desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #14170
[Bug 599454] Re: evince crashes in JBIG2Bitmap::getSlice
Does this still occur on Ubuntu 11.04 "Natty Narwhal"? If so, can you
please let us know if it still occurs on the Ubuntu 11.10 "Oneiric
Ocelot" beta 1 LiveCD?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/599454
Title:
evince crashes in JBIG2Bitmap::getSlice
Status in Poppler:
Fix Released
Status in “poppler” package in Ubuntu:
Fix Committed
Bug description:
evince crashes with the following backtrace when opening the attached reproducer.
(gdb) bt
#0 0xb68b942f in JBIG2Bitmap::getSlice (this=0x0, x=0, y=0, wA=11, hA=142)
at JBIG2Stream.cc:678
#1 0xb68c17f5 in JBIG2Stream::readPatternDictSeg (this=0x9679af0,
segNum=2876249100, length=2615310306) at JBIG2Stream.cc:2448
#2 0xb68c3eb3 in JBIG2Stream::readSegments (this=0x9679af0)
at JBIG2Stream.cc:1360
#3 0xb68c4097 in JBIG2Stream::reset (this=0x9679af0) at JBIG2Stream.cc:1212
#4 0xb68d73e3 in ImageStream::reset (this=0x965e400) at Stream.cc:419
#5 0xb70464c5 in CairoOutputDev::drawImage (this=0x95e2c10, state=0x9679418,
ref=0xb626dde8, str=0x9679af0, width=2560, height=3300,
colorMap=0x967b760, maskColors=0x0, inlineImg=0) at CairoOutputDev.cc:1614
#6 0xb689013d in Gfx::doImage (this=0x965dfb8, ref=0xb626dde8, str=0x9679af0,
inlineImg=0) at Gfx.cc:3865
#7 0xb6894895 in Gfx::opXObject (this=0x965dfb8, args=0xb626dec0, numArgs=1)
at Gfx.cc:3526
#8 0xb6886aba in Gfx::execOp (this=0x965dfb8, cmd=0xb626e060,
args=0xb626dec0, numArgs=1) at Gfx.cc:771
#9 0xb688707f in Gfx::go (this=0x965dfb8, topLevel=1) at Gfx.cc:642
#10 0xb6889aef in Gfx::display (this=0x965dfb8, obj=0xb626e13c, topLevel=1)
at Gfx.cc:611
#11 0xb68d069d in Page::displaySlice (this=0x95e9248, out=0x95e2c10, hDPI=72,
vDPI=72, rotate=0, useMediaBox=0, crop=1, sliceX=-1, sliceY=-1, sliceW=-1,
sliceH=-1, printing=0, catalog=0x95e2b60, abortCheckCbk=0,
---Type <return> to continue, or q <return> to quit---
abortCheckCbkData=0x0, annotDisplayDecideCbk=0,
annotDisplayDecideCbkData=0x0) at Page.cc:442
#12 0xb70410e6 in _poppler_page_render (page=0x965b400, cairo=0x966f9d0,
printing=0) at poppler-page.cc:530
#13 0xb7041237 in poppler_page_render (page=0x965b400, cairo=0x966f9d0)
at poppler-page.cc:552
#14 0xb5a69788 in ?? () from /usr/lib/evince/1/backends/libpdfdocument.so
#15 0xb77243b0 in ev_document_render (document=0x95add50, rc=0x95a9320)
at ev-document.c:257
#16 0xb76fe8c7 in ev_job_render_run (job=0x949e1f8) at ev-jobs.c:516
#17 0xb76fbf91 in ev_job_run (job=0x949e1f8) at ev-jobs.c:207
#18 0xb76ff6b0 in ev_job_thread_proxy (data=0x0) at ev-job-scheduler.c:183
#19 0xb6d927bf in g_thread_create_proxy (data=0x95ad7b0)
at /build/buildd/glib2.0-2.20.1/glib/gthread.c:635
#20 0xb6d1a4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#21 0xb6c955ee in clone () from /lib/tls/i686/cmov/libc.so.6
==13851== Memcheck, a memory error detector.
