Comment 7 for bug 1697283

Yes, you can.

2017-08-18 20:08 GMT+08:00 Marc Deslauriers <email address hidden>
:

> Hi! Can I make this bug, including your test case public?
>
> Thanks!
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1697283
>
> Title:
> Denial of Service Vulnerability in Librsvg
>
> Status in librsvg package in Ubuntu:
> New
>
> Bug description:
> An SIGFPE is raised in function box_blur_line of rsvg-filter.c when
> the librsvg try to parse a craft SVG file.
>
> https://github.com/GNOME/librsvg/blob/master/rsvg-filter.c#L1439
>
> if (output >= 0)
> dest[bpp * output + i] = (ac[i] + (coverage >> 1)) / coverage;
> }
>
> The coverage could be zero.
>
> testcase.svg
>
> <svg width="100" height="120"
> xmlns="http://www.w3.org/2000/svg"
> xmlns:xlink="http://www.w3.org/1999/xlink">
>
> <filter id="blurMe">
> <feGaussianBlur in="SourceGraphic" stdDeviation="0.053192302807822195
> 20" />
> </filter>
>
> <circle cx="50" cy="50" r="50" fill="green"
> filter="url(#blurMe)" />
> </svg>
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/
> 1697283/+subscriptions
>