Bug 46621

Summary: crash when opening file
Product: poppler Reporter: Nerijus Baliūnas <nerijus>
Component: generalAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED WORKSFORME QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Nerijus Baliūnas 2012-02-25 09:54:21 UTC
Fedora 16 evince-3.2.1-2.fc16.i686 (using poppler-0.18.0-2.fc16.i686) crashes when opening attached file:

*** stack smashing detected ***: evince terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x45)[0xb762e1c5]
/lib/libc.so.6(+0x10c17a)[0xb762e17a]
/usr/lib/libpoppler.so.18(+0x42662d24)[0xa8e79d24]
/usr/lib/libpoppler.so.18(+0x4257ca55)[0xa8d93a55]
/usr/lib/libpoppler.so.18(_ZN9JPXStream4initEv+0x16c)[0xa8d93bcc]
/usr/lib/libpoppler.so.18(_ZN9JPXStream14getImageParamsEPiP20StreamColorSpaceMode+0x60)[0xa8d93dd0]
/usr/lib/libpoppler.so.18(_ZN3Gfx7doImageEP6ObjectP6Streamb+0xd5)[0xa8dce195]
/usr/lib/libpoppler.so.18(_ZN3Gfx9opXObjectEP6Objecti+0x39e)[0xa8dcfc2e]
/usr/lib/libpoppler.so.18(_ZN3Gfx6execOpEP6ObjectS1_i+0x127)[0xa8dc4237]
/usr/lib/libpoppler.so.18(_ZN3Gfx2goEb+0x19c)[0xa8dcb2bc]
/usr/lib/libpoppler.so.18(_ZN3Gfx7displayEP6Objectb+0xa5)[0xa8dcb7e5]
/usr/lib/libpoppler.so.18(_ZN4Page7displayEP3Gfx+0x77)[0xa8e0ca27]
/usr/lib/libpoppler-glib.so.8[0x412570d8]
/usr/lib/libpoppler-glib.so.8(poppler_page_get_image_mapping+0x92)[0x41259392]
/usr/lib/evince/3/backends/libpdfdocument.so(+0x9f08)[0xa985ff08]
/usr/lib/libevdocument3.so.3(ev_document_images_get_image_mapping+0x3c)[0x410b282c]
/usr/lib/libevview3.so.3[0x410e8804]
/usr/lib/libevview3.so.3(ev_job_run+0x10)[0x410e78e0]
/usr/lib/libevview3.so.3[0x410e9813]
/lib/libglib-2.0.so.0[0x41f28f45]
/lib/libpthread.so.0(+0x6cd3)[0xb76d6cd3]
/lib/libc.so.6(clone+0x5e)[0xb7615a2e]

gdb backtrace:
(gdb) bt
#0  0xb7fdc424 in __kernel_vsyscall ()
#1  0xb7dbd98f in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0xb7dbf2d5 in __GI_abort () at abort.c:91
#3  0xb7dfe02a in __libc_message (do_abort=2, fmt=0xb7ef682b "*** %s ***: %s terminated\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#4  0xb7e9a1c5 in __GI___fortify_fail (msg=0xb7ef6813 "stack smashing detected") at fortify_fail.c:32
#5  0xb7e9a17a in __stack_chk_fail () at stack_chk_fail.c:29
#6  0xa8e7ad24 in __stack_chk_fail_local () from /usr/lib/libpoppler.so.18
#7  0xa8d94a55 in JPXStream::init2 (this=0x858e8c8, buf=0x8593df8 "", bufLen=82327, format=CODEC_JP2)
    at JPEG2000Stream.cc:170
#8  0xa8d94bcc in JPXStream::init (this=0x858e8c8) at JPEG2000Stream.cc:78
#9  0xa8d94dd0 in JPXStream::getImageParams (this=0x858e8c8, bitsPerComponent=0xa9864c38, csMode=
    0xa9864c3c) at JPEG2000Stream.cc:185
#10 0xa8dcf195 in Gfx::doImage (this=0x8583e18, ref=0xa9864ca8, str=0x858e8c8, inlineImg=false)
    at Gfx.cc:4063
#11 0xa8dd0c2e in Gfx::opXObject (this=0x8583e18, args=0xa9864d74, numArgs=1) at Gfx.cc:4010
#12 0xa8dc5237 in Gfx::execOp (this=0x8583e18, cmd=0xa9864f14, args=0xa9864d74, numArgs=1) at Gfx.cc:851
#13 0xa8dcc2bc in Gfx::go (this=0x8583e18, topLevel=true) at Gfx.cc:711
#14 0xa8dcc7e5 in Gfx::display (this=0x8583e18, obj=0xa9864fa4, topLevel=true) at Gfx.cc:678
#15 0xa8e0da27 in Page::display (this=0x83fc130, gfx=0x8583e18) at Page.cc:517
#16 0x412570d8 in poppler_page_get_image_output_dev (page=0x812f360, imgDrawDeviceCbk=<optimized out>, 
    imgDrawCbkData=0x0) at poppler-page.cc:931
#17 0x41259392 in poppler_page_get_image_mapping (page=0x812f360) at poppler-page.cc:956
#18 0xa905ef08 in ?? () from /usr/lib/evince/3/backends/libpdfdocument.so
#19 0x410b282c in ev_document_images_get_image_mapping () from /usr/lib/libevdocument3.so.3
#20 0x410e8804 in ?? () from /usr/lib/libevview3.so.3
#21 0x410e78e0 in ev_job_run () from /usr/lib/libevview3.so.3
#22 0x410e9813 in ?? () from /usr/lib/libevview3.so.3
#23 0x41f28f45 in ?? () from /lib/libglib-2.0.so.0
#24 0xb7f42cd3 in start_thread (arg=0xa9865b40) at pthread_create.c:309
#25 0xb7e81a2e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133
(gdb)
Comment 1 Nerijus Baliūnas 2012-02-25 09:57:29 UTC
Attachment was a bit too large to attach here, here's the URL - http://www.failai.lt/qdad3w3tqhm4/1922_traukiniu_ir_autobusu_tvarkarastis_reduced_size.pdf.htm
Comment 2 Albert Astals Cid 2012-02-26 11:06:33 UTC
Which version of libopenjpeg do you have intalled?
Comment 3 Nerijus Baliūnas 2012-02-26 11:18:35 UTC
openjpeg-libs-1.4-11.fