[BZ#766744] AddressSanitizer: attempting double-free
Submitted by mar..@..com
Link to original bug (#766744)
Description
Created attachment 328303 PoC
./rsvg-convert crash1.svg
OS: Ubuntu x64 14.04 LTS
Asan log:
================================================================= ==14549==ERROR: AddressSanitizer: attempting double-free on 0x60200001ac70 in thread T0: #0 0x4ae34b (/home/mtowalski/Generation/targets/asan/librsvg-2.40.15/.libs/rsvg-convert+0x4ae34b) #1 0x7f86dc5c1903 (/usr/lib/x86_64-linux-gnu/librsvg-2.so.2+0x1e903) #2 (closed) 0x7f86dc5c4cd9 (/usr/lib/x86_64-linux-gnu/librsvg-2.so.2+0x21cd9) #3 (closed) 0x7f86dc5bd5fc (/usr/lib/x86_64-linux-gnu/librsvg-2.so.2+0x1a5fc) #4 (closed) 0x7f86dc5c0502 (/usr/lib/x86_64-linux-gnu/librsvg-2.so.2+0x1d502) #5 (closed) 0x7f86dc5c0a8f (/usr/lib/x86_64-linux-gnu/librsvg-2.so.2+0x1da8f) #6 (closed) 0x7f86dc5c0502 (/usr/lib/x86_64-linux-gnu/librsvg-2.so.2+0x1d502) #7 (closed) 0x7f86dc5c0902 (/usr/lib/x86_64-linux-gnu/librsvg-2.so.2+0x1d902) #8 0x7f86dc5c0502 (/usr/lib/x86_64-linux-gnu/librsvg-2.so.2+0x1d502) #9 (closed) 0x7f86dc5ccac2 (/usr/lib/x86_64-linux-gnu/librsvg-2.so.2+0x29ac2) #10 (closed) 0x4dfa50 (/home/mtowalski/Generation/targets/asan/librsvg-2.40.15/.libs/rsvg-convert+0x4dfa50) #11 (closed) 0x7f86d9c9fec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4) #12 (closed) 0x419bc5 (/home/mtowalski/Generation/targets/asan/librsvg-2.40.15/.libs/rsvg-convert+0x419bc5)
0x60200001ac70 is located 0 bytes inside of 16-byte region [0x60200001ac70,0x60200001ac80) freed by thread T0 here: #0 0x4ae34b (/home/mtowalski/Generation/targets/asan/librsvg-2.40.15/.libs/rsvg-convert+0x4ae34b) #1 0x7f86dc5c30c2 (/usr/lib/x86_64-linux-gnu/librsvg-2.so.2+0x200c2)
previously allocated by thread T0 here: #0 0x4ae66b (/home/mtowalski/Generation/targets/asan/librsvg-2.40.15/.libs/rsvg-convert+0x4ae66b) #1 0x7f86dabd7610 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e610)
SUMMARY: AddressSanitizer: double-free (/home/mtowalski/Generation/targets/asan/librsvg-2.40.15/.libs/rsvg-convert+0x4ae34b) ==14549==ABORTING