152340 – segfault in CanvasText::createGlyphs when viewing SVG file

Bug 152340 - segfault in CanvasText::createGlyphs when viewing SVG file

Summary: segfault in CanvasText::createGlyphs when viewing SVG file

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	ksvg
Classification:	Miscellaneous
Component:	general (show other bugs)
Version:	unspecified
Platform:	Debian testing Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Nikolas Zimmermann

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-11-15 10:19 UTC by Marcus Better
Modified:	2008-05-07 14:24 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
SVG file that causes crash (69.85 KB, image/svg+xml) 2007-11-15 10:22 UTC, Marcus Better	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Better 2007-11-15 10:19:17 UTC

Version:            (using KDE KDE 3.5.8)
Installed from:    Debian testing/unstable Packages
OS:                Linux

svgdisplay and konqueror both crash on a particular SVG file [1]. I'm using Debian ksvg version 4:3.5.8-2 on amd64.

This was also reported in the Debian bug tracking system [2].

(no debugging symbols found)
Using host libthread_db library "/lib/i686/cmov/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0xb5e83b60 (LWP 15766)]
[KCrash handler]
#6  0xb7c488f7 in KSVG::CanvasText::createGlyphs () from /usr/lib/libksvg.so.0
#7  0xb59c75be in KSVG::LibartText::init ()
   from /usr/lib/kde3/libksvgrendererlibart.so
#8  0xb59c7bee in KSVG::LibartText::init ()
   from /usr/lib/kde3/libksvgrendererlibart.so
#9  0xb59d55b8 in KSVG::LibartText::LibartText ()
   from /usr/lib/kde3/libksvgrendererlibart.so
#10 0xb59d570e in KSVG::LibartCanvas::createText ()
   from /usr/lib/kde3/libksvgrendererlibart.so
#11 0xb7b5c2f7 in KSVG::SVGTextElementImpl::createItem ()
   from /usr/lib/libksvg.so.0
#12 0xb7c42903 in KSVG::InputHandler::endElement () from /usr/lib/libksvg.so.0
#13 0xb709aa96 in QXmlSimpleReader::processElementETagBegin2 (this=0x8123d08)
    at xml/qxml.cpp:3581
#14 0xb70a04c0 in QXmlSimpleReader::parseElement (this=0x8123d08)
    at xml/qxml.cpp:3398
#15 0xb70a004a in QXmlSimpleReader::parseContent (this=0x8123d08)
    at xml/qxml.cpp:3940
#16 0xb70a0990 in QXmlSimpleReader::parseElement (this=0x8123d08)
    at xml/qxml.cpp:3468
#17 0xb70a004a in QXmlSimpleReader::parseContent (this=0x8123d08)
    at xml/qxml.cpp:3940
#18 0xb70a0990 in QXmlSimpleReader::parseElement (this=0x8123d08)
    at xml/qxml.cpp:3468
#19 0xb70a004a in QXmlSimpleReader::parseContent (this=0x8123d08)
    at xml/qxml.cpp:3940
#20 0xb70a0990 in QXmlSimpleReader::parseElement (this=0x8123d08)
    at xml/qxml.cpp:3468
#21 0xb70a004a in QXmlSimpleReader::parseContent (this=0x8123d08)
    at xml/qxml.cpp:3940
#22 0xb70a0990 in QXmlSimpleReader::parseElement (this=0x8123d08)
    at xml/qxml.cpp:3468
#23 0xb70a47da in QXmlSimpleReader::parseBeginOrContinue (this=0x8123d08, 
    state=1, incremental=false) at xml/qxml.cpp:3014
#24 0xb70a4cd2 in QXmlSimpleReader::parse (this=0x8123d08, input=0x812abf0, 
    incremental=false) at xml/qxml.cpp:2956
#25 0xb7093bb5 in QXmlSimpleReader::parse (this=0x8123d08, input=0x812abf0)
    at xml/qxml.cpp:2911
#26 0xb7c4190d in KSVG::KSVGReader::parse () from /usr/lib/libksvg.so.0
#27 0xb7b14bc2 in KSVG::SVGDocumentImpl::slotSVGContent ()
   from /usr/lib/libksvg.so.0
#28 0xb7b14d77 in KSVG::SVGDocumentImpl::qt_invoke ()
   from /usr/lib/libksvg.so.0
#29 0xb6e3ab10 in QObject::activate_signal (this=0x8107d80, clist=0x8107eb8, 
    o=0xbfe14194) at kernel/qobject.cpp:2356
#30 0xb7c35f9f in KSVG::KSVGLoader::gotResult () from /usr/lib/libksvg.so.0
#31 0xb7c37a96 in KSVG::KSVGLoader::slotResult () from /usr/lib/libksvg.so.0
