On my 11.04 system if I have the following svg file in a directory:
<svg><script>alert(4);</script></svg>
(say in a file called 'svg.svg')
when I go and preview it (I found that I sometimes have to copy it / move around to get trigger nautlius to trigger the 'preview' view) nautilus reliably crashes. (The backtrace suggests that it might be a bug in librsvg-2.so.2).
Here is some gdb output:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f9ddc022700 (LWP 29529)]
0x00007f9de62045c9 in g_hash_table_size () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
(gdb) i r
rax 0x0 0
rbx 0x7f9da4003aa0 140315038071456
rcx 0x0 0
rdx 0x0 0
rsi 0x7f9dd000b3d0 140315776299984
rdi 0x400000004 17179869188
rbp 0x7f9dd000b3d0 0x7f9dd000b3d0
rsp 0x7f9ddc0207e0 0x7f9ddc0207e0
r8 0x0 0
r9 0x0 0
r10 0x0 0
r11 0x1 1
r12 0x1 1
r13 0x0 0
r14 0x0 0
r15 0x7f9da4005c1f 140315038080031
rip 0x7f9de62045c9 0x7f9de62045c9 <g_hash_table_size+9>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) bt
#0 0x00007f9de62045c9 in g_hash_table_size () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#1 0x00007f9dd5464045 in ?? () from /usr/lib/librsvg-2.so.2
#2 0x00007f9de5ec0bf5 in ?? () from /usr/lib/libxml2.so.2
#3 0x00007f9de5ec7fd2 in ?? () from /usr/lib/libxml2.so.2
#4 0x00007f9de5ec8de0 in xmlParseChunk () from /usr/lib/libxml2.so.2
#5 0x00007f9dd546c81f in rsvg_handle_write () from /usr/lib/librsvg-2.so.2
#6 0x00007f9dd567bc11 in ?? () from /usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so
#7 0x00007f9de726e805 in ?? () from /usr/lib/libgdk_pixbuf-2.0.so.0
#8 0x00007f9de726f2f8 in gdk_pixbuf_loader_close () from /usr/lib/libgdk_pixbuf-2.0.so.0
#9 0x00007f9de88efcaa in ?? () from /usr/lib/libgnome-desktop-2.so.17
#10 0x00007f9de88f029c in gnome_desktop_thumbnail_factory_generate_thumbnail () from /usr/lib/libgnome-desktop-2.so.17
#11 0x0000000000500fbb in ?? ()
#12 0x00007f9de4ee5e9a in start_thread (arg=0x7f9ddc022700) at pthread_create.c:308
#13 0x00007f9de4c1374d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#14 0x0000000000000000 in ?? ()
(gdb)
a command file or a user-defined command.
(gdb) i frame
Stack level 0, frame at 0x7f9ddc0207f0:
rip = 0x7f9de62045c9 in g_hash_table_size; saved rip 0x7f9dd5464045
called by frame at 0x7f9ddc020810
Arglist at 0x7f9ddc0207d8, args:
Locals at 0x7f9ddc0207d8, Previous frame's sp is 0x7f9ddc0207f0
Saved registers:
rip at 0x7f9ddc0207e8
Thank you for your bug report. This bug has been reported to the developers of the software. You can track it and make comments at https:/