desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #146204
[Bug 1505858] Re: Segmentation fault in JPXStream::readTilePartData(JPXStream.cc:2142)
Launchpad has imported 7 comments from the remote bug at
https://bugs.freedesktop.org/show_bug.cgi?id=92450.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
------------------------------------------------------------------------
On 2015-10-13T20:56:39+00:00 Saintlinu wrote:
Created attachment 118861
Use of this file could lead to crash the products using poppler library
Hello,
I've found some vulnerabilities in pdf viewers using famous library
named poppler such as evince, xpdf, okular and so on.
This is my short report and I used latest version of poppler (poppler-0.37.0).
Plus I've attached some findings.
Thanks
-Alex
in details:
alex@vm64:$ LD_LIBRARY_PATH=/usr/local/lib gdb --args ./evince ~/hack/project/fuzzer/testcases/pdf/JPXDecode/fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1
GNU gdb (Ubuntu 7.10-1ubuntu2) 7.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./evince...done.
gdb$ r
Starting program: /home/alex/hack/project/evince/evince-3.18.0/shell/.libs/evince /home/alex/hack/project/fuzzer/testcases/pdf/JPXDecode/fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffece5e700 (LWP 17556)]
[New Thread 0x7fffec65d700 (LWP 17557)]
[New Thread 0x7fffebe5c700 (LWP 17558)]
[New Thread 0x7fffeb038700 (LWP 17563)]
[New Thread 0x7fffe9a4e700 (LWP 17564)]
[New Thread 0x7fffda2ab700 (LWP 17565)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe9a4e700 (LWP 17564)]
-----------------------------------------------------------------------------------------------------------------------[regs]
RAX: 0x0000000000000000 RBX: 0x0000000000000000 RBP: 0x00007FFFD005DA40 RSP: 0x00007FFFE9A4CF50 o d I t s z A p c
RDI: 0x00007FFFD0042BA0 RSI: 0x0000000000000000 RDX: 0x0000000000000018 RCX: 0x0000000000000001 RIP: 0x00007FFFE8A04C49
R8 : 0x0000000000000000 R9 : 0x0000000000000006 R10: 0x00000000000000A8 R11: 0x00007FFFD005DAB0 R12: 0x00007FFFD0042850
R13: 0x00007FFFD005A0E0 R14: 0x00007FFFD005DAB0 R15: 0x0000000000001923
CS: 0033 DS: 0000 ES: 0000 FS: 0000 GS: 0000 SS: 002B
[0x002B:0x00007FFFE9A4CF50]-------------------------------------------------------------------------------------------[stack]
0x00007FFFE9A4CFA0 : 01 00 00 00 FF 7F 00 00 - 01 00 00 00 FF 7F 00 00 ................
0x00007FFFE9A4CF90 : 00 00 00 00 03 00 00 00 - 01 00 00 00 FF 7F 00 00 ................
0x00007FFFE9A4CF80 : 50 A1 05 D0 FF 7F 00 00 - 90 BA 06 D0 FF 7F 00 00 P...............
0x00007FFFE9A4CF70 : B4 CF A4 E9 FF 7F 00 00 - 03 00 00 00 00 00 00 00 ................
0x00007FFFE9A4CF60 : 50 28 04 D0 FF 7F 00 00 - 80 C2 05 D0 FF 7F 00 00 P(..............
0x00007FFFE9A4CF50 : 40 2D 04 D0 FF 7F 00 00 - 00 00 00 00 00 00 00 00 @-..............