==13851== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==13851== Using LibVEX rev 1884, a library for dynamic binary translation.
==13851== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==13851== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework.
==13851== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==13851== For more details, rerun with: -v
==13851==
Error: PDF file is damaged - attempting to reconstruct xref table...
Error (13759): Illegal character '>'
Error (13761): Illegal character <72> in hex string
Error (13764): Illegal character <3a> in hex string
Error (13767): Illegal character <73> in hex string
Error (13769): Illegal character <72> in hex string
Error (13770): Illegal character <69> in hex string
Error (13771): Illegal character <70> in hex string
Error (13772): Illegal character <74> in hex string
Error (13773): Illegal character <69> in hex string
Error (13774): Illegal character <6f> in hex string
Error (13775): Illegal character <6e> in hex string
Error (13777): Illegal character <72> in hex string
Error (13780): Illegal character <3a> in hex string
Error (13783): Illegal character <6f> in hex string
Error (13784): Illegal character <75> in hex string
Error (13785): Illegal character <74> in hex string
Error (13786): Illegal character <3d> in hex string
Error (13787): Illegal character <22> in hex string
Error (13788): Illegal character <22> in hex string
Error (13790): Illegal character <78> in hex string
Error (13791): Illegal character <6d> in hex string
Error (13792): Illegal character <6c> in hex string
Error (13793): Illegal character <6e> in hex string
Error (13794): Illegal character <73> in hex string
Error (13795): Illegal character <3a> in hex string
Error (13796): Illegal character <70> in hex string
Error (13799): Illegal character <3d> in hex string
Error (13800): Illegal character <22> in hex string
Error (13801): Illegal character <68> in hex string
Error (13802): Illegal character <74> in hex string
Error (13803): Illegal character <74> in hex string
Error (13804): Illegal character <70> in hex string
Error (13805): Illegal character <3a> in hex string
Error (13806): Illegal character <2f> in hex string
Error (13807): Illegal character <2f> in hex string
Error (13808): Illegal character <6e> in hex string
Error (13809): Illegal character <73> in hex string
Error (13810): Illegal character <2e> in hex string
Error (13813): Illegal character <6f> in hex string
Error (13816): Illegal character <2e> in hex string
Error (13818): Illegal character <6f> in hex string
Error (13819): Illegal character <6d> in hex string
Error (13820): Illegal character <2f> in hex string
Error (13821): Illegal character <70> in hex string
Error (13824): Illegal character <2f> in hex string
Error (13826): Illegal character <2e> in hex string
Error (13828): Illegal character <2f> in hex string
Error (13829): Illegal character <22> in hex string
Error (13832): Illegal character <70> in hex string
Error (13835): Illegal character <3a> in hex string
Error (13836): Illegal character <50> in hex string
Error (13837): Illegal character <72> in hex string
Error (13838): Illegal character <6f> in hex string
Error (13840): Illegal character <75> in hex string
Error (13843): Illegal character <72> in hex string
Error (13894): Illegal character <2f> in hex string
Error (13895): Illegal character <70> in hex string
Error (13898): Illegal character <3a> in hex string
Error (13899): Illegal character <50> in hex string
Error (13900): Illegal character <72> in hex string
Error (13901): Illegal character <6f> in hex string
Error (13903): Illegal character <75> in hex string
Error (13906): Illegal character <72> in hex string
Error (13909): Illegal character <2f> in hex string
Error (13910): Illegal character <72> in hex string
Error (13913): Illegal character <3a> in hex string
Error (13916): Illegal character <73> in hex string
Error (13918): Illegal character <72> in hex string
Error (13919): Illegal character <69> in hex string
Error (13920): Illegal character <70> in hex string
Error (13921): Illegal character <74> in hex string
