From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: adam plaice Newsgroups: gmane.emacs.bugs Subject: bug#36773: 27.0.50; Accessing a cached SVG with eww can cause Emacs to crash Date: Tue, 23 Jul 2019 18:40:14 +0200 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="100107"; mail-complaints-to="usenet@blaine.gmane.org" To: 36773@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jul 23 18:41:09 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hpxqe-000Ptk-7M for geb-bug-gnu-emacs@m.gmane.org; Tue, 23 Jul 2019 18:41:08 +0200 Original-Received: from localhost ([::1]:45672 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hpxqd-00035N-2r for geb-bug-gnu-emacs@m.gmane.org; Tue, 23 Jul 2019 12:41:07 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:37065) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hpxqa-000358-Eb for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2019 12:41:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hpxqY-0007Ma-R0 for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2019 12:41:04 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:54944) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hpxqY-0007ML-NO for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2019 12:41:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hpxqY-000665-JG for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2019 12:41:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: adam plaice Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 23 Jul 2019 16:41:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 36773 X-GNU-PR-Package: emacs X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.156390003323382 (code B ref -1); Tue, 23 Jul 2019 16:41:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 23 Jul 2019 16:40:33 +0000 Original-Received: from localhost ([127.0.0.1]:35532 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hpxq4-000651-Ci for submit@debbugs.gnu.org; Tue, 23 Jul 2019 12:40:33 -0400 Original-Received: from lists.gnu.org ([209.51.188.17]:35299) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hpxq2-00064u-Fu for submit@debbugs.gnu.org; Tue, 23 Jul 2019 12:40:31 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:36913) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hpxq0-00031E-ST for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2019 12:40:30 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hpxpz-00071z-8c for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2019 12:40:28 -0400 Original-Received: from mail-yb1-xb35.google.com ([2607:f8b0:4864:20::b35]:41125) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hpxpz-00071h-26 for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2019 12:40:27 -0400 Original-Received: by mail-yb1-xb35.google.com with SMTP id x188so11746990yba.8 for ; Tue, 23 Jul 2019 09:40:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=uwhvRzAqHWsIi2T9JC+b+n8oGOPf8fH63smOHmu6sVM=; b=sIFxuKGPH6EgSG3LiefJptiXyGWFJaFVY9i3S5L4Nc4ogMvRn3luAAJeqkboaROGzy 3UEyTWM9Bw8VTMBnhVlUffRwQLdWxmAHRISo0e/OvHDWZwrtNH+0wGbFn1px3h0RQLTl 0hS4SBKYgC3Dz2ziprT0lmsPlzkmjRy6ki6FK00RrDES6+nEwmWbvbIIehfPaClJDg1c ZwGQpHXbWNitBBz9Uaio/K2LMTLNFEsC/InPafXP6hYwZ3YSTatonekYjG/kbcYf+dAy /LEJ68PGodU9oU+As7m/4QYj+I2ZNWTMNiWB2mLpv1+bWeCYAfjj6boSNgH3+CUTRlHj E2zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=uwhvRzAqHWsIi2T9JC+b+n8oGOPf8fH63smOHmu6sVM=; b=KgGzS1fJQAfonNVvvfD33OCW4KRFa57vVS2gZl8VkZHAWwLVJoSvb8H38O1FtrDWu0 vnfi4M7HWWVBgB7jhFr08xws06IxPk4yXqPY8bde/ewyZnu4TgX2lLk/TQrR6hUbeyDI 1BJQTHrYCy9MhsSPw3qCvjo+6Nm8uJpMHa8iR96tUaDpVPe+BQ9A/Z49HLWy0i1u9qFz ZvL7DkC7G4WcUozSMA5HRBoy5FPgvff5kRZQbVpXBhQ4OE7lR3788bBnaJf/Qd2w+RZ4 Yf9HOmM6RykcvTkKKaL3fZH8avtQ35aJSU8unzAOq3NlBn4m/QA78BI5y4O2YT0WC49w bUow== X-Gm-Message-State: APjAAAUkFJdK2H+475ev/yw6P3huesqkYmBBk/jAPGYoXFZwriNAf1JX CgVFH4cLaop7z8AmlvIiLmiLSLlsKlhKYUnj3vm23Q== X-Google-Smtp-Source: APXvYqyUGtQhu66QNFTad1nWffKM0dUKsGodviuwKCdFhVLwLpt5PLXkAVFVBSG2nmKySErnbGnU1lKqyMgS/CFhRLQ= X-Received: by 2002:a25:32ca:: with SMTP id y193mr29608616yby.317.1563900025644; Tue, 23 Jul 2019 09:40:25 -0700 (PDT) X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:163635 Archived-At: A cached SVG accessed with eww can cause Emacs to crash, even when the same SVG does not cause a crash when it was not cached. * To reproduce: 1. Since emacs -Q does not ignore ~/.emacs.d/url/cache it's best to use a completely fresh profile with a custom HOME. mkdir ~/temp_profile/ 2. Open a page (https://nullprogram.com/blog/2019/07/22/) in eww that includes the SVG and will cause it to be cached. HOME=/home/adam/temp_profile/ emacs -Q --eval '(eww "https://nullprogram.com/blog/2019/07/22/")' 3. Exit Emacs (the bug will also occur if Emacs isn't exited and only the eww buffer killed, but this way is simplest). 4. Open the SVG (https://nullprogram.com/img/diagram/collision.svg) directly. HOME=/home/adam/temp_profile/ emacs -Q --eval '(eww "https://nullprogram.com/img/diagram/collision.svg")' (In all: mkdir ~/temp_profile/ HOME=/home/adam/temp_profile/ emacs -Q --eval '(eww "https://nullprogram.com/blog/2019/07/22/")' HOME=/home/adam/temp_profile/ emacs -Q --eval '(eww "https://nullprogram.com/img/diagram/collision.svg")' ) * Expected result: The webpage, including images, is correctly displayed in 2, and the SVG is correctly displayed in 4. * Actual result: The webpage, including images, is correctly display in 2, but loading the SVG causes a crash: Fatal error 11: Segmentation fault Backtrace: emacs[0x50f869] emacs[0x41aa4d] emacs[0x50e13e] emacs[0x50e4d3] emacs[0x50e510] /lib/x86_64-linux-gnu/libpthread.so.0(+0x11390)[0x7fbacc66b390] /usr/lib/x86_64-linux-gnu/librsvg-2.so.2(rsvg_handle_get_dimensions+0x0)[0x7fbacf3095b0] emacs[0x5f5d12] emacs[0x5f618d] emacs[0x5f94f4] emacs[0x5f9b6d] emacs[0x574583] emacs[0x5af7b8] emacs[0x5744d7] emacs[0x5af7b8] emacs[0x5744d7] emacs[0x5af7b8] emacs[0x5744d7] emacs[0x5af7b8] emacs[0x5744d7] emacs[0x576050] emacs[0x574583] emacs[0x5af7b8] emacs[0x5744d7] emacs[0x5af7b8] emacs[0x5744d7] emacs[0x5af7b8] emacs[0x5744d7] emacs[0x576050] emacs[0x57623c] emacs[0x572f06] emacs[0x5b2bb1] emacs[0x5ba349] emacs[0x501783] emacs[0x5033a7] emacs[0x504b50] emacs[0x572e6e] emacs[0x4f68bc] emacs[0x572e0c] emacs[0x4f6879] emacs[0x4fb889] ... Segmentation fault (core dumped) * Further information Removing the relevant cache entry at ~/.emacs.d/url/cache/adam/https/com/nullprogram/87600a34d4be777955bc9e1315cb16c4 prevents the crash from occurring: rm ~/temp_profile/.emacs.d/url/cache/adam/https/com/nullprogram/87600a34d4be777955bc9e1315cb16c4 HOME=/home/adam/temp_profile/ emacs -Q --eval '(eww "https://nullprogram.com/img/diagram/collision.svg")' Editing the cache entry to remove the line `Content-Encoding: gzip' also prevents the crash: sed '/^Content-Encoding: gzip$/ D' -i ~/temp_profile/.emacs.d/url/cache/adam/https/com/nullprogram/87600a34d4be777955bc9e1315cb16c4 HOME=/home/adam/temp_profile/ emacs -Q --eval '(eww "https://nullprogram.com/img/diagram/collision.svg")' * Speculation I think that the bug is caused by the fact that when Emacs receives an HTTP response with Content-Encoding: gzip in the headers, it (naturally!) decompresses the content, and when storing a cache, it writes the decompressed content. However, when opening the cache, Emacs again tries to follow the (still existing) `Content-Encoding' header and tries decompress the content. `zlib-decompress-region' in `url-handle-content-transfer-encoding' obviously fails, and (I think) replaces the content with an empty string. Parsing that "content", in turn causes the image library (in this case rsvg) to crash. (On the surface level, the bug is obviously caused by the library crashing, but as already discussed in many other bugs, this is probably unavoidable.) Thank you and best regards, Adam In GNU Emacs 27.0.50 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.18.9) of 2019-07-20 built on adam Repository revision: 189296bfcc3ff9fef66ba28e045b2898125120f2 Repository branch: master Windowing system distributor 'The X.Org Foundation', version 11.0.11804000 System Description: Ubuntu 16.04.6 LTS Recent messages: For information about GNU Emacs and the GNU system, type C-h C-a. Configured using: 'configure --with-modules --without-pop' Configured features: XPM JPEG TIFF GIF PNG RSVG SOUND GPM DBUS GSETTINGS GLIB NOTIFY INOTIFY ACL LIBSELINUX GNUTLS LIBXML2 FREETYPE HARFBUZZ M17N_FLT LIBOTF XFT ZLIB TOOLKIT_SCROLL_BARS GTK3 X11 XDBE XIM MODULES THREADS PDUMPER LCMS2 GMP Important settings: value of $LANG: en_GB.UTF-8 locale-coding-system: utf-8-unix Major mode: Lisp Interaction Minor modes in effect: tooltip-mode: t global-eldoc-mode: t eldoc-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t Load-path shadows: None found. Features: (shadow sort mail-extr emacsbug message rmc puny dired dired-loaddefs format-spec rfc822 mml easymenu mml-sec password-cache epa derived epg epg-config gnus-util rmail rmail-loaddefs text-property-search time-date seq byte-opt gv bytecomp byte-compile cconv mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode elisp-mode lisp-mode prog-mode register page menu-bar rfn-eshadow isearch timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite charscript charprop case-table epa-hook jka-cmpr-hook help simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote threads dbusbind inotify lcms2 dynamic-setting system-font-setting font-render-setting move-toolbar gtk x-toolkit x multi-tty make-network-process emacs) Memory information: ((conses 16 43246 7640) (symbols 48 5878 1) (strings 32 15473 1825) (string-bytes 1 500975) (vectors 16 9022) (vector-slots 8 120278 8826) (floats 8 17 37) (intervals 56 188 0) (buffers 992 11) (heap 1024 12205 1072))