'attempt to add with overflow' panic with large filter-effect offset
Issue Summary
rsvg-convert
exits with an attempt to add with overflow
panic when processing a fuzzed SVG with a large filter-effect offset value:
thread 'main' panicked at rsvg/src/rect.rs:96:21:
attempt to add with overflow
Example SVG
<svg>
<g>
<defs>
<filter id="F1">
<feOffset dy="999999999999999999990"/>
</filter>
</defs>
<circle cy="20" r="20" filter="url(#F1)"/>
</g>
</svg>
Librsvg Version
Platform
- Arch Linux
Additional logs
stack backtrace:
0: rust_begin_unwind
at /rustc/d18480b84fdbf1efc34f62070951334aa833d761/library/std/src/panicking.rs:645:5
1: core::panicking::panic_fmt
at /rustc/d18480b84fdbf1efc34f62070951334aa833d761/library/core/src/panicking.rs:72:14
2: core::panicking::panic
at /rustc/d18480b84fdbf1efc34f62070951334aa833d761/library/core/src/panicking.rs:144:5
3: <i32 as core::ops::arith::Add>::add
at /rustc/d18480b84fdbf1efc34f62070951334aa833d761/library/core/src/ops/arith.rs:105:45
4: rsvg::rect::rect::Rect<T>::translate
at ./rsvg/src/rect.rs:96:21
5: rsvg::surface_utils::shared_surface::ImageSurface<rsvg::surface_utils::shared_surface::Shared>::offset
at ./rsvg/src/surface_utils/shared_surface.rs:995:38
6: rsvg::filters::offset::Offset::render
at ./rsvg/src/filters/offset.rs:84:23
7: rsvg::filters::render_primitive
at ./rsvg/src/filters/mod.rs:373:37
8: rsvg::filters::render::{{closure}}
at ./rsvg/src/filters/mod.rs:288:19
9: core::result::Result<T,E>::and_then
at /rustc/d18480b84fdbf1efc34f62070951334aa833d761/library/core/src/result.rs:1321:22
10: rsvg::filters::render
at ./rsvg/src/filters/mod.rs:269:5
11: rsvg::drawing_ctx::DrawingCtx::run_filters::{{closure}}
at ./rsvg/src/drawing_ctx.rs:952:21
12: core::iter::traits::iterator::Iterator::try_fold
at /rustc/d18480b84fdbf1efc34f62070951334aa833d761/library/core/src/iter/traits/iterator.rs:2440:21
13: rsvg::drawing_ctx::DrawingCtx::run_filters
at ./rsvg/src/drawing_ctx.rs:951:17
14: rsvg::drawing_ctx::DrawingCtx::with_discrete_layer::{{closure}}
at ./rsvg/src/drawing_ctx.rs:776:52
15: rsvg::drawing_ctx::with_saved_cr
at ./rsvg/src/drawing_ctx.rs:299:11
16: rsvg::drawing_ctx::DrawingCtx::with_discrete_layer
at ./rsvg/src/drawing_ctx.rs:689:13
17: rsvg::drawing_ctx::DrawingCtx::draw_shape
at ./rsvg/src/drawing_ctx.rs:1281:9
18: rsvg::drawing_ctx::DrawingCtx::draw_layer
at ./rsvg/src/drawing_ctx.rs:1245:40
19: rsvg::shapes::draw_basic_shape
at ./rsvg/src/shapes.rs:159:5
20: <rsvg::shapes::Circle as rsvg::element::ElementTrait>::draw
at ./rsvg/src/shapes.rs:173:13
21: rsvg::element::ElementData::draw
at ./rsvg/src/element.rs:559:9
22: rsvg::element::Element::draw
at ./rsvg/src/element.rs:481:13
23: <rctree::Node<rsvg::node::NodeData> as rsvg::node::NodeDraw>::draw
at ./rsvg/src/node.rs:340:33
24: rsvg::drawing_ctx::DrawingCtx::draw_node_from_stack
