From 1b6f3bd532bf1ea819d3780def2e2c9594b1204d Mon Sep 17 00:00:00 2001
From: Pip Cet <pipcet@gmail.com>
Date: Wed, 24 Jul 2019 12:34:36 +0000
Subject: [PATCH 1/2] Don't crash when parsing bad SVG data (bug#36773)

* src/image.c (svg_load_image): Be more careful about librsvg
returning NULL pointers.
---
 src/image.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/image.c b/src/image.c
index 355c849491..b1f84e1946 100644
--- a/src/image.c
+++ b/src/image.c
@@ -9530,11 +9530,15 @@ svg_load_image (struct frame *f, struct image *img, char *contents,
   if (base_file)
     g_object_unref (base_file);
   g_object_unref (input_stream);
-  if (err) goto rsvg_error;
+  if (err || rsvg_handle == NULL)
+    goto rsvg_error;
 #else
   /* Make a handle to a new rsvg object.  */
   rsvg_handle = rsvg_handle_new ();
 
+  if (rsvg_handle == NULL)
+    goto rsvg_error;
+
   /* Set base_uri for properly handling referenced images (via 'href').
      See rsvg bug 596114 - "image refs are relative to curdir, not .svg file"
      <https://gitlab.gnome.org/GNOME/librsvg/issues/33>. */
@@ -9654,7 +9658,8 @@ svg_load_image (struct frame *f, struct image *img, char *contents,
   return 1;
 
  rsvg_error:
-  g_object_unref (rsvg_handle);
+  if (rsvg_handle != NULL)
+    g_object_unref (rsvg_handle);
   /* FIXME: Use error->message so the user knows what is the actual
      problem with the image.  */
   image_error ("Error parsing SVG image `%s'", img->spec);
-- 
2.22.0