| Summary: | polyline points freezes konqueror and eats all memory | ||
|---|---|---|---|
| Product: | [Unmaintained] ksvg | Reporter: | Clara Gnos <clara.gnos> |
| Component: | general | Assignee: | Nikolas Zimmermann <wildfox> |
| Status: | RESOLVED UNMAINTAINED | ||
| Severity: | normal | CC: | cfeck, esigra |
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Gentoo Packages | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
| Attachments: |
polyline_crash.svg
Silently ignore polygons and polylines that would trigger this |
||
|
Description
Clara Gnos
2005-06-05 17:20:50 UTC
Created attachment 11340 [details]
polyline_crash.svg
svg with a polyline. The polyline has a incomplete pointslist:
<polyline points="1,0 1 1,20" />
KSVG will just freeze and eat more and more memory
Created attachment 26833 [details] Silently ignore polygons and polylines that would trigger this I've fixed this in Debian bug 493363 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493363 In SVGAnimatedPointsImpl::parsePoints there's a for loop over an iterator. Each time through the loop takes two elements from the iterator, but only tests the exit condition once. The initial report here suggests that only maliciously-constructed images can trigger this. It can be triggered by images in the OpenClipart project that use the SVG path element's extended grammar instead of using the SVG basic shape elements' simple grammar (I think that's a bug in OpenClipart). This component has been replaced with the QtSvg based "svgpart" in KDE 4. If this issue still needs to be addressed, please add a comment. |