Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1202137 - segfault in opj_stream_destroy
Summary: segfault in opj_stream_destroy
Alias: None
Product: Fedora
Classification: Fedora
Component: mupdf
Version: 22
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Pavel Zhukov
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2015-03-15 20:35 UTC by Pavel Zhukov
Modified: 2015-05-26 03:35 UTC (History)
3 users (show)

Fixed In Version: mupdf-1.7-2.fc22
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-05-06 19:46:31 UTC
Type: Bug

Attachments (Terms of Use)
Fixed patch (611 bytes, patch)
2015-03-25 14:56 UTC, Sandro Mani
no flags Details | Diff

Description Pavel Zhukov 2015-03-15 20:35:18 UTC
Description of problem:
Segfault if open pdf with OCR 

Version-Release number of selected component (if applicable):

How reproducible:
Unknown. On some pdf files 100% 

Steps to Reproduce:
1. Open pdf file  

Actual results:
Segmentation fault (core dumped)

Additional info:
#0  0x00007ffff66cbb7c in _IO_new_fclose (fp=0x7fffffffb2c0) at iofclose.c:63
#1  0x00007ffff718e857 in opj_stream_destroy (p_stream=p_stream@entry=0xf6d200) at /usr/src/debug/openjpeg-2.1.0/src/lib/openjp2/cio.c:199
#2  0x0000000000a5df9e in fz_load_jpx (ctx=ctx@entry=0xebb010, data=0xf584f0 "", size=79038, defcs=0xe808c0 <k_default_rgb>, 
    indexed=indexed@entry=0) at source/fitz/load-jpx.c:138
#3  0x0000000000a50fd3 in pdf_load_jpx (doc=doc@entry=0xee5260, dict=dict@entry=0xf12ca0, forcemask=forcemask@entry=0)
    at source/pdf/pdf-image.c:233
(gdb) up
#2  0x0000000000a5df9e in fz_load_jpx (ctx=ctx@entry=0xebb010, data=0xf584f0 "", size=79038, defcs=0xe808c0 <k_default_rgb>, 
    indexed=indexed@entry=0) at source/fitz/load-jpx.c:138
138		opj_stream_destroy(stream);
(gdb) print stream
$4 = (opj_stream_t *) 0xf6d200

Comment 1 Sandro Mani 2015-03-15 23:00:26 UTC
Could you please describe in more detail how this is reproducible? I.e. open the PDF with what application? Or with some custom code? If the latter, can you share some minimal code to reproduce?

Comment 2 Pavel Zhukov 2015-03-16 07:45:37 UTC
Open pdf woth mupdf.

Comment 3 Sandro Mani 2015-03-17 18:10:43 UTC
Any chance you could attach a pdf with which the issue is reproducible? Thanks.

Comment 4 Sandro Mani 2015-03-25 14:56:35 UTC
Created attachment 1006352 [details]
Fixed patch

mupdf-1.5-openjpeg.patch is incorrect, you are are passing fclose as the destructor function to free the user data which is a stack allocated variable.

You ought to just pass NULL as the destructor, see fixed patch attached.

With that patch, the output is now

error: cannot open test.pdf
error: cannot load document 'test.pdf'
mupdf: error: cannot open document

but it does not crash. Why it fails to open the document needs to be investigated I guess.

Comment 5 Pablo Rodríguez 2015-04-26 11:03:57 UTC
(In reply to Sandro Mani from comment #3)
> Any chance you could attach a pdf with which the issue is reproducible?
> Thanks.

https://archive.org/download/carminagraecamed00wagnuoft/carminagraecamed00wagnuoft_bw.pdf crashes with the old patch applied to compile mupdf-1.7.

And if I apply your corrected version to compile mupdf-1.7, PDF file is displayed fine. Many thanks for your patch, Sandro.

So the bug is solved in latest released version. I think it may be closed.

Comment 6 Sandro Mani 2015-04-26 11:07:59 UTC
Uhm, the maintainer would need to apply the patch in comment #4 first though before closing this.

Comment 7 Fedora Update System 2015-05-06 19:39:45 UTC
mupdf-1.7-2.fc22 has been submitted as an update for Fedora 22.

Comment 8 Pavel Zhukov 2015-05-06 19:46:31 UTC

*** This bug has been marked as a duplicate of bug 1215752 ***

Comment 9 Fedora Update System 2015-05-26 03:35:57 UTC
mupdf-1.7-2.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.