Error (13922): Illegal character <69> in hex string
Error (13923): Illegal character <6f> in hex string
Error (13924): Illegal character <6e> in hex string
Error (13928): Illegal character <72> in hex string
Error (13931): Illegal character <3a> in hex string
Error (13934): Illegal character <73> in hex string
Error (13936): Illegal character <72> in hex string
Error (13937): Illegal character <69> in hex string
Error (13938): Illegal character <70> in hex string
Error (13939): Illegal character <74> in hex string
Error (13940): Illegal character <69> in hex string
Error (13941): Illegal character <6f> in hex string
Error (13942): Illegal character <6e> in hex string
Error (13944): Illegal character <72> in hex string
Error (13947): Illegal character <3a> in hex string
Error (13950): Illegal character <6f> in hex string
Error (13951): Illegal character <75> in hex string
Error (13952): Illegal character <74> in hex string
Error (13953): Illegal character <3d> in hex string
Error (13954): Illegal character <22> in hex string
Error (13955): Illegal character <22> in hex string
Error (13957): Illegal character <78> in hex string
Error (13958): Illegal character <6d> in hex string
Error (13959): Illegal character <6c> in hex string
Error (13960): Illegal character <6e> in hex string
Error (13961): Illegal character <73> in hex string
Error (13962): Illegal character <3a> in hex string
Error (13963): Illegal character <78> in hex string
Error (13965): Illegal character <70> in hex string
Error (13966): Illegal character <3d> in hex string
Error (13967): Illegal character <22> in hex string
Error (13968): Illegal character <68> in hex string
Error (13969): Illegal character <74> in hex string
Error (13970): Illegal character <74> in hex string
Error (13971): Illegal character <70> in hex string
Error (13972): Illegal character <3a> in hex string
Error (13973): Illegal character <2f> in hex string
Error (13974): Illegal character <2f> in hex string
Error (13975): Illegal character <6e> in hex string
Error (13976): Illegal character <73> in hex string
Error (13977): Illegal character <2e> in hex string
Error (13980): Illegal character <6f> in hex string
Error (13983): Illegal character <2e> in hex string
Error (13985): Illegal character <6f> in hex string
Error (13986): Illegal character <6d> in hex string
Error (13987): Illegal character <2f> in hex string
Error (13988): Illegal character <78> in hex string
Error (13990): Illegal character <70> in hex string
Error (13991): Illegal character <2f> in hex string
Error (13993): Illegal character <2e> in hex string
Error (13995): Illegal character <2f> in hex string
Error (13996): Illegal character <22> in hex string
Error (13999): Illegal character <78> in hex string
Error (14001): Illegal character <70> in hex string
Error (14002): Illegal character <3a> in hex string
Error (14004): Illegal character <72> in hex string
Error (14007): Illegal character <74> in hex string
Error (14011): Illegal character <74> in hex string
Error (14043): Illegal character <2f> in hex string
Error (14044): Illegal character <78> in hex string
Error (14046): Illegal character <70> in hex string
Error (14047): Illegal character <3a> in hex string
Error (14049): Illegal character <72> in hex string
Error (14052): Illegal character <74> in hex string
Error (14056): Illegal character <74> in hex string
Error (14060): Illegal character <78> in hex string
Error (14062): Illegal character <70> in hex string
Error (14063): Illegal character <3a> in hex string
Error (14065): Illegal character <72> in hex string
Error (14068): Illegal character <74> in hex string
Error (14069): Illegal character <6f> in hex string
Error (14070): Illegal character <72> in hex string
Error (14071): Illegal character <54> in hex string
Error (14072): Illegal character <6f> in hex string
Error (14073): Illegal character <6f> in hex string
Error (14074): Illegal character <6c> in hex string
Error (14117): Illegal character '>'
Error (14146): Illegal character <2f> in hex string
Error (14147): Illegal character <78> in hex string
