| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Crate: smallvec
Version: 0.6.0
Title: Possible double free during unwinding in SmallVec::insert_many
Date: 2018-07-19
ID: RUSTSEC-2018-0003
URL: https://rustsec.org/advisories/RUSTSEC-2018-0003
Solution: Upgrade to >=0.6.3 OR >=0.3.4, <0.4.0 OR >=0.4.5, <0.5.0 OR >=0.5.1, <0.6.0
Dependency tree:
smallvec 0.6.0
└── cssparser 0.23.2
└── rsvg_internals 0.0.1
Crate: smallvec
Version: 0.6.0
Warning: yanked
error: 1 vulnerability found!
warning: 1 allowed warning found
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| | |
To avoid unbounded memory consumption from malicious files.
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Although we can't report detailed errors from the rendering functions,
we do report a success/failure boolean value. Test this, at least,
for problematic files.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A pathological SVG file can do this:
<svg>
<defs>
<rect id="foo" .../>
<g id="foo1">
<use xlink:href="#foo"/>
... repeat 10 times ...
</g>
<g id="foo2">
<use xlink:href="#foo1"/>
... repeat 10 times ...
</g>
<g id="foo3">
<use xlink:href="#foo2"/>
... repeat 10 times ...
</g>
... etc ...
</defs>
<use xlink:href="#foo17"/>
</svg>
This would cause about 10^17 objects to be rendered. While this does
not exhaust memory (the objects are not instanced in memory), it would
take a really long time to render that many objects.
So, we now have a limit on up to 500,000 objects instanced through
<use>. We can tweak this limit later, or the way in which it is
computed; the point is that we can now detect this situation and
propagate an error upstream.
https://gitlab.gnome.org/GNOME/librsvg/issues/323
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
https://gitlab.gnome.org/GNOME/librsvg/issues/292
|
| |
|
|
|
|
|
|
|
| |
Don't hardcode the font locations based on the SRCDIR; actually
compute their locations with g_test_build_filename().
https://gitlab.gnome.org/GNOME/librsvg/issues/259
|
| |
|
|
|
|
|
| |
In `librsvg/rsvg.h`, the include is "librsvg-enum-types.h", which is a
generated file and is therefore inside $(top_builddir)/librsvg/.
|
| |
|
|
|
|
|
|
|
|
|
| |
feDistantLight and feSpotLight
Sigh, I broke this and never caught it because there weren't tests for
filters with light sources.
https://gitlab.gnome.org/GNOME/librsvg/issues/241
|
|
|
|
| |
Part of (#241).
|
|
|
|
|
|
|
|
|
|
| |
feComposite tried to take a shortcut if one of its inputs is an
existing surface, by painting its output to that same surface.
However, the overall filter may want to reuse the original surface
unchanged. This was causing drop shadows, done like Inkscape's, to be
mis-painted.
https://gitlab.gnome.org/GNOME/librsvg/issues/282
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add RUST_TARGET environment variable through AC_ARG_VAR to allow the
user to override the rust target name. Indeed, using $host when
cross-compiling is not always the good option especially when vendor
part of target is not set to unknown but to another value such as
buildroot.
Indeed, in this case aarch64-buildroot-linux-gnu won't be recognised as
a valid target by rust/cargo.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The only remaining C nodes are filters. The NodeTrait implementation
of CNode::set_atts() was returning Ok(()) always, even if the C code
had called rsvg_node_set_attribute_parse_error(). Instead, actually
return that error result so the rest of the code will know about it.
Additionally, don't render filter primitives that are in error.
https://gitlab.gnome.org/GNOME/librsvg/issues/266
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cairo-dock program was passing a cairo_t in an error state to
rsvg_handle_render_cairo(), and so we failed deep in the innards of
librsvg when cairo-rs validates the cairo::Context's status.
Cairo-dock was doing something like
surf = cairo_image_surface_create (... an invalid size ...);
cr = cairo_create (surf);
rsvg_handle_render_cairo (handle, cr); // we now catch the error right here
We catch invalid cr's, emit a warning, and return FALSE from
rsvg_handle_render_cairo*().
https://gitlab.gnome.org/GNOME/librsvg/issues/276
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In rustc 1.23 the "eq_ignore_ascii_case" method of the AsciiExt
was implemented directly for the types u8, chat, [u8] and str.
This causes the code to built fine with 1.23+ version of rustc
but failling for the v1.21 and v1.22 as the method does not exitst.
This patch imports the AsciiExt Trait and ignores the compiler
warning that would be produced when compiling with 1.23+ version
about an unused import.
|
|
|
|
| |
https://gitlab.gnome.org/GNOME/librsvg/issues/98
|