-----------------------------------------------------------------------------------------------------------------------[code]
=> 0x7fffe8a04c49 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+265>: mov rbp,QWORD PTR [rax+0x10]
0x7fffe8a04c4d <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+269>: lea r11,[rbp+rbx*1+0x0]
0x7fffe8a04c52 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+274>: mov r9d,DWORD PTR [r11+0x14]
0x7fffe8a04c56 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+278>: test r9d,r9d
0x7fffe8a04c59 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+281>: je 0x7fffe8a04ca3 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+355>
0x7fffe8a04c5b <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+283>: mov r8d,DWORD PTR [r11+0x10]
0x7fffe8a04c5f <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+287>: xor eax,eax
0x7fffe8a04c61 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+289>: xor edi,edi
-----------------------------------------------------------------------------------------------------------------------------
0x00007fffe8a04c49 in JPXStream::readTilePartData (this=this@entry=0x7fffd0042d40, tileIdx=<optimized out>, tilePartLen=0x1923, tilePartToEOC=tilePartToEOC@entry=0x0) at JPXStream.cc:2142
2142 if (!bits) {
gdb$ bt
#0 0x00007fffe8a04c49 in JPXStream::readTilePartData (this=this@entry=0x7fffd0042d40, tileIdx=<optimized out>, tilePartLen=0x1923, tilePartToEOC=tilePartToEOC@entry=0x0) at JPXStream.cc:2142
#1 0x00007fffe8a05f89 in JPXStream::readTilePart (this=this@entry=0x7fffd0042d40) at JPXStream.cc:2100
#2 0x00007fffe8a06f17 in JPXStream::readCodestream (this=this@entry=0x7fffd0042d40, len=<optimized out>) at JPXStream.cc:1488
#3 0x00007fffe8a08df1 in JPXStream::readBoxes (this=this@entry=0x7fffd0042d40) at JPXStream.cc:780
#4 0x00007fffe8a09036 in JPXStream::reset (this=0x7fffd0042d40) at JPXStream.cc:275
#5 0x00007fffe8e1c812 in RescaleDrawImage::getSourceImage (this=this@entry=0x7fffe9a4d310, str=str@entry=0x7fffd0042d40, widthA=widthA@entry=0x66, height=height@entry=0xf1, scaledWidth=0x2f9, scaledHeight=0x6fd, printing=0x0, colorMapA=0x7fffd0042f30, maskColorsA=0x0) at CairoOutputDev.cc:2881
#6 0x00007fffe8e1ae21 in CairoOutputDev::drawImage (this=0x7fffd003e030, state=0x7fffd00421c0, ref=0x7fffe9a4d640, str=0x7fffd0042d40, widthA=0x66, heightA=0xf1, colorMap=0x7fffd0042f30, interpolate=0x0, maskColors=0x0, inlineImg=0x0) at CairoOutputDev.cc:3028
#7 0x00007fffe8a4ba9e in Gfx::doImage (this=this@entry=0x7fffd0041f60, ref=ref@entry=0x7fffe9a4d640, str=0x7fffd0042d40, inlineImg=inlineImg@entry=0x0) at Gfx.cc:4663
#8 0x00007fffe8a4c6af in Gfx::opXObject (this=0x7fffd0041f60, args=<optimized out>, numArgs=<optimized out>) at Gfx.cc:4189
#9 0x00007fffe8a46f26 in Gfx::go (this=this@entry=0x7fffd0041f60, topLevel=topLevel@entry=0x1) at Gfx.cc:763
#10 0x00007fffe8a47409 in Gfx::display (this=this@entry=0x7fffd0041f60, obj=obj@entry=0x7fffe9a4da40, topLevel=topLevel@entry=0x1) at Gfx.cc:729
#11 0x00007fffe8a85c28 in Page::displaySlice (this=0x7fffd00407e0, out=out@entry=0x7fffd003e030, hDPI=hDPI@entry=72, vDPI=vDPI@entry=72, rotate=rotate@entry=0x0, useMediaBox=useMediaBox@entry=0x0, crop=crop@entry=0x1, sliceX=sliceX@entry=0xffffffff, sliceY=0xffffffff, sliceW=0xffffffff, sliceH=0xffffffff, printing=0x0, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=0x0) at Page.cc:599
#12 0x00007fffe8e03ace in _poppler_page_render (page=0xa8c6c0, cairo=0xa30510, printing=<optimized out>, print_flags=<optimized out>) at poppler-page.cc:362
#13 0x00007fffe90450b3 in pdf_page_render (page=page@entry=0xa8c6c0, width=0x2f9, height=0x6fd, rc=rc@entry=0xa8c700) at /build/buildd/evince-3.16.1/./backend/pdf/ev-poppler.cc:415
#14 0x00007fffe90452f1 in pdf_document_render (document=<optimized out>, rc=0xa8c700) at /build/buildd/evince-3.16.1/./backend/pdf/ev-poppler.cc:442
#15 0x00007ffff7968832 in ev_job_render_run (job=0xb49bc0) at /build/buildd/evince-3.16.1/./libview/ev-jobs.c:638
#16 0x00007ffff796a68a in ev_job_thread (job=0xb49bc0) at /build/buildd/evince-3.16.1/./libview/ev-job-scheduler.c:184
#17 ev_job_thread_proxy (data=<optimized out>) at /build/buildd/evince-3.16.1/./libview/ev-job-scheduler.c:217
#18 0x00007ffff5714965 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007ffff51856aa in start_thread (arg=0x7fffe9a4e700) at pthread_create.c:333
#20 0x00007ffff4ebaeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Reply at:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/0
------------------------------------------------------------------------
On 2015-10-13T21:07:06+00:00 Albert Astals Cid wrote:
You should be using the openjpeg version of the JPXStream, the other
version is basically unmaintained and just there for convenience.
