From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Adam Plaice Newsgroups: gmane.emacs.bugs Subject: bug#36773: 27.0.50; Accessing a cached SVG with eww can cause Emacs to crash Date: Thu, 25 Jul 2019 00:13:16 +0200 Message-ID: References: <83zhl3o5gf.fsf@gnu.org> <83sgqvnt87.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="43571"; mail-complaints-to="usenet@blaine.gmane.org" Cc: Pip Cet , 36773@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Jul 25 00:14:08 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hqPWR-000BDP-43 for geb-bug-gnu-emacs@m.gmane.org; Thu, 25 Jul 2019 00:14:07 +0200 Original-Received: from localhost ([::1]:54776 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqPWP-0007RS-S0 for geb-bug-gnu-emacs@m.gmane.org; Wed, 24 Jul 2019 18:14:05 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:50409) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqPWN-0007R6-B7 for bug-gnu-emacs@gnu.org; Wed, 24 Jul 2019 18:14:04 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqPWM-0004cw-9A for bug-gnu-emacs@gnu.org; Wed, 24 Jul 2019 18:14:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:57565) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hqPWM-0004cn-5R for bug-gnu-emacs@gnu.org; Wed, 24 Jul 2019 18:14:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hqPWL-0000jf-UM for bug-gnu-emacs@gnu.org; Wed, 24 Jul 2019 18:14:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Adam Plaice Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 24 Jul 2019 22:14:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36773 X-GNU-PR-Package: emacs Original-Received: via spool by 36773-submit@debbugs.gnu.org id=B36773.15640064152737 (code B ref 36773); Wed, 24 Jul 2019 22:14:01 +0000 Original-Received: (at 36773) by debbugs.gnu.org; 24 Jul 2019 22:13:35 +0000 Original-Received: from localhost ([127.0.0.1]:38153 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hqPVv-0000i4-0c for submit@debbugs.gnu.org; Wed, 24 Jul 2019 18:13:35 -0400 Original-Received: from mail-yb1-f176.google.com ([209.85.219.176]:41901) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hqPVt-0000hc-Nv for 36773@debbugs.gnu.org; Wed, 24 Jul 2019 18:13:34 -0400 Original-Received: by mail-yb1-f176.google.com with SMTP id x188so13222849yba.8 for <36773@debbugs.gnu.org>; Wed, 24 Jul 2019 15:13:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=L0OvMDpHOjnZ0wFaUYC8DlfnaOGn/onacbgQNTLuQhs=; b=Dp69EN4blWvqGHDnLtIQ0DtqK930Cspan05Fx4dbIhplRFxP2EqcJ77Jo3ZYTOkt+X 5dZKi/WAFpOMuCWXeENbIPECVjsyvYwDfYYfaob1XNpuXm78BPHEXisfsCpa8pKhc2EL mYnlnbTmvZou74hsenFIBouob+1OmN+xKeeMRPjysWngKS/ICiD71zzjzb/EuXOsBj9T TQJUm9ol1JRQR8qNREQua5H33TArnGoegBZ5CzEs7nxMRdr8HFj0qDn2E/UOBrMM9t6j QY0kiK0kwlBnMVEUWdnl4OzxE4f9MZf0MkkSFx07x1UBCItLTyXXyJSnxkqfb6Ft1cO/ mfXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=L0OvMDpHOjnZ0wFaUYC8DlfnaOGn/onacbgQNTLuQhs=; b=iVQR9k8o+/YL4r4hQAc7m0ATapMopdq96Pe5ZX/Jdlxjqm8jjGcC1IacEa4ozO05p2 Wbkp3ENh1rqvNL7cKf1VEQWZiZ7dJEyrm+G9ykre72UhHKEFTS4foTxketpnCK4qnm7y PHy9pO93lKw1obdMr9kPsxvCynG6YKRQaz/CYT6uNnKf6eoOsBVjfCDGmyyu0CJ9efxM 55jZ10QkwmPBrIizTYFiORcZVZ7/HjkxIlqDgN5G4Uh4FwsiH9Nxh7vxl+bpqNySZQE4 18jx1EhLhymEFQNbguquzD3nwusI5vFxjsKqKp34cJxev2I58gpIrIFCWn7G3RIxh1kx 4TKQ== X-Gm-Message-State: APjAAAUYOnTyEABiLM/2gwB4Z3R0ReZHylfpo+4XusE/aBqZH61ww+jo ky9YAHDzRfnPBzu1ocL/iS2deCcImUl+9Uc3f+I= X-Google-Smtp-Source: APXvYqyQkBgEshej2KQ4Hdfcb6+mGuxivRXvIZvfAATTJEycswu2dASKoj5Jn9rX0VA6h+G0I6Fcq8ZUdLneOtb45ps= X-Received: by 2002:a25:4502:: with SMTP id s2mr50653920yba.507.1564006408104; Wed, 24 Jul 2019 15:13:28 -0700 (PDT) In-Reply-To: <83sgqvnt87.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:163682 Archived-At: > I'm attaching a patch to fix the rsvg segfault, and another patch > which works around the url-http issue. However, I'm not sure how the > latter should be fixed properly. Thanks! The first patch indeed prevents the crash, while the second also causes the image to be displayed (as expected). > - (zlib-decompress-region (point) (point-max))))))) > + (zlib-decompress-region (point) (point-max) t)))))) > So I guess that is a hint, we could just go back to the Emacs-26 > behavior. I don't think we should, but in practice it should work > okay. b36913d803ee22a314f2e0a27523fbadeb60dd2c introduced the above change. Testing with a checkout of it, results in a blank "standard error box" being displayed, though interestingly without a crash. At b36913d803ee22a314f^ the SVG was correctly displayed, so b36913d803ee22a314f did indeed introduce (part of) this bug. However, not using ALLOW-PARTIAL, would re-introduce Bug#33133, which would probably not be a great idea. (I tried bisecting to find out when the crashes themselves started, but without appropriate "make clean"ing (or more severe), I ended up in an unbuildable state, and I didn't have time for full rebuilds, with this range to be bisected. In any case, your 0001-Don-t-crash-when-parsing-bad-SVG-data-bug-36773.patch fixes the crash.) > I thought that additional argument only mattered upon failure to > completely uncompress the data. Otherwise, the use of that argument > should not have changed the behavior. Are you saying that the > decompression failed in this case? If not, what am I missing? If I understand the issue correctly, it's because `zlib-decompress-region' is trying to decompress content that is in the cache and had already been decompressed. Hence, the decompression fails and deletes the contents, which, depending on other particulars, either crashes Emacs or causes a warning, and in any case prevents the actual image from being displayed. Thank you! Adam