Error (14149): Illegal character <70> in hex string
Error (14150): Illegal character <3a> in hex string
Error (14151): Illegal character <4d> in hex string
Error (14152): Illegal character <6f> in hex string
Error (14154): Illegal character <69> in hex string
Error (14156): Illegal character <79> in hex string
Error (14159): Illegal character <74> in hex string
Error (14163): Illegal character <2f> in hex string
Error (14164): Illegal character <72> in hex string
Error (14167): Illegal character <3a> in hex string
Error (14170): Illegal character <73> in hex string
Error (14172): Illegal character <72> in hex string
Error (14173): Illegal character <69> in hex string
Error (14174): Illegal character <70> in hex string
Error (14175): Illegal character <74> in hex string
Error (14176): Illegal character <69> in hex string
Error (14177): Illegal character <6f> in hex string
Error (14178): Illegal character <6e> in hex string
Error (14182): Illegal character <72> in hex string
Error (14185): Illegal character <3a> in hex string
Error (14188): Illegal character <73> in hex string
Error (14190): Illegal character <72> in hex string
Error (14191): Illegal character <69> in hex string
Error (14192): Illegal character <70> in hex string
Error (14193): Illegal character <74> in hex string
Error (14194): Illegal character <69> in hex string
Error (14195): Illegal character <6f> in hex string
Error (14196): Illegal character <6e> in hex string
Error (14204): Illegal character <6e> in hex string
Error (14207): Illegal character <74> in hex string
Error (14208): Illegal character <72> in hex string
Error (14210): Illegal character <69> in hex string
Error (14211): Illegal character <6c> in hex string
Error (14213): Illegal character <72> in hex string
Error (14215): Illegal character <3c> in hex string
Error (14216): Illegal character <3c> in hex string
Error (14217): Illegal character <2f> in hex string
Error (14218): Illegal character <53> in hex string
Error (14219): Illegal character <69> in hex string
Error (14220): Illegal character <7a> in hex string
Error (14225): Illegal character <2f> in hex string
Error (14226): Illegal character <49> in hex string
Error (14228): Illegal character <5b> in hex string
Error (14229): Illegal character <3c> in hex string
Error: Kid object (page 1) is wrong type (null)
Error: Kid object (page 2) is wrong type (integer)
Error: Kid object (page 2) is wrong type (integer)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (error)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (integer)
Error: Kid object (page 2) is wrong type (integer)
Error: Kid object (page 2) is wrong type (integer)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (error)
Error: Kid object (page 2) is wrong type (integer)
Error: Kid object (page 2) is wrong type (integer)
Error: Kid object (page 2) is wrong type (integer)
Error: Kid object (page 2) is wrong type (cmd)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (string)
Error: Kid object (page 2) is wrong type (string)
Error: Page count in top-level pages object is incorrect
Error (48): Illegal character '}'
(evince:13851): Gtk-CRITICAL **: gtk_window_resize: assertion `width > 0' failed
Error: font resource is not a dictionary
Error (3260): Invalid symbol number in JBIG2 text region
Error (7552): Invalid symbol number in JBIG2 text region
Error (7558): Invalid symbol number in JBIG2 text region
Error (7607): Invalid symbol number in JBIG2 text region
Error (7614): Invalid symbol number in JBIG2 text region
Error (7831): Invalid symbol number in JBIG2 text region
Error (7892): Invalid symbol number in JBIG2 text region
Error (7901): Invalid symbol number in JBIG2 text region
Error (7926): Invalid symbol number in JBIG2 text region
Error (7939): Invalid symbol number in JBIG2 text region
Error (8201): Invalid symbol number in JBIG2 text region
Error (8306): Invalid symbol number in JBIG2 text region
Error (8314): Invalid symbol number in JBIG2 text region
Error (8451): Invalid symbol number in JBIG2 text region
Error (8453): Invalid symbol number in JBIG2 text region
Error (8458): Invalid symbol number in JBIG2 text region
