Crash with feMerge outside of filter (if feMergeNode with set in)
Migrated from https://bugs.launchpad.net/inkscape/+bug/1474350
Steps to reproduce:
- open 1474350-crash-test-with-ns-decl.svg in Inkscape
What happened?
- crash inkscape_backtrace_invalid_feMerge_set_in.txt
- without a set in, it crashes too, but differently, tracked in #2685 (closed)
Truncated backtrace (taken from inkscape_backtrace_invalid_feMerge_set_in.txt)
Thread 1 "inkscape" received signal SIGSEGV, Segmentation fault.
SPFilter::get_image_name (this=0x0, name=name@entry=0x55555672d610 "foo") at ../src/object/sp-filter.cpp:538
538 std::map<gchar *, int, ltstr>::iterator result = this->_image_name->find(const_cast<gchar*>(name));
(gdb) bt
#0 SPFilter::get_image_name(char const*) const (this=0x0, name=name@entry=0x55555672d610 "foo") at ../src/object/sp-filter.cpp:538
#1 0x00007ffff70e323d in SPFilterPrimitive::read_in(char const*) (this=<optimised out>, name=<optimised out>) at ../src/object/filters/sp-filter-primitive.cpp:199
#2 0x00007ffff70ea8ee in SPFeMergeNode::set(SPAttr, char const*) (this=0x555556d642d0, key=SPAttr::IN_, value=0x55555672d610 "foo") at ../src/object/filters/mergenode.cpp:55
#3 0x00007ffff70ab424 in SPObject::setKeyValue(SPAttr, char const*) (this=this@entry=0x555556d642d0, key=key@entry=SPAttr::IN_, value=<optimised out>) at ../src/object/sp-object.cpp:1047
#4 0x00007ffff70ab474 in SPObject::readAttr(SPAttr) (this=0x555556d642d0, keyid=keyid@entry=SPAttr::IN_) at ../src/object/sp-object.cpp:1059
#5 0x00007ffff70ea800 in SPFeMergeNode::build(SPDocument*, Inkscape::XML::Node*) (this=<optimised out>) at ../src/object/filters/mergenode.cpp:38
#6 0x00007ffff70ac6d6 in SPObject::invoke_build(SPDocument*, Inkscape::XML::Node*, unsigned int) (this=this@entry=0x555556d642d0, document=document@entry=0x55555673ac00, repr=repr@entry=0x555556738228, cloned=0) at ../src/object/sp-object.cpp:764
#7 0x00007ffff70afb15 in SPObject::build(SPDocument*, Inkscape::XML::Node*) (this=this@entry=0x555556cf3fd0, document=document@entry=0x55555673ac00, repr=repr@entry=0x555556738348) at ../src/object/sp-object.cpp:730
#8 0x00007ffff70e362d in SPFilterPrimitive::build(SPDocument*, Inkscape::XML::Node*) (this=0x555556cf3fd0, document=0x55555673ac00, repr=0x555556738348) at ../src/object/filters/sp-filter-primitive.cpp:66
#9 0x00007ffff70ea6f9 in SPFeMerge::build(SPDocument*, Inkscape::XML::Node*) (this=<optimised out>, document=<optimised out>, repr=<optimised out>) at ../src/object/filters/merge.cpp:35
What should have happened?
- no crash, filter primitive ignored
Inkscape Version and Operating System:
- Inkscape 1.2-dev (da2df6f5, 2021-07-26) Linux Mint 20
- Inkscape 0.48.5 r10040 OS X 10.7.5
- Inkscape 0.91 r13725 OS X 10.7.5
- Inkscape 0.91 r14243 Ubuntu 15.04
- Inkscape 0.91 r14274 Windows XP
- Inkscape 0.91+devel r14245 OS X 10.7.5