Meaning i won't be working on fixing this, but of course patches are
welcome.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/1
------------------------------------------------------------------------
On 2015-10-14T12:03:58+00:00 Saintlinu wrote:
Created attachment 118869
removed a finding file
Reply at:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/3
------------------------------------------------------------------------
On 2015-10-14T12:06:35+00:00 Saintlinu wrote:
Oh, I see. Thank you for quick response
-Alex
Reply at:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/4
------------------------------------------------------------------------
On 2015-10-14T20:51:54+00:00 Adrian Johnson wrote:
Created attachment 118877
Warn that the DCT/JPX internal decoders are unmaintained
Reply at:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/5
------------------------------------------------------------------------
On 2015-10-14T20:52:33+00:00 Adrian Johnson wrote:
Created attachment 118878
Synchronize cmake warnings with configure warnings
Reply at:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/6
------------------------------------------------------------------------
On 2015-10-14T20:55:05+00:00 Albert Astals Cid wrote:
looks good to me.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/7
** Changed in: poppler
Status: Unknown => Confirmed
** Changed in: poppler
Importance: Unknown => High
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/1505858
Title:
Segmentation fault in JPXStream::readTilePartData(JPXStream.cc:2142)
Status in Poppler:
Confirmed
Status in poppler package in Ubuntu:
Confirmed
Bug description:
Hello,
I've found some vulnerabilities in pdf viewers using famous library
named poppler such as evince, xpdf, okular and so on.
This is my short report and I used latest version of poppler (poppler-0.37.0).
Plus I've attached a finding as comment below
To be honest, I already posted this bug on popplers' and developer answered the question (https://bugs.freedesktop.org/show_bug.cgi?id=92450#c1).
As far as I can tell, all of these software what I tested such as evince, xpdf okular on Ubuntu system have same problem.
So I'd like to post this issue in here.
in details:
alex@vm64 $ uname -a
Linux vm64 4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
alex@vm64 $ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.10
DISTRIB_CODENAME=wily
DISTRIB_DESCRIPTION="Ubuntu Wily Werewolf (development branch)"
okular:
Installed: 4:15.08.1-0ubuntu1
Candidate: 4:15.08.1-0ubuntu1
Version table:
*** 4:15.08.1-0ubuntu1 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages
100 /var/lib/dpkg/status
xpdf:
Installed: 3.03-17ubuntu2
Candidate: 3.03-17ubuntu2
Version table:
*** 3.03-17ubuntu2 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages
100 /var/lib/dpkg/status
evince:
Installed: 3.16.1-0ubuntu1
Candidate: 3.16.1-0ubuntu1
Version table:
*** 3.16.1-0ubuntu1 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages
100 /var/lib/dpkg/status
libpoppler-dev:
Installed: 0.33.0-0ubuntu3
Candidate: 0.33.0-0ubuntu3
Version table:
*** 0.33.0-0ubuntu3 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages
100 /var/lib/dpkg/status
+ I used latest version of poppler too.
