) at rsvg.c:137 #22 0x08062a91 in eog_image_load () #23 0x08066424 in ?? () #24 0x080676a4 in eog_job_run () #25 0x080650e1 in ?? () #26 0x00e39444 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0 ---Type <return> to continue, or q <return> to quit--- #27 0x00ee3d31 in start_thread (arg=0xb7d81b70) at pthread_create.c:304 #28 0x00fc9e3e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 Backtrace stopped: Not enough registers or memory available to unwind further ProblemType: Crash DistroRelease: Ubuntu 11.10 Package: eog 3.1.4-0ubuntu2 ProcVersionSignature: Ubuntu 3.0-3.4-generic 3.0.0-rc5 Uname: Linux 3.0-3-generic i686 Architecture: i386 Date: Fri Aug 12 23:53:54 2011 Disassembly: => 0x0: Cannot access memory at address 0x0 ExecutablePath: /usr/bin/eog InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Alpha i386 (20110705.1) ProcCmdline: eog sample.svg ProcEnviron: - SHELL=/bin/bash - LANG=en_US.UTF-8 + SHELL=/bin/bash + LANG=en_US.UTF-8 SegvAnalysis: - Segfault happened at: 0x0: Cannot access memory at address 0x0 - PC (0x00000000) not located in a known VMA region (needed executable region)! - Stack memory exhausted (SP below stack segment) + Segfault happened at: 0x0: Cannot access memory at address 0x0 + PC (0x00000000) not located in a known VMA region (needed executable region)! + Stack memory exhausted (SP below stack segment) SegvReason: executing NULL VMA Signal: 11 SourcePackage: eog StacktraceTop: - ?? () - rsvg_filter_primitive_render (ctx=0xa03e438, self=<optimized out>) at rsvg-filter.c:85 - rsvg_filter_render (self=0x9fe10f0, source=0x9fb44f8, context=0x9fb7118, bounds=0x9fceba0, channelmap=0x4a56cb "2103") at rsvg-filter.c:499 - rsvg_cairo_pop_render_stack (ctx=0x9fb7118) at rsvg-cairo-draw.c:970 - rsvg_cairo_pop_discrete_layer (ctx=0x9fb7118) at rsvg-cairo-draw.c:1023 + ?? () + rsvg_filter_primitive_render (ctx=0xa03e438, self=<optimized out>) at rsvg-filter.c:85 + rsvg_filter_render (self=0x9fe10f0, source=0x9fb44f8, context=0x9fb7118, bounds=0x9fceba0, channelmap=0x4a56cb "2103") at rsvg-filter.c:499 + rsvg_cairo_pop_render_stack (ctx=0x9fb7118) at rsvg-cairo-draw.c:970 + rsvg_cairo_pop_discrete_layer (ctx=0x9fb7118) at rsvg-cairo-draw.c:1023 Title: eog crashed with SIGSEGV in rsvg_filter_primitive_render() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
-- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to librsvg in Ubuntu. https://bugs.launchpad.net/bugs/825497 Title: eog crashed with SIGSEGV in rsvg_filter_primitive_render() To manage notifications about this bug go to: https://bugs.launchpad.net/librsvg/+bug/825497/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs