Package: libdjvulibre21 Version: 3.5.27.1-7 DjVuLibre crashes while trying to decode the attached file:
$ ddjvu null-deref.djvu Segmentation fault GDB says it's a null pointer derefence: Thread 3 "ddjvu" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xf75c2b40 (LWP 9235)] 0xf7f2e906 in DJVU::filter_bv (scale=16, rowsize=12352, h=1, w=12336, p=0x0) at IW44Image.cpp:309 309 *q -= (((a<<3)+a-b+16)>>5); (gdb) print q $1 = (short *) 0x0 (gdb) bt #0 0xf7f2e906 in DJVU::filter_bv (scale=16, rowsize=12352, h=1, w=12336, p=0x0) at IW44Image.cpp:309 #1 DJVU::IW44Image::Transform::Decode::backward (p=p@entry=0x0, w=12336, h=0, rowsize=12352, begin=begin@entry=32, end=end@entry=1) at IW44Image.cpp:1883 #2 0xf7f2ef66 in DJVU::IW44Image::Map::image (this=<optimized out>, img8=<optimized out>, img8@entry=0x0, rowsize=<optimized out>, rowsize@entry=37008, pixsep=<optimized out>, pixsep@entry=3, fast=<optimized out>, fast@entry=0) at IW44Image.cpp:714 #3 0xf7f30353 in DJVU::IWPixmap::get_pixmap (this=0xf6c00b90) at IW44Image.cpp:1656 #4 0xf7ea721e in DJVU::DjVuFile::decode_chunk (this=this@entry=0x565d05c0, id=..., gbs=..., djvi=false, djvu=true, iw44=false) at DjVuFile.cpp:984 #5 0xf7ea951d in DJVU::DjVuFile::decode (this=<optimized out>, this@entry=0x565d05c0, gbs=...) at DjVuFile.cpp:1255 #6 0xf7ea9cf8 in DJVU::DjVuFile::decode_func (this=this@entry=0x565d05c0) at DjVuFile.cpp:484 #7 0xf7eaa57e in DJVU::DjVuFile::static_decode_func (cl_data=0x565d05c0) at DjVuFile.cpp:464 #8 0xf7f0ff7d in DJVU::GThread::start (arg=0x565c91f8) at GThreads.cpp:392 #9 0xf7d7327a in start_thread (arg=0xf75c2b40) at pthread_create.c:333 #10 0xf7aafad6 in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:110 Found using American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/ -- System Information: Architecture: i386 (x86_64) Versions of packages libdjvulibre21 depends on: ii libc6 2.24-12 ii libdjvulibre-text 3.5.27.1-7 ii libgcc1 1:7.1.0-10 ii libjpeg62-turbo 1:1.5.1-2 ii libstdc++6 7.1.0-10 -- Jakub Wilk
null-deref.djvu.gz
Description: application/gzip