#32 0xb7c37cf2 in KSVG::KSVGLoader::qt_invoke () from /usr/lib/libksvg.so.0
#33 0xb6e3ab10 in QObject::activate_signal (this=0x8108030, clist=0x8109830, 
    o=0xbfe14324) at kernel/qobject.cpp:2356
#34 0xb62d7e1e in KIO::Job::result (this=0x8108030, t0=0x8108030)
    at ./jobclasses.moc:162
#35 0xb631519d in KIO::Job::emitResult (this=0x8108030)
    at /build/buildd/kdelibs-3.5.8.dfsg.1/./kio/kio/job.cpp:235
#36 0xb632185e in KIO::SimpleJob::slotFinished (this=0x8108030)
    at /build/buildd/kdelibs-3.5.8.dfsg.1/./kio/kio/job.cpp:601
#37 0xb6321f48 in KIO::TransferJob::slotFinished (this=0x8108030)
    at /build/buildd/kdelibs-3.5.8.dfsg.1/./kio/kio/job.cpp:971
#38 0xb6314dfd in KIO::TransferJob::qt_invoke (this=0x8108030, _id=17, 
    _o=0xbfe1464c) at ./jobclasses.moc:1071
#39 0xb6e3ab10 in QObject::activate_signal (this=0x81366d8, clist=0x8134098, 
    o=0xbfe1464c) at kernel/qobject.cpp:2356
#40 0xb6e3b5f5 in QObject::activate_signal (this=0x81366d8, signal=6)
    at kernel/qobject.cpp:2325
#41 0xb62d2c3c in KIO::SlaveInterface::finished (this=0x81366d8)
    at ./slaveinterface.moc:226
#42 0xb6338ce9 in KIO::SlaveInterface::dispatch (this=0x81366d8, _cmd=104, 
    rawdata=@0xbfe14810)
    at /build/buildd/kdelibs-3.5.8.dfsg.1/./kio/kio/slaveinterface.cpp:243
#43 0xb632e9ba in KIO::SlaveInterface::dispatch (this=0x81366d8)
    at /build/buildd/kdelibs-3.5.8.dfsg.1/./kio/kio/slaveinterface.cpp:173
#44 0xb62e7f8c in KIO::Slave::gotInput (this=0x81366d8)
    at /build/buildd/kdelibs-3.5.8.dfsg.1/./kio/kio/slave.cpp:300
#45 0xb6330fd8 in KIO::Slave::qt_invoke (this=0x81366d8, _id=4, _o=0xbfe14910)
    at ./slave.moc:113
#46 0xb6e3ab10 in QObject::activate_signal (this=0x812db28, clist=0x8139260, 
    o=0xbfe14910) at kernel/qobject.cpp:2356
#47 0xb6e3b45d in QObject::activate_signal (this=0x812db28, signal=2, 
    param=11) at kernel/qobject.cpp:2449
#48 0xb71cb40d in QSocketNotifier::activated (this=0x812db28, t0=11)
    at .moc/debug-shared-mt/moc_qsocketnotifier.cpp:85
#49 0xb6e5ccda in QSocketNotifier::event (this=0x812db28, e=0xbfe14c48)
    at kernel/qsocketnotifier.cpp:258
#50 0xb6dcf36a in QApplication::internalNotify (this=0xbfe14ec4, 
    receiver=0x812db28, e=0xbfe14c48) at kernel/qapplication.cpp:2635
#51 0xb6dd1193 in QApplication::notify (this=0xbfe14ec4, receiver=0x812db28, 
    e=0xbfe14c48) at kernel/qapplication.cpp:2358
#52 0xb7ebc622 in KApplication::notify (this=0xbfe14ec4, receiver=0x812db28, 
    event=0xbfe14c48)
    at /build/buildd/kdelibs-3.5.8.dfsg.1/./kdecore/kapplication.cpp:550
#53 0xb6d606c9 in QApplication::sendEvent (receiver=0x812db28, 
    event=0xbfe14c48) at ../include/qapplication.h:520
#54 0xb6dc11e2 in QEventLoop::activateSocketNotifiers (this=0x8080b88)
    at kernel/qeventloop_unix.cpp:578
#55 0xb6d7517f in QEventLoop::processEvents (this=0x8080b88, flags=4)
    at kernel/qeventloop_x11.cpp:383
#56 0xb6dea6e4 in QEventLoop::enterLoop (this=0x8080b88)
    at kernel/qeventloop.cpp:198
#57 0xb6dea3e2 in QEventLoop::exec (this=0x8080b88)
    at kernel/qeventloop.cpp:145
#58 0xb6dd0f13 in QApplication::exec (this=0xbfe14ec4)
    at kernel/qapplication.cpp:2758
#59 0x0804cada in ?? ()
#60 0xb770b050 in __libc_start_main () from /lib/i686/cmov/libc.so.6
#61 0x0804c2b1 in ?? ()


[1] http://ejohn.org/files/ecma-cloud.svg
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451349

Comment 1 Marcus Better 2007-11-15 10:22:24 UTC

Created attachment 22069 [details]
SVG file that causes crash

Comment 2 Marcus Better 2008-05-07 14:24:46 UTC

This no longer crashes Konqueror in KDE 4.0.72 (Debian experimental), but there are no colours in the picture, only shades of grey.