at ./rsvg/src/drawing_ctx.rs:1669:13
25: <rctree::Node<rsvg::node::NodeData> as rsvg::node::NodeDraw>::draw_children
at ./rsvg/src/node.rs:374:30
26: <rsvg::structure::Group as rsvg::element::ElementTrait>::draw::{{closure}}
at ./rsvg/src/structure.rs:54:27
27: rsvg::drawing_ctx::DrawingCtx::with_discrete_layer::{{closure}}
at ./rsvg/src/drawing_ctx.rs:862:21
28: rsvg::drawing_ctx::with_saved_cr
at ./rsvg/src/drawing_ctx.rs:299:11
29: rsvg::drawing_ctx::DrawingCtx::with_discrete_layer
at ./rsvg/src/drawing_ctx.rs:689:13
30: <rsvg::structure::Group as rsvg::element::ElementTrait>::draw
at ./rsvg/src/structure.rs:49:9
31: rsvg::element::ElementData::draw
at ./rsvg/src/element.rs:559:9
32: rsvg::element::Element::draw
at ./rsvg/src/element.rs:481:13
33: <rctree::Node<rsvg::node::NodeData> as rsvg::node::NodeDraw>::draw
at ./rsvg/src/node.rs:340:33
34: rsvg::drawing_ctx::DrawingCtx::draw_node_from_stack
at ./rsvg/src/drawing_ctx.rs:1669:13
35: <rctree::Node<rsvg::node::NodeData> as rsvg::node::NodeDraw>::draw_children
at ./rsvg/src/node.rs:374:30
36: <rsvg::structure::Svg as rsvg::element::ElementTrait>::draw::{{closure}}
at ./rsvg/src/structure.rs:341:21
37: rsvg::drawing_ctx::DrawingCtx::with_discrete_layer::{{closure}}
at ./rsvg/src/drawing_ctx.rs:862:21
38: rsvg::drawing_ctx::with_saved_cr
at ./rsvg/src/drawing_ctx.rs:299:11
39: rsvg::drawing_ctx::DrawingCtx::with_discrete_layer
at ./rsvg/src/drawing_ctx.rs:689:13
40: <rsvg::structure::Svg as rsvg::element::ElementTrait>::draw
at ./rsvg/src/structure.rs:334:9
41: rsvg::element::ElementData::draw
at ./rsvg/src/element.rs:559:9
42: rsvg::element::Element::draw
at ./rsvg/src/element.rs:481:13
43: <rctree::Node<rsvg::node::NodeData> as rsvg::node::NodeDraw>::draw
at ./rsvg/src/node.rs:340:33
44: rsvg::drawing_ctx::DrawingCtx::draw_node_from_stack
at ./rsvg/src/drawing_ctx.rs:1669:13
45: rsvg::drawing_ctx::draw_tree
at ./rsvg/src/drawing_ctx.rs:281:24
46: rsvg::document::Document::geometry_for_layer
at ./rsvg/src/document.rs:338:20
47: rsvg::document::Document::get_geometry_for_layer
at ./rsvg/src/document.rs:369:13
48: rsvg::api::CairoRenderer::geometry_for_layer
at ./rsvg/src/api.rs:666:12
49: <rsvg::api::CairoRenderer as librsvg_c::sizing::LegacySize>::legacy_layer_geometry
at ./librsvg-c/src/sizing.rs:63:21
50: rsvg_convert::natural_geometry
at ./rsvg_convert/src/main.rs:791:17
51: rsvg_convert::Converter::convert
at ./rsvg_convert/src/main.rs:592:28
52: rsvg_convert::main::{{closure}}
at ./rsvg_convert/src/main.rs:1269:55
53: core::result::Result<T,E>::and_then
at /rustc/d18480b84fdbf1efc34f62070951334aa833d761/library/core/src/result.rs:1321:22
54: rsvg_convert::main
at ./rsvg_convert/src/main.rs:1269:21
55: core::ops::function::FnOnce::call_once
at /rustc/d18480b84fdbf1efc34f62070951334aa833d761/library/core/src/ops/function.rs:250:5