Crash in image parsing
Found by AFL. Minimized:
<image xlink:href="data:image/jpeg;base64,/9j00f/bAIQA0000000000000000000000000000000000000000000000000000000000000000000000000000000000000AE0000000000000000000000000000000000000000000000000000000000000000000000000000000000000/8AAEQgA0+00AwEiAAIRAQ0RAf/aAAwDAQACEQ0R0000"
Backtrace:
thread '<unnamed>' panicked at 'assertion failed: !ptr.is_null()', /home/yalter/.cargo/registry/src/github.com-1ecc6299db9ec823/glib-0.5.0/src/boxed.rs:365:9
stack backtrace:
0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
1: std::sys_common::backtrace::_print
2: std::panicking::default_hook::{{closure}}
3: std::panicking::default_hook
4: std::panicking::rust_panic_with_hook
5: std::panicking::begin_panic
at /build/rust/src/rustc-1.29.0-src/src/libstd/panicking.rs:409
6: <glib::boxed::Boxed<T, MM> as glib::translate::FromGlibPtrFull<*mut T>>::from_glib_full
at /home/yalter/.cargo/registry/src/github.com-1ecc6299db9ec823/glib-0.5.0/src/boxed.rs:365
7: glib::translate::from_glib_full
at /home/yalter/.cargo/registry/src/github.com-1ecc6299db9ec823/glib-0.5.0/src/translate.rs:894
8: <glib::error::Error as glib::translate::FromGlibPtrFull<*mut glib_sys::GError>>::from_glib_full
at /home/yalter/.cargo/registry/src/github.com-1ecc6299db9ec823/glib-0.5.0/src/boxed.rs:192
9: glib::translate::from_glib_full
at /home/yalter/.cargo/registry/src/github.com-1ecc6299db9ec823/glib-0.5.0/src/translate.rs:894
10: <rsvg_internals::image::NodeImage as rsvg_internals::node::NodeTrait>::set_atts
at rsvg_internals/src/image.rs:98
11: rsvg_internals::node::Node::set_atts
at rsvg_internals/src/node.rs:363
12: rsvg_load_set_node_atts
at rsvg_internals/src/load.rs:335
13: standard_element_start
at librsvg/rsvg-load.c:316
14: sax_start_element_cb
at librsvg/rsvg-load.c:634
15: xmlParseStartTag
16: xmlParseElement
17: xmlParseDocument
18: rsvg_load_read_stream_sync
at librsvg/rsvg-load.c:1085
19: rsvg_handle_read_stream_sync
at librsvg/rsvg-handle.c:802
20: rsvg_handle_new_from_stream_sync
at librsvg/rsvg-handle.c:626
21: main
at ./rsvg-convert.c:294
22: __libc_start_main
23: _start