[lasem] svg_filter: avoid crash in blur in case of a null surface
- From: Emmanuel Pacaud <emmanuel src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [lasem] svg_filter: avoid crash in blur in case of a null surface
- Date: Fri, 31 Jul 2015 19:04:10 +0000 (UTC)
commit 12de4fa87846d172cad825609f2787ba57bb02b9
Author: Emmanuel Pacaud <emmanuel gnome org>
Date: Fri Jul 31 14:34:42 2015 +0200
svg_filter: avoid crash in blur in case of a null surface
src/lsmsvgfiltersurface.c | 6 +
.../librsvg/librsvg-bug752670-fuzzed-715.svg | 122 ++++++++++++++++++++
2 files changed, 128 insertions(+), 0 deletions(-)
---
diff --git a/src/lsmsvgfiltersurface.c b/src/lsmsvgfiltersurface.c
index 7ab8a7b..043eb24 100644
--- a/src/lsmsvgfiltersurface.c
+++ b/src/lsmsvgfiltersurface.c
@@ -167,6 +167,9 @@ box_blur (cairo_surface_t *in,
rowstride = cairo_image_surface_get_stride (in);
+ g_return_if_fail (in_pixels != NULL);
+ g_return_if_fail (output_pixels != NULL);
+
intermediate = g_new (guchar, MAX (kw, kh));
if (kw > 1) {
@@ -247,6 +250,9 @@ lsm_svg_filter_surface_fast_blur (LsmSvgFilterSurface *input,
height != cairo_image_surface_get_height (output->surface))
return;
+ if (width < 1 || height < 1)
+ return;
+
if (kx > 1 || ky > 1) {
int x1, y1, x2, y2;
cairo_surface_t *blur_surface;
diff --git a/tests/data/svg/samples/librsvg/librsvg-bug752670-fuzzed-715.svg
b/tests/data/svg/samples/librsvg/librsvg-bug752670-fuzzed-715.svg
new file mode 100644
index 0000000..f16816b
--- /dev/null
+++ b/tests/data/svg/samples/librsvg/librsvg-bug752670-fuzzed-715.svg
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg id="svg-root" xmlns="http://www.w3.org/2000/svg"; width="9223372036854775709%" height="100%" viewBox="0
0 480 360" baseProfile="basic" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink";>
+ <d:SVGTestCase status="accepted" author="BB" template-version="1.32769" testname="$RCSfile:
filters-overview-01-b.svg,v $" version="$Revision: 1.8 $" reviewer="CL"
xmlns:d="http://www.w3.org/2000/02/svg/testsuite/description/";>
+ <d:testDescription href="http://www.w3.org/TR/SVG11/filters.html#FilterPrimitivesOverview";
xmlns="http://www.w3.org/1999/xhtml";>
+ <p>The pes.</p>
+ </d:testDescription>
+ <d:operatorScript xmlns="http://www.w3.org/1999/xhtml";>
+ <p>blab</p>
+ </d:operatorScript>
+ <d:passCriteria xmlns="http://www.w3.org/1999/xhtml";>
+ <p>, correctly.</p>
+ <ol>
+ <li>eth</li>
+ <li>eth</li>
+ <li>eth</li>
+ <li>eth</li>
+ <li>eth</li>
+ <li>eth</li>
+ </ol>
+ </d:passCriteria>
+ <p>, correctly.</p>
+ <ol>
+ <li>eth</li>
+ <li>eth</li>
+ <li>eth</li>
+ <li>eth</li>
+ <li>eth</li>
+ <li>eth</li>
+ </ol>
+ </d:SVGTestCase>
+ <title id="test-title">$RCSfile: filters-overview-01-b.svg,v $</title>
+ <g id="test-body-content" font-size="18" font-family="SVGFreeSansASCII,sans-serif">
+ <defs>
+ <filter id="GaussianBlur1" height="140%" width="140%" y="-20%" x="-0%" filterUnits="objectBoundingBox">
+ <feGaussianBlur stdDeviation="2" in="SourceAlpha"/>
+ </filter>
+ <filter id="GaussianBlur2" height="140%" width="140%" y="-20%" x="-20%" filterUnits="objectBoundingBox">
+ <feGaussianBlur stdDeviation="2" in="SourceGraphic"/>
+ </filter>
+ <filter id="GaussianBlur3" height="160%" width="160%" y="-30%" x="-30%" filterUnits="objectBoundingBox">
+ <feFlood flood-color="white" result="flood"/>
+ <feGaussianBlur stdDeviation="2" result="blur" in="BackgroundAlpha"/>
+ <feMerge>
+ <feMergeNode in="flood"/>
+ <feMergeNode in="blur"/>
+ </feMerge>
+ </filter>
+ <filter id="GaussianBlur4" height="180%" width="180%" y="-40%" x="-40%" filterUnits="objectBoundingBox">
+ <feFlood flood-color="white" result="flood"/>
+ <feGaussianBlur stdDeviation="2" result="blur" in="BackgroundImage"/>
+ <feMerge>
+ <feMergeNode in="flood"/>
+ <feMergeNode in="blur"/>
+ </feMerge>
+ </filter>
+ <filter id="GaussianBlur5" height="140%" width="140%" y="-20%" x="-20%" filterUnits="objectBoundingBox">
