On Sun, Aug 24, 2008 at 09:27:50AM +0200, Christian Jaeger wrote: > Mike Hommey wrote: > > Now, try changing your gnome theme and re-run galeon ; if i'm correct, > > it shouldn't crash. Can you tell me what package this svg file belongs > > to ? > > > > Yes, the segfaults happen only in the "Gorilla" and "Wasp" themes (apps > did start when running the Amaranth, Clearlooks, Crux, Glider, Glossy, > Industrial, Lush, Mist, Nuvola, SphereCrystal themes). > > With Gorilla the svg file in question is > /usr/share/icons/Gorilla/scalable/actions/gtk-jump-to-ltr.svg > > # dpkgS is a script which resolves symlinks and then looks it up with dpkg -S > [EMAIL PROTECTED]:~$ dpkgS > /usr/share/icons/Gorilla/scalable/actions/gtk-jump-to-ltr.svg > gnome-themes-extras: /usr/share/icons/Gorilla/scalable/actions/go-jump.svg > [EMAIL PROTECTED]:~$ dpkgS > /usr/share/icons/Wasp/scalable/actions/gtk-go-back-ltr.svg > gnome-themes-extras: /usr/share/icons/Wasp/scalable/actions/go-previous.svg > > [EMAIL PROTECTED]:/tmp/chris$ xmllint > /usr/share/icons/Gorilla/scalable/actions/gtk-jump-to-ltr.svg > svg > [EMAIL PROTECTED]:/tmp/chris$ echo $? > 0 > > > What this file does *not* share with the one from the Wasp theme, is > that xmllint not even outputs a warning. > > Not sure what to conclude from this. Except that it might be a bug in > one of these packages: > > $ dpkgS /usr/lib/librsvg-2.so.2 > librsvg2-2: /usr/lib/librsvg-2.so.2.22.2 > $ dpkgS /usr/lib/gtk-2.0/2.10.0/loaders/svg_loader.so > librsvg2-common: /usr/lib/gtk-2.0/2.10.0/loaders/svg_loader.so
So... the culprit is just librsvg that creates xmlEntity objects not through the API, but by malloc'ing a buffer of sizeof(xmlEntity). This struct has gained a member in the security update, breaking rsvg's assumptions... A BinNMU of librsvg against libxml2-dev 2.6.32.dfsg-2+lenny1 should solve the issue (and won't break compatibility with older libxml2, since older libxml2 will be happy with a too big buffer) Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