Application: Okular (okular), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
[Current thread is 1 (Thread 0x7f640ae42840 (LWP 6180))]
Thread 4 (Thread 0x7f63f36f1700 (LWP 6184)):
#0 0x00007f6407db6743 in select () at ../sysdeps/unix/syscall-template.S:81
#1 0x00007f64087ed51f in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#2 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#3 0x00007f640537c6aa in start_thread (arg=0x7f63f36f1700) at pthread_create.c:333
#4 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 3 (Thread 0x7f63f253c700 (LWP 6200)):
[KCrash Handler]
#6 0x00007f63f25f5619 in JPXStream::readTilePartData(unsigned int, unsigned int, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#7 0x00007f63f25f6b73 in JPXStream::readTilePart() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#8 0x00007f63f25f7a77 in JPXStream::readCodestream(unsigned int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#9 0x00007f63f25f9c95 in JPXStream::readBoxes() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#10 0x00007f63f25fa0d6 in JPXStream::reset() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#11 0x00007f63f25edbf9 in SplashOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool, int*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#12 0x00007f63f26419ca in Gfx::doImage(Object*, Stream*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#13 0x00007f63f2642ce8 in Gfx::opXObject(Object*, int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#14 0x00007f63f263cffe in Gfx::go(bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#15 0x00007f63f263d4a0 in Gfx::display(Object*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#16 0x00007f63f2683255 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#17 0x00007f63f29dadc6 in Poppler::Page::renderToImage(double, double, int, int, int, int, Poppler::Page::Rotation) const () from /usr/lib/x86_64-linux-gnu/libpoppler-qt4.so.4
#18 0x00007f63f2c2be74 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so
#19 0x00007f63f738c613 in ?? () from /usr/lib/libokularcore.so.6
#20 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#21 0x00007f640537c6aa in start_thread (arg=0x7f63f253c700) at pthread_create.c:333
#22 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 2 (Thread 0x7f63f1d3b700 (LWP 6201)):
#0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1 0x00007f6408701622 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#2 0x00007f64086fd8e5 in QMutex::lockInternal() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#3 0x00007f63f2c2acf4 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so
#4 0x00007f63f738bf12 in ?? () from /usr/lib/libokularcore.so.6
#5 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#6 0x00007f640537c6aa in start_thread (arg=0x7f63f1d3b700) at pthread_create.c:333
#7 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 1 (Thread 0x7f640ae42840 (LWP 6180)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1 0x00007f6408703286 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#2 0x00007f64087028ae in QThread::wait(unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#3 0x00007f64087ed0ad in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#4 0x00007f6407cf2d32 in __run_exit_handlers (status=1, listp=0x7f640807d698 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82
#5 0x00007f6407cf2d85 in __GI_exit (status=<optimized out>) at exit.c:104
#6 0x00007f640928e6a8 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#7 0x00007f6409f83370 in KApplication::xioErrhandler(_XDisplay*) () from /usr/lib/libkdeui.so.5
#8 0x00007f64071cbcee in _XIOError () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#9 0x00007f64071c957d in _XEventsQueued () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#10 0x00007f64071a5832 in XCheckIfEvent () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#11 0x00007f64092923e9 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#12 0x00007f64092a26eb in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#13 0x00007f64092ccb52 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#14 0x00007f6404e96ff7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x00007f6404e97250 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007f6404e972fc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007f64088431ee in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#18 0x00007f64092ccc26 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#19 0x00007f64088110d1 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#20 0x00007f6408811445 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#21 0x00007f6408817429 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#22 0x0000000000409878 in ?? ()
#23 0x00007f6407cd9a40 in __libc_start_main (main=0x409430, argc=2, argv=0x7ffd3a61ac18, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd3a61ac08) at libc-start.c:289
#24 0x000000000040b4a9 in _start ()
evince 3.16.1 / xpdf version 3.03
********************************************************************************
Segmentation fault
********************************************************************************
crashed file: fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1
Register dump:
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000006 RSI: 0000000000000002 RDI: 0000000000000000
RBP: 0000000000000000 R8 : 0000000000000000 R9 : 0000000000000006
R10: 0000000000000070 R11: 0000000000000000 R12: 00000000014af420
R13: 00000000000018d2 R14: 00000000014af420 R15: 00000000014d7600
RSP: 00007ffdede2b6b0
RIP: 00007f28d94be0df EFLAGS: 00010246
CS: 0033 FS: 0000 GS: 0000
Trap: 0000000e Error: 00000004 OldMask: 00000000 CR2: 00000010
stack trace:
0x00007ffdede2b6b0: 10 fa 4a 01 00 00 00 00 00 00 00 00 00 00 00 00 ..J.............
