Page MenuHomePhabricator

Commons SVG Checker has differences between Wikimedia rendering and Toolforge rendering
Open, Needs TriagePublicBug

Description

TilmannR produced a sample, which looks completely different on Wikimedia Commons and on Commons SVG Checker.

Wikimedia servers have been updated to librsvg 2.40.20 ( T68672#5110845 )
https://commons.wikimedia.org/wiki/File:Identify_renderer.svg

Rillke's tool (Toolforge Debian Stretch also runs 2.40.16)
https://commons.wikimedia.org/wiki/Commons:Commons_SVG_Checker?withJS=MediaWiki:CommonsSvgChecker.js&checkSVG=File%3AIdentify_renderer.svg

The Same issue ocours with Jarry1250's tool (rsvg-convert version 2.40.16)
https://tools.wmflabs.org/svgcheck/index.php

Steps to Reproduce:
Open https://commons.wikimedia.org/wiki/File:Identify_renderer.svg and compare it to https://commons.wikimedia.org/wiki/Commons:Commons_SVG_Checker?withJS=MediaWiki:CommonsSvgChecker.js&checkSVG=File%3AIdentify_renderer.svg

Maybe it would be better if servers and toolforge have the same librsvg-version: T151656#5068826

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 20 2019, 10:15 PM

A more straightforward example is https://commons.wikimedia.org/wiki/File:SVG_edge_case_-_zero_scale_gradient.svg
It's a divide-by-zero type of situation, in which the SVG Checker stops rendering and WikiMedia's renderer falls back to a default.

TilmannR updated the task description. (Show Details)Mar 21 2019, 10:16 AM
Aklapper renamed this task from Differences between Wikimedia rendering and Toolforge rendering to Commons SVG Checker has differences between Wikimedia rendering and Toolforge rendering.Mar 21 2019, 10:31 AM
Jarry1250 added a comment.EditedMar 29 2019, 9:29 AM

Thanks for reporting.

Wikimedia servers have been updated to librsvg 2.40.16

Per T170810 I think production is actually on 2.40.18.

According to the change log, 2.40.18 fixed CVE-2017-11464 ("A SIGFPE is raised in the function box_blur_line... because of incorrect protection against division by zero."). I don't have different versions of rsvg available to test, but I imagine that it's the difference between 2.40.16 (Toolforge) and 2.40.18 (production) that is therefore causing the issue.

I am not sure whether the easiest fix is for 2.40.18 to be installed on Kubernetes (T151656) or on Stretch (no task filed).

JoKalliauer updated the task description. (Show Details)Apr 15 2019, 4:00 PM