Bug 1202137 - segfault in opj_stream_destroy
Summary: segfault in opj_stream_destroy
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: mupdf
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Pavel Zhukov
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-15 20:35 UTC by Pavel Zhukov
Modified: 2015-05-26 03:35 UTC (History)
3 users (show)

Fixed In Version: mupdf-1.7-2.fc22
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-05-06 19:46:31 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
Fixed patch (611 bytes, patch)
2015-03-25 14:56 UTC, Sandro Mani 		no flags Details | Diff
View All

Description Pavel Zhukov 2015-03-15 20:35:18 UTC 
Description of problem:
Segfault if open pdf with OCR 

Version-Release number of selected component (if applicable):
mupdf-1.5-5.fc22.x86_64
openjpeg2-2.1.0-3.fc22.x86_64

How reproducible:
Unknown. On some pdf files 100% 

Steps to Reproduce:
1. Open pdf file  

Actual results:
Segmentation fault (core dumped)

Additional info:
#0  0x00007ffff66cbb7c in _IO_new_fclose (fp=0x7fffffffb2c0) at iofclose.c:63
#1  0x00007ffff718e857 in opj_stream_destroy (p_stream=p_stream@entry=0xf6d200) at /usr/src/debug/openjpeg-2.1.0/src/lib/openjp2/cio.c:199
#2  0x0000000000a5df9e in fz_load_jpx (ctx=ctx@entry=0xebb010, data=0xf584f0 "", size=79038, defcs=0xe808c0 <k_default_rgb>, 
    indexed=indexed@entry=0) at source/fitz/load-jpx.c:138
#3  0x0000000000a50fd3 in pdf_load_jpx (doc=doc@entry=0xee5260, dict=dict@entry=0xf12ca0, forcemask=forcemask@entry=0)
    at source/pdf/pdf-image.c:233
....
(gdb) up
#2  0x0000000000a5df9e in fz_load_jpx (ctx=ctx@entry=0xebb010, data=0xf584f0 "", size=79038, defcs=0xe808c0 <k_default_rgb>, 
    indexed=indexed@entry=0) at source/fitz/load-jpx.c:138
138		opj_stream_destroy(stream);
(gdb) print stream
$4 = (opj_stream_t *) 0xf6d200
Comment 1 Sandro Mani 2015-03-15 23:00:26 UTC 
Could you please describe in more detail how this is reproducible? I.e. open the PDF with what application? Or with some custom code? If the latter, can you share some minimal code to reproduce?
Comment 2 Pavel Zhukov 2015-03-16 07:45:37 UTC 
Sorry,
Open pdf woth mupdf.
Comment 3 Sandro Mani 2015-03-17 18:10:43 UTC 
Any chance you could attach a pdf with which the issue is reproducible? Thanks.
Comment 4 Sandro Mani 2015-03-25 14:56:35 UTC 
Created attachment 1006352 [details]
Fixed patch

mupdf-1.5-openjpeg.patch is incorrect, you are are passing fclose as the destructor function to free the user data which is a stack allocated variable.

You ought to just pass NULL as the destructor, see fixed patch attached.

With that patch, the output is now

error: cannot open test.pdf
error: cannot load document 'test.pdf'
mupdf: error: cannot open document

but it does not crash. Why it fails to open the document needs to be investigated I guess.
Comment 5 Pablo Rodríguez 2015-04-26 11:03:57 UTC 
(In reply to Sandro Mani from comment #3)
> Any chance you could attach a pdf with which the issue is reproducible?
> Thanks.

https://archive.org/download/carminagraecamed00wagnuoft/carminagraecamed00wagnuoft_bw.pdf crashes with the old patch applied to compile mupdf-1.7.

And if I apply your corrected version to compile mupdf-1.7, PDF file is displayed fine. Many thanks for your patch, Sandro.

So the bug is solved in latest released version. I think it may be closed.
Comment 6 Sandro Mani 2015-04-26 11:07:59 UTC 
Uhm, the maintainer would need to apply the patch in comment #4 first though before closing this.
Comment 7 Fedora Update System 2015-05-06 19:39:45 UTC 
mupdf-1.7-2.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/mupdf-1.7-2.fc22
Comment 8 Pavel Zhukov 2015-05-06 19:46:31 UTC 

*** This bug has been marked as a duplicate of bug 1215752 ***
Comment 9 Fedora Update System 2015-05-26 03:35:57 UTC 
mupdf-1.7-2.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.