+ <feGaussianBlur stdDeviation="5" in="StrokePaint"/>
+ </filter>
+ <filter id="GaussianBlur6" height="140%" width="140%" y="-20%" x="-20%" filterUnits="objectBoundingBox">
+ <feGaussianBlur stdDeviation="5" in="FillPaint"/>
+ </filter>
+ </defs>
+ <g font-size="14" enable-background="new" stroke="#000" stroke-dasharray="25 5" stroke-width="3">
+ <rect y="50" x="90" height="95" fill="green" width="16"/>
+ <g filter="url(#GaussianBlur3)" stroke="#000" stroke-width="3" fill-opacity=".6">
+ <circle cy="85" cx="238" r="25" fill="red"/>
+ <circle cy="110" cx="220" r="25" fill="blue"/>
+ <circle cy="110" cx="256" r="25" fill="green"/>
+ </g>
+ <text y="160" x="238" stroke="none" text-anchor="middle">BackgroundAlpha</text>
+ <desc>===========================================================================================</desc>
+ <rect y="185" x="230" height="95" fill="green" width="16"/>
+ <g filter="url(#GaussianBlur2)" stroke="#000" stroke-width="3" fill-opacity=".6">
+ <circle cy="220" cx="98" r="25" fill="red"/>
+ <circle cy="245" cx="80" r="25" fill="blue"/>
+ <circle cy="245" cx="116" r="25" fill="green"/>
+ </g>
+ <text y="295" x="98" stroke="none" text-anchor="middle">SourceGraphic</text>
+ <desc>===========================================================================================</desc>
+ <rect y="50" x="230" height="95" fill="green" width="16"/>
+ <g filter="url(#GaussianBlur3)" stroke="#000" stroke-width="3" fill-opacity=".6">
+ <circle cy="85" cx="238" r="25" fill="red"/>
+ <circle cy="110" cx="220" r="25" fill="blue"/>
+ <circle cy="110" cx="256" r="25" fill="green"/>
+ </g>
+ <text y="160" x="238" stroke="none" text-anchor="middle">BackgroundAlpha</text>
+ <desc>===========================================================================================</desc>
+ <rect y="185" x="230" height="95" fill="green" width="16"/>
+ <g filter="url(#GaussianBlur4)" stroke="#000" stroke-width="3" fill-opacity=".6">
+ <circle cy="220" cx="238" r="25" fill="red"/>
+ <circle cy="245" cx="220" r="25" fill="blue"/>
+ <circle cy="245" cx="256" r="25" fill="green"/>
+ </g>
+ <text y="295" x="238" stroke="none" text-anchor="middle">BackgroundImage</text>
+ <desc>===========================================================================================</desc>
+ <rect y="50" x="370" height="95" fill="green" width="16"/>
+ <g id="g" filter="url(#GaussianBlur5)" stroke="blue" stroke-width="3" stroke-opacity=".6">
+ <circle cy="85" cx="378" r="25" fill="red"/>
+ <circle cy="110" cx="360" r="25" fill="blue"/>
+ <circle cy="110" cx="396" r="25" fill="green"/>
+ </g>
+ <text y="160" x="378" stroke="none" text-anchor="middle">FillPaint</text>
+ <desc>===========================================================================================</desc>
+ <rect y="185" x="370" height="95" fill="green" width="16"/>
+ <g stroke-width="3" filter="url(#GaussianBlur6)" stroke="#000" fill="blue" fill-opacity=".6">
+ <circle cy="220" cx="378" r="25"/>
+ <circle cy="245" cx="360" r="25"/>
+ <circle cy="245" cx="396" r="25"/>
+ </g>
+ <text y="295" x="378" stroke="none" text-anchor="middle">StrokePaint</text>
+ </g>
+ <text y="30" x="240" font-size="20" text-anchor="middle">Filter input test</text>
+ </g>
+ <g font-size="32" font-family="SVGFreeSansASCII,sans-serif">
+ <text id="revision" y="340" x="10" fill="black">$Revision: 1.8 $</text>
+ </g>
+ <rect id="test-frame" height="358" width="478" stroke="#000" y="1" x="1" fill="none"/>
+ <g id="draft-watermark">
+ <rect height="20" width="478" stroke="#000" y="1" x="1" fill="red"/>
+ <text stroke-width=".5" font-size="20" font-weight="bold" text-anchor="middle" stroke="black" y="18"
x="240" font-family="SVGFreeSansASCII,sans-serif" fill="white">DRAFT</text>
+ </g>
+</svg>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
