[librsvg/librsvg-2.46] (#524): Don't panic upon an XML processing instruction with a disallowed URL

From: Federico Mena Quintero <federico src gnome org>
To: commits-list gnome org
Cc:
Subject: [librsvg/librsvg-2.46] (#524): Don't panic upon an XML processing instruction with a disallowed URL
Date: Fri, 1 Nov 2019 16:50:11 +0000 (UTC)

commit e40a959ffee23c20fc0acec03ce4518610239ce5
Author: Federico Mena Quintero <federico gnome org>
Date:   Fri Nov 1 10:21:34 2019 -0600

    (#524): Don't panic upon an XML processing instruction with a disallowed URL
    
    XmlState.error() takes a mutable borrow on the inner RefCell, and it
    was already mutably borrowed by the caller XmlState.processing_instruction().
    
    Fixes https://gitlab.gnome.org/GNOME/librsvg/issues/524

 rsvg_internals/src/xml.rs                            | 3 +--
 tests/fixtures/crash/524-invalid-stylesheet-href.svg | 9 +++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)
---
diff --git a/rsvg_internals/src/xml.rs b/rsvg_internals/src/xml.rs
index 62976949..f376707f 100644
--- a/rsvg_internals/src/xml.rs
+++ b/rsvg_internals/src/xml.rs
@@ -257,12 +257,11 @@ impl XmlState {
                 && type_.as_ref().map(String::as_str) == Some("text/css")
                 && href.is_some()
             {
-                let mut inner = self.inner.borrow_mut();
-
                 if let Ok(aurl) =
                     AllowedUrl::from_href(&href.unwrap(), self.load_options.base_url.as_ref())
                 {
                     // FIXME: handle CSS errors
+                    let mut inner = self.inner.borrow_mut();
                     let css_rules = inner.css_rules.as_mut().unwrap();
                     let _ = css_rules.load_css(&aurl);
                 } else {
diff --git a/tests/fixtures/crash/524-invalid-stylesheet-href.svg 
b/tests/fixtures/crash/524-invalid-stylesheet-href.svg
new file mode 100644
index 00000000..9718b1b2
--- /dev/null
+++ b/tests/fixtures/crash/524-invalid-stylesheet-href.svg
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?xml-stylesheet type="text/css" href="file://invalid.css" ?>
+<svg
+    xmlns:xi="http://www.w3.org/2001/XInclude";
+    width="320" height="240">
+  <text x="10" y="100">
+    Hello
+  </text>
+</svg>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]