Hello! Thank you for pointing out a commit with the correct fix. I recall there was a similar bug in LottieShapeData::lerp() and I tried to apply a patch to avoid the crash. But I apparently didn't take account of all border cases.
https://sources.debian.org/src/rlottie/0.1+dfsg-2/debian/patches/Zero-corrupt-point.patch/ The crash seems to still be possible when mVertices (as filled from key "v") are empty or of size 1 and a path is not closed (key "c" has false value). Ok, I'm reproducing the issue and cherry picking the upstream's commit soon. В Ср, 03/11/2021 в 23:35 +0100, Tim Wiederhake пишет: > The crash happens in librlottie, "lottiemodel.h", line 133, function > "LottieShapeData::lerp(LottieShapeData const&, LottieShapeData const&, > float, VPath&)". > > When both "start" and "end" are empty, "size" evaluates to 0 and the > call to "result.moveTo(start.mPoints[0]..." crashes. > > This is fixed upstream in > https://github.com/Samsung/rlottie/commit/1cb2021d6883ebe41c17e710fc90a225f038cb51 >
signature.asc
Description: This is a digitally signed message part
