Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/gnome-base/librsvg/files
diff options
context:
space:
mode:
authorPacho Ramos <pacho@gentoo.org>2016-02-28 12:25:56 +0100
committerPacho Ramos <pacho@gentoo.org>2016-02-28 13:02:28 +0100
commit0c92c018114f9c82a85c24d43b09056e3f92eafa (patch)
treecbdf1cb25156b566b4031936eeac5c61dc4d789c /gnome-base/librsvg/files
parentdev-python/mistune: add missing build dep (diff)
downloadgentoo-0c92c018114f9c82a85c24d43b09056e3f92eafa.tar.gz
gentoo-0c92c018114f9c82a85c24d43b09056e3f92eafa.tar.bz2
gentoo-0c92c018114f9c82a85c24d43b09056e3f92eafa.zip
gnome-base/librsvg: Fix crashes when filters don't exist (#575496 by Andreas Grois)
Package-Manager: portage-2.2.27
Diffstat (limited to 'gnome-base/librsvg/files')
-rw-r--r--gnome-base/librsvg/files/librsvg-2.40.13-filters-crash.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/gnome-base/librsvg/files/librsvg-2.40.13-filters-crash.patch b/gnome-base/librsvg/files/librsvg-2.40.13-filters-crash.patch
new file mode 100644
index 000000000000..f5503d1dd143
--- /dev/null
+++ b/gnome-base/librsvg/files/librsvg-2.40.13-filters-crash.patch
@@ -0,0 +1,53 @@
+From d937c691678803ceda6be701587d997ccd03a1da Mon Sep 17 00:00:00 2001
+From: Benjamin Otte <otte@redhat.com>
+Date: Fri, 29 Jan 2016 12:49:55 +0100
+Subject: Don't crash when filters don't exist
+
+We put a new surface on the stack if a filter existed by name but we
+didn't pop it if the name didn't resolve to a real filter.
+
+New test: crash/bug759084.svg
+
+https://bugzilla.gnome.org/show_bug.cgi?id=759084
+---
+ rsvg-cairo-draw.c | 6 +++---
+ tests/fixtures/crash/bug759084.svg | 9 +++++++++
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+ create mode 100644 tests/fixtures/crash/bug759084.svg
+
+diff --git a/rsvg-cairo-draw.c b/rsvg-cairo-draw.c
+index 4d8fbc2..4152cb7 100644
+--- a/rsvg-cairo-draw.c
++++ b/rsvg-cairo-draw.c
+@@ -819,10 +819,10 @@ rsvg_cairo_pop_render_stack (RsvgDrawingCtx * ctx)
+ cairo_surface_t *output;
+
+ filter = rsvg_acquire_node (ctx, state->filter);
+- if (filter && RSVG_NODE_TYPE (filter) == RSVG_NODE_TYPE_FILTER) {
+- output = render->surfaces_stack->data;
+- render->surfaces_stack = g_list_delete_link (render->surfaces_stack, render->surfaces_stack);
++ output = render->surfaces_stack->data;
++ render->surfaces_stack = g_list_delete_link (render->surfaces_stack, render->surfaces_stack);
+
++ if (filter && RSVG_NODE_TYPE (filter) == RSVG_NODE_TYPE_FILTER) {
+ needs_destroy = TRUE;
+ surface = rsvg_filter_render ((RsvgFilter *) filter, output, ctx, &render->bbox, "2103");
+ /* Don't destroy the output surface, it's owned by child_cr */
+diff --git a/tests/fixtures/crash/bug759084.svg b/tests/fixtures/crash/bug759084.svg
+new file mode 100644
+index 0000000..9e8f8f1
+--- /dev/null
++++ b/tests/fixtures/crash/bug759084.svg
+@@ -0,0 +1,9 @@
++<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 10 10">
++ <defs>
++ <filter id="filter">
++ </filter>
++ </defs>
++ <g filter="url(#filter)">
++ <rect fill="red" width="10" height="10" filter="url(#doesnotexist)" />
++ </g>
++</svg>
+--
+cgit v0.12
+