-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.
You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/poppler/poppler/issues/336. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/599439 Title: evince crashed with SIGSEGV in JPXStream::readTilePartData() Status in Poppler: Unknown Status in poppler package in Ubuntu: Triaged Bug description: evince crashes with the following valgrind output when opening the attached file. $ valgrind evince sample.pdf ==12903== Memcheck, a memory error detector. ==12903== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==12903== Using LibVEX rev 1884, a library for dynamic binary translation. ==12903== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==12903== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework. ==12903== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==12903== For more details, rerun with: -v ==12903== Error: PDF file is damaged - attempting to reconstruct xref table... ==12903== Thread 2: ==12903== Use of uninitialised value of size 4 ==12903== at 0x4E1E47F: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1951) ==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Use of uninitialised value of size 4 ==12903== at 0x4E1E48A: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1952) ==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Conditional jump or move depends on uninitialised value(s) ==12903== at 0x4E1E509: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1977) ==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Use of uninitialised value of size 4 ==12903== at 0x4E1E515: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1978) ==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Invalid read of size 4 ==12903== at 0x4E1E515: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1978) ==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== Address 0x10 is not stack'd, malloc'd or (recently) free'd ==12903== ==12903== Process terminating with default action of signal 11 (SIGSEGV) ==12903== Access not within mapped region at address 0x10 ==12903== at 0x4E1E515: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1978) ==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== If you believe this happened as a result of a stack overflow in your ==12903== program's main thread (unlikely but possible), you can try to increase ==12903== the size of the main thread stack using the --main-stacksize= flag. ==12903== The main thread stack size used in this run was 8388608. ==12903== ==12903== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 243 from 4) ==12903== malloc/free: in use at exit: 262,485,146 bytes in 86,891 blocks. ==12903== malloc/free: 263,012 allocs, 176,121 frees, 277,245,884 bytes allocated. ==12903== For counts of detected errors, rerun with: -v ==12903== Use --track-origins=yes to see where uninitialised values come from ==12903== searching for pointers to 86,891 not-freed blocks. ==12903== checked 212,587,460 bytes. ==12903== ==12903== LEAK SUMMARY: ==12903== definitely lost: 25,170 bytes in 994 blocks. ==12903== possibly lost: 202,348 bytes in 229 blocks. ==12903== still reachable: 262,257,628 bytes in 85,668 blocks. ==12903== suppressed: 0 bytes in 0 blocks. ==12903== Rerun with --leak-check=full to see details of leaked memory. Killed ProblemType: Crash Architecture: i386 DistroRelease: Ubuntu 9.04 ExecutablePath: /usr/bin/evince Package: evince 2.26.1-0ubuntu1 ProcCmdline: evince tehfu-113_2.pdf ProcEnviron: SHELL=/bin/bash LANG=en_US.UTF-8 Signal: 11 SourcePackage: evince StacktraceTop: JPXStream::readTilePartData (this=0x9264fd8, tileIdx=3, JPXStream::readTilePart (this=0x9264fd8) JPXStream::readCodestream (this=0x9264fd8, len=0) JPXStream::readBoxes (this=0x9264fd8) at JPXStream.cc:735 JPXStream::reset (this=0x9264fd8) at JPXStream.cc:272 Title: evince crashed with SIGSEGV in JPXStream::readTilePartData() Uname: Linux 2.6.28-19-generic i686 UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare To manage notifications about this bug go to: https://bugs.launchpad.net/poppler/+bug/599439/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