Error (8512): Invalid symbol number in JBIG2 text region
Error (8515): Invalid symbol number in JBIG2 text region
Error (8527): Invalid symbol number in JBIG2 text region
Error (8539): Invalid symbol number in JBIG2 text region
Error (8543): Invalid symbol number in JBIG2 text region
Error (8565): Invalid symbol number in JBIG2 text region
Error (8568): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error (12259): Invalid symbol number in JBIG2 text region
Error: invalid width/height
Error (12259): 668 extraneous bytes after segment
Error: invalid width/height
==13851== Warning: set address range perms: large range [0x6861f028, 0x9a42780c) (undefined)
==13851== Thread 2:
==13851== Invalid read of size 4
==13851== at 0x4E8542F: JBIG2Bitmap::getSlice(unsigned int, unsigned int, unsigned int, unsigned int) (JBIG2Stream.cc:678)
==13851== by 0x4E8D7F4: JBIG2Stream::readPatternDictSeg(unsigned int, unsigned int) (JBIG2Stream.cc:2448)
==13851== by 0x4E8FEB2: JBIG2Stream::readSegments() (JBIG2Stream.cc:1360)
==13851== by 0x4E90096: JBIG2Stream::reset() (JBIG2Stream.cc:1212)
==13851== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419)
==13851== by 0x47394C4: CairoOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, int*, int) (CairoOutputDev.cc:1614)
==13851== by 0x4E5C13C: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3865)
==13851== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526)
==13851== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771)
==13851== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642)
==13851== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611)
==13851== by 0x4E9C69C: Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int (*)(Annot*, void*), void*) (Page.cc:442)
==13851== Address 0x8 is not stack'd, malloc'd or (recently) free'd
==13851==
==13851== Process terminating with default action of signal 11 (SIGSEGV)
==13851== Access not within mapped region at address 0x8
==13851== at 0x4E8542F: JBIG2Bitmap::getSlice(unsigned int, unsigned int, unsigned int, unsigned int) (JBIG2Stream.cc:678)
==13851== by 0x4E8D7F4: JBIG2Stream::readPatternDictSeg(unsigned int, unsigned int) (JBIG2Stream.cc:2448)
==13851== by 0x4E8FEB2: JBIG2Stream::readSegments() (JBIG2Stream.cc:1360)
==13851== by 0x4E90096: JBIG2Stream::reset() (JBIG2Stream.cc:1212)
==13851== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419)
==13851== by 0x47394C4: CairoOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, int*, int) (CairoOutputDev.cc:1614)
==13851== by 0x4E5C13C: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3865)
==13851== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526)
==13851== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771)
==13851== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642)
==13851== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611)
==13851== by 0x4E9C69C: Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int (*)(Annot*, void*), void*) (Page.cc:442)
==13851== If you believe this happened as a result of a stack overflow in your
==13851== program's main thread (unlikely but possible), you can try to increase
==13851== the size of the main thread stack using the --main-stacksize= flag.
==13851== The main thread stack size used in this run was 8388608.
==13851==
==13851== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 243 from 4)
==13851== malloc/free: in use at exit: 880,763,990 bytes in 49,033 blocks.
==13851== malloc/free: 207,900 allocs, 158,867 frees, 895,662,207 bytes allocated.
==13851== For counts of detected errors, rerun with: -v
==13851== searching for pointers to 49,033 not-freed blocks.
==13851== checked 27,249,380 bytes.
==13851==
==13851== LEAK SUMMARY:
==13851== definitely lost: 25,170 bytes in 994 blocks.
==13851== possibly lost: 202,604 bytes in 229 blocks.
==13851== still reachable: 880,536,216 bytes in 47,810 blocks.
==13851== suppressed: 0 bytes in 0 blocks.
==13851== Rerun with --leak-check=full to see details of leaked memory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/poppler/+bug/599454/+subscriptions
