GNU bug report logs - #29581
26.0.90; SVG file can cause emacs to crash (imagemagick)

Previous Next

Package: emacs;

Reported by: adam plaice <plaice.adam+lists <at> gmail.com>

Date: Tue, 5 Dec 2017 20:00:02 UTC

Severity: normal

Tags: notabug, wontfix

Merged with 35725

Found in versions 26.0.90, 26.2

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: adam plaice <plaice.adam+lists <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: 26.0.90; SVG file can cause emacs to crash (imagemagick)
Date: Tue, 5 Dec 2017 19:59:06 +0000

If emacs, on Linux, is compiled with imagemagick support, then opening
a specific
svg file can cause emacs to crash. The bug report is based on
https://emacs.stackexchange.com/questions/37216/open-svg-files-in-xml-mode

* To reproduce:

1. Save the following to test.svg (svg file taken from the above
mentioned stackexchange question):

<svg xmlns="http://www.w3.org/2000/svg">
  <symbol id="cross" viewBox="0 0 20 20">
    <path d="M17.1 5.2l-2.6-2.6-4.6 4.7-4.7-4.7-2.5 2.6 4.7 4.7-4.7
4.7 2.5 2.5 4.7-4.7 4.6 4.7 2.6-2.5-4.7-4.7"/>
  </symbol>
  <symbol id="play" viewBox="0 0 15 15">
    <path d="M690 60H40l330 570L700 60z" />
  </symbol>
</svg>

2. Run:

emacs -Q test.svg

* Expected result:

A blank square or nothing is displayed (since the svg file does not contain any
actual image) and (optionally) an error message is displayed.

* Actual result:

A segmentation fault occurs (with the following output) and emacs crashes:

Fatal error 11: Segmentation fault
Backtrace:
emacs[0x50e019]
emacs[0x4f46c7]
emacs[0x50c9ce]
emacs[0x50ccd3]
emacs[0x50cd10]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x11390)[0x7f2f395d5390]
/usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/modules-Q16/coders/svg.so(+0xb8b8)[0x7f2f26b9a8b8]
/usr/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.2(ReadImage+0x198)[0x7f2f3bd688e8]
/usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2(MagickReadImage+0x6a)[0x7f2f3c23aa3a]
emacs[0x5e39c2]
emacs[0x5ea8b4]
emacs[0x5eaba0]
emacs[0x56ca4f]
emacs[0x56bb26]
emacs[0x5a4f78]
emacs[0x56b7df]
emacs[0x56ba8b]
emacs[0x5a4f78]
emacs[0x56b7df]
emacs[0x56ba8b]
emacs[0x5a4f78]
emacs[0x56b7df]
emacs[0x56ba8b]
emacs[0x5a4f78]
emacs[0x56b7df]
emacs[0x56ba8b]
emacs[0x5a4f78]
emacs[0x56b7df]
emacs[0x56ba8b]
emacs[0x5a4f78]
emacs[0x56b7df]
emacs[0x56ba8b]
emacs[0x5a4f78]
emacs[0x56b7df]
emacs[0x56ba8b]
emacs[0x5a4f78]
emacs[0x56b7df]
emacs[0x56ba8b]
emacs[0x5a4f78]
emacs[0x56b7df]
emacs[0x56ba8b]
...
Segmentation fault (core dumped)


* Possibly relevant information

The error occurs only when emacs is compiled with ImageMagick
support. If it's compiled --without-imagemagick then the error does
not occur.  Also, when emacs is forced/tricked to use the librsvg
backend, rather than imagemagick, (even when imagemagick support was
compiled in) the error does not occur.

Trying to manipulate the file test.svg directly with imagemagick, for
example via:

convert test.svg test.png

also results in an error:

Aborted (core dumped)

so the "fault" is almost certainly on the side of imagemagick, but
perhaps there's something that emacs can do about it.


The bug is present in both emacs-25.3 and the latest emacs from the
emacs-26 branch.  It was not present, by default, in emacs-24.5.1
and earlier (as expected, the image was not displayed, but emacs did
not crash), though it seems to be because for these versions of emacs,
the imagemagick backend was not the default — if emacs is forced to
use the imagemagick backend, the bug/crash does occur.

Thank you and best regards,
Adam


In GNU Emacs 26.0.90 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.18.9)
 of 2017-12-05 built on adam
Repository revision: 46d62b9f36f1ef771a077df4227ae6559fb32e84
Windowing system distributor 'The X.Org Foundation', version 11.0.11804000
System Description:    Ubuntu 16.04.3 LTS

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.

Configured using:
 'configure --with-modules --without-pop'

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GSETTINGS NOTIFY
ACL LIBSELINUX GNUTLS LIBXML2 FREETYPE M17N_FLT LIBOTF XFT ZLIB
TOOLKIT_SCROLL_BARS GTK3 X11 MODULES LIBSYSTEMD LCMS2

Important settings:
  value of $LANG: en_GB.UTF-8
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message rmc puny seq byte-opt gv
bytecomp byte-compile cconv cl-loaddefs cl-lib dired dired-loaddefs
format-spec rfc822 mml easymenu mml-sec password-cache epa derived epg
epg-config gnus-util rmail rmail-loaddefs mm-decode mm-bodies mm-encode
mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047
rfc2045 ietf-drums mm-util mail-prsvr mail-utils elec-pair time-date
mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks
lisp-float-type mwheel term/x-win x-win term/common-win x-dnd tool-bar
dnd fontset image regexp-opt fringe tabulated-list replace newcomment
text-mode elisp-mode lisp-mode prog-mode register page menu-bar
rfn-eshadow isearch timer select scroll-bar mouse jit-lock font-lock
syntax facemenu font-core term/tty-colors frame cl-generic cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese composite charscript charprop
case-table epa-hook jka-cmpr-hook help simple abbrev obarray minibuffer
cl-preloaded nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote dbusbind inotify lcms2
dynamic-setting system-font-setting font-render-setting move-toolbar gtk
x-toolkit x multi-tty make-network-process emacs)

Memory information:
((conses 16 94561 8308)
 (symbols 48 20332 1)
 (miscs 40 42 118)
 (strings 32 28247 1513)
 (string-bytes 1 744109)
 (vectors 16 13967)
 (vector-slots 8 491974 7546)
 (floats 8 50 67)
 (intervals 56 219 0)
 (buffers 992 12)
 (heap 1024 35241 1000))
This bug report was last modified 5 years and 341 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.