Panic in image rendering
Found by AFL. Minimized:
<svg>
<image xlink:href="data:;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AA0000lEQVQ0"/>
</svg>
Backtrace:
thread '<unnamed>' panicked at 'Cairo error "invalid matrix (not invertible)"', /home/yalter/.cargo/registry/src/github.com-1ecc6299db9ec823/cairo-sys-rs-0.6.0/src/enums.rs:75:13
stack backtrace:
0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
at libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
1: std::sys_common::backtrace::print
at libstd/sys_common/backtrace.rs:71
at libstd/sys_common/backtrace.rs:59
2: std::panicking::default_hook::{{closure}}
at libstd/panicking.rs:211
3: std::panicking::default_hook
at libstd/panicking.rs:227
4: std::panicking::rust_panic_with_hook
at libstd/panicking.rs:511
5: std::panicking::continue_panic_fmt
at libstd/panicking.rs:426
6: std::panicking::begin_panic_fmt
at libstd/panicking.rs:413
7: cairo_sys::enums::Status::ensure_valid
at /home/yalter/.cargo/registry/src/github.com-1ecc6299db9ec823/cairo-sys-rs-0.6.0/src/enums.rs:75
8: cairo::context::Context::ensure_status
at /home/yalter/.cargo/registry/src/github.com-1ecc6299db9ec823/cairo-rs-0.4.1/src/context.rs:126
9: cairo::context::Context::set_source
at /home/yalter/.cargo/registry/src/github.com-1ecc6299db9ec823/cairo-rs-0.4.1/src/context.rs:208
10: <rsvg_internals::image::NodeImage as rsvg_internals::node::NodeTrait>::draw::{{closure}}
at rsvg_internals/src/image.rs:177
11: rsvg_internals::drawing_ctx::DrawingCtx::with_discrete_layer
at rsvg_internals/src/drawing_ctx.rs:429
12: <rsvg_internals::image::NodeImage as rsvg_internals::node::NodeTrait>::draw
at rsvg_internals/src/image.rs:125
13: rsvg_internals::node::Node::draw
at rsvg_internals/src/node.rs:550
14: rsvg_internals::drawing_ctx::DrawingCtx::draw_node_from_stack
at rsvg_internals/src/drawing_ctx.rs:810
15: rsvg_internals::node::Node::draw_children
at rsvg_internals/src/node.rs:602
16: <rsvg_internals::structure::NodeSvg as rsvg_internals::node::NodeTrait>::draw::{{closure}}
at rsvg_internals/src/structure.rs:222
17: rsvg_internals::viewport::draw_in_viewport::{{closure}}
at rsvg_internals/src/viewport.rs:83
18: rsvg_internals::drawing_ctx::DrawingCtx::with_discrete_layer
at rsvg_internals/src/drawing_ctx.rs:429
19: rsvg_internals::viewport::draw_in_viewport
at rsvg_internals/src/viewport.rs:44
20: <rsvg_internals::structure::NodeSvg as rsvg_internals::node::NodeTrait>::draw
at rsvg_internals/src/structure.rs:206
21: rsvg_internals::node::Node::draw
at rsvg_internals/src/node.rs:550
22: rsvg_internals::drawing_ctx::DrawingCtx::draw_node_from_stack
at rsvg_internals/src/drawing_ctx.rs:810
23: rsvg_drawing_ctx_draw_node_from_stack
at rsvg_internals/src/drawing_ctx.rs:1062
24: get_node_ink_rect
at librsvg/rsvg-handle.c:1181
25: rsvg_handle_get_dimensions_sub
at librsvg/rsvg-handle.c:1244
26: rsvg_handle_get_dimensions
at librsvg/rsvg-handle.c:1150
27: get_node_ink_rect
at librsvg/rsvg-handle.c:1170
28: rsvg_handle_get_dimensions_sub
at librsvg/rsvg-handle.c:1244
29: main
at ./rsvg-convert.c:321
30: __libc_start_main
31: _start
I believe this one is due to w
and h
(missing from the attributes) being zero, and a division by them making x
and y
equal to NaN
in the matrix.