Bug 1553915 - mupdf crashes when viewing some documents
Summary: mupdf crashes when viewing some documents
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: mupdf
Version: 27
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Michael J Gruber
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-09 21:09 UTC by Ricardo Garcia
Modified: 2018-06-07 12:35 UTC (History)
2 users (show)

Fixed In Version: mupdf-1.13.0-6.fc28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-06-07 12:35:09 UTC
Type: Bug


Attachments (Terms of Use)
Document producing the crash (1.76 MB, application/pdf)
2018-03-09 21:09 UTC, Ricardo Garcia
no flags Details
gdb data from mupdf crash (4.10 KB, text/plain)
2018-04-29 22:56 UTC, Michal Jaegermann
no flags Details

Description Ricardo Garcia 2018-03-09 21:09:48 UTC
Created attachment 1406403 [details]
Document producing the crash

Description of problem:
When viewing some documents, mupdf crashes with the following message:

$ mupdf-x11 catalog_es.pdf 
mupdf-x11: source/fitz/colorspace.c:1399: fast_rgb_to_cmyk: Assertion `"This should never happen" == NULL' failed.
Aborted (core dumped)


Version-Release number of selected component (if applicable):
mupdf-1.12.0-5.fc27

How reproducible:
I've attached a document that reliably reproduces the crash in my system when attempting to view page 3.

Steps to Reproduce:
1. Open the attached document.
2. Forward page until page 3.

Actual results:
Crash.

Expected results:
Displaying the document without crashes. :-)

Additional info:

Comment 1 Michael J Gruber 2018-03-11 14:22:56 UTC
Thanks for the report.

Interestingly, this PDF works with zathura, even using its mupdf backend. I've pointed upstream to this report.

Comment 2 Ricardo Garcia 2018-03-12 22:45:33 UTC
I've built mupdf 1.12.0 from the official source tarball without any patches and it doesn't seem to crash. Color rendering is also fine.

By following the procedure in the spec file (removing thirdparty/ and applying the same compilation flags), I get the crash.

If I apply the patch mentioned here it doesn't crash but color rendering is borked.

https://bugs.ghostscript.com/show_bug.cgi?id=698877

Comment 3 Michal Jaegermann 2018-04-29 22:54:26 UTC
I bumped into another document which reliably crashes mupdf-1.12.0-5.fc27.x86_64 in exactly the same way as in the original report.  As a reproducer is already present I would rather avoid uploading this document as it is not exactly mine.  As this is a one-page file mupdf bombs out immediately on an attempt to open it.  Anyway - pdfinfo reports the following;

Creator:        Adobe InDesign CC (Windows)
Producer:       Adobe PDF Library 11.0
CreationDate:   Mon Apr 13 15:36:12 2015 MDT
ModDate:        Thu Apr  5 12:02:26 2018 MDT
Tagged:         yes
UserProperties: no
Suspects:       no
Form:           AcroForm
JavaScript:     no
Pages:          1
Encrypted:      no
Page size:      432 x 720 pts
Page rot:       0
File size:      129101 bytes
Optimized:      no
PDF version:    1.6

and neither evince nor xpdf do not have any problems to render it.

gdb produced backtrace is attached.

Comment 4 Michal Jaegermann 2018-04-29 22:56:06 UTC
Created attachment 1428607 [details]
gdb data from mupdf crash

Comment 5 Michael J Gruber 2018-04-30 10:20:37 UTC
Could you try with a build from https://copr.fedorainfracloud.org/coprs/mjg/mupdf/ please?

These are test builds for the upcoming fedora mupdf update. I will have to bundle lcms2 to fix these issues, the copr build has that. I still have to decide whether the mupdf UI issues (unicode, copy+paste) justify bundling the patched freeglut.

Since bundling patched libs should not be done lightly I've allowed extra time before I apply these changes, and additional input would be very helful.

Comment 6 Michal Jaegermann 2018-04-30 15:35:42 UTC
(In reply to Michael J Gruber from comment #5)
> Could you try with a build from
> https://copr.fedorainfracloud.org/coprs/mjg/mupdf/ please?

My "crasher" file is rendered by this build of mupdf without any complaints or other issues.

If this is really an lcms2 fault then maybe this report should be reassigned there?

Comment 7 Michael J Gruber 2018-04-30 17:13:55 UTC
(In reply to Michal Jaegermann from comment #6)
> (In reply to Michael J Gruber from comment #5)
> > Could you try with a build from
> > https://copr.fedorainfracloud.org/coprs/mjg/mupdf/ please?
> 
> My "crasher" file is rendered by this build of mupdf without any complaints
> or other issues.

Perfect, thanks!

> If this is really an lcms2 fault then maybe this report should be reassigned
> there?

mupdf uses lcms2 in a special way (multithreaded), and Artifex (the makers of mupdf) patch lcms2 to support this mode. Artifex do not support the use of an unpatched lcms2; lcms2 does not accept the Artifex patches; Fedora does not support bundled versions of system libraries, unless necessary for special reasons, and unless the patcher (in this case: Artifex) makes sure to apply security fixes.

In any case, this warrants bundling lcms2. Updates upcoming.

Comment 8 Ricardo Garcia 2018-04-30 20:40:22 UTC
Thanks. The COPR build fixes the crash and the weird colors in my system too. Looking forward to those updates.

Comment 9 Fedora Update System 2018-06-03 18:56:11 UTC
mupdf-1.13.0-6.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-62e4d0c866

Comment 10 Fedora Update System 2018-06-04 14:48:35 UTC
mupdf-1.13.0-6.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-62e4d0c866

Comment 11 Fedora Update System 2018-06-07 12:35:09 UTC
mupdf-1.13.0-6.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.