Bug 576484 - JVM crash when loading broken SVG image on GTK
Summary: JVM crash when loading broken SVG image on GTK
Status: VERIFIED FIXED
Alias: None
Product: Platform
Classification: Eclipse Project
Component: SWT (show other bugs)
Version: 4.22   Edit
Hardware: PC Linux
: P3 normal (vote)
Target Milestone: 4.23 M3   Edit
Assignee: Joel Majano CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-06 16:36 EDT by Alexandr Miloslavskiy CLA
Modified: 2022-02-22 11:59 EST (History)
3 users (show)

See Also:

Attachments
Example of broken SVG that triggers the crash (4.25 KB, image/svg+xml)
2021-10-06 16:36 EDT, Alexandr Miloslavskiy CLA 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandr Miloslavskiy CLA 2021-10-06 16:36:13 EDT 
Created attachment 287269 [details]
Example of broken SVG that triggers the crash

When loading a broken SVG image, JVM would crash.

This is a bug in Linux's librsvg, see:
https://gitlab.gnome.org/GNOME/librsvg/-/issues/405

The following versions of the library are affected:

2.44.9 ... 2.44.11 inclusive
2.45.0 ... 2.45.4  inclusive

The crash is triggered by SWT, where it passes 0 to 'error' parameter of 'gdk_pixbuf_loader_write()'.

When it happens, java's crash log will be like:
--------
Stack: [0x00007fec8f5f1000,0x00007fec8f7f2000],  sp=0x00007fec8f7efdc0,  free space=2043k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  [libpixbufloader-svg.so+0x12c0]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  org.eclipse.swt.internal.gtk.GDK.gdk_pixbuf_loader_write(JJI[J)Z+0
j  org.eclipse.swt.graphics.ImageLoader.getImageDataArrayFromStream(Ljava/io/InputStream;)[Lorg/eclipse/swt/graphics/ImageData;+102
j  org.eclipse.swt.graphics.ImageLoader.load(Ljava/io/InputStream;)[Lorg/eclipse/swt/graphics/ImageData;+14
j  org.eclipse.swt.graphics.ImageDataLoader.load(Ljava/io/InputStream;)[Lorg/eclipse/swt/graphics/ImageData;+8
<...>

siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000000
--------
Comment 1 Alexandr Miloslavskiy CLA 2021-10-06 16:39:32 EDT 
Examples of affected Linux:

Debian GNU/Linux 10 (buster)
MX 19.4 patito feo
Progress Linux 5+ (engywuck-backports)
Ubuntu 19.04
Comment 2 Eclipse Genie CLA 2022-01-19 09:54:03 EST 
New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.swt/+/189784
Comment 3 Joel Majano CLA 2022-01-26 15:00:28 EST 
@Alexandr Miloslavskiy: 

I'm working on a fix for this, but I can't test SVG files right now. Do you have a snippet I can use to test? I was reading the issue you linked and it appears that they fixed it? Not too sure, but a snippet would help in determining if its still an issue now.
Comment 4 Alexandr Miloslavskiy CLA 2022-01-31 08:39:59 EST 
Sorry for a late reply.

'librsvg' versions with the bug are:
2.44.9 ... 2.44.11 inclusive
2.45.0 ... 2.45.4  inclusive

So yes, the bug is already fixed and only some older Linux are affected.

As for the snippet, it's trivial, you just need to load the broken SVG file from disk:
  InputStream fileStream = Snippet.class.getResourceAsStream("broken.svg");
  Image image = new Image (display, fileStream);

You can use the example image I attached to this Bug.
Comment 6 Eclipse Genie CLA 2022-02-03 13:14:01 EST 
New Gerrit change created: https://git.eclipse.org/r/c/platform/eclipse.platform.swt/+/190383
Comment 8 Joel Majano CLA 2022-02-22 11:59:11 EST 
Verified in I20220216-1800.