0x00007ffdede2b6c0: 20 f4 4a 01 00 00 00 00 50 dc 4b 01 00 00 00 00 .J.....P.K.....
0x00007ffdede2b6d0: 14 b7 e2 ed fd 7f 00 00 03 00 00 00 01 00 00 00 ................
0x00007ffdede2b6e0: 90 d2 4b 01 00 00 00 00 00 00 00 00 01 00 00 00 ..K.............
0x00007ffdede2b6f0: 01 00 00 00 00 00 00 00 20 f4 4a 01 00 00 00 00 ........ .J.....
0x00007ffdede2b700: a0 41 54 01 00 00 00 00 01 00 00 00 00 00 00 00 .AT.............
0x00007ffdede2b710: d0 52 54 01 01 00 00 00 00 48 38 da c1 7a d9 ac .RT......H8..z..
0x00007ffdede2b720: 90 96 54 01 00 00 00 00 10 fa 4a 01 00 00 00 00 ..T.......J.....
Backtrace:
0x00007f28e4d22cc0: [catch_segfault():4000]
0x00007f28e3512d10: [__restore_rt():0]
0x00007f28d94be0df: [_ZN9JPXStream16readTilePartDataEjjb():287]
0x00007f28d94bf688: [_ZN9JPXStream12readTilePartEv():2920]
0x00007f28d94c1278: [_ZN9JPXStream14readCodestreamEj():248]
0x00007f28d94c3ff1: [_ZN9JPXStream9readBoxesEv():1809]
0x00007f28d94c4766: [_ZN9JPXStream5resetEv():22]
0x00007f28d9c8d753: [_ZN14CairoOutputDev9drawImageEP8GfxStateP6ObjectP6StreamiiP16GfxImageColorMapbPib():323]
0x00007f28d950ce45: [_ZN3Gfx7doImageEP6ObjectP6Streamb():3013]
0x00007f28d950e143: [_ZN3Gfx9opXObjectEP6Objecti():627]
0x00007f28d9508058: [_ZN3Gfx2goEb():344]
0x00007f28d9508558: [_ZN3Gfx7displayEP6Objectb():280]
0x00007f28d9550dc5: [_ZN4Page12displaySliceEP9OutputDevddibbiiiibPFbPvES2_PFbP5AnnotS2_ES2_b():357]
0x00007f28d9c76522: [poppler_page_get_type():482]
0x00007f28d9eb5ad3: [_init():13019]
0x00007f28d9eb616e: [_init():14710]
0x0000000000401a90: [_init():2368]
0x000000000040172d: [_init():1501]
0x00007f28e3158a40: [__libc_start_main():240]
0x00000000004018a9: [_init():1881]
Disassemble:
0x00007f28d94be0df: add rax, qword ptr [rdi + 0x10]
0x00007f28d94be0e3: mov r11d, dword ptr [rax + 0x14]
0x00007f28d94be0e7: test r11d, r11d
0x00007f28d94be0ea: je 0x7f28d94be25d
0x00007f28d94be0f0: mov r8d, dword ptr [rax + 0x10]
0x00007f28d94be0f4: mov r13, qword ptr [rsp]
0x00007f28d94be0f8: mov r15, r14
HASHTAG: 8DBAE794E10FF8F8CBF9AA94744D5759
Thanks
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/poppler/+bug/1505858/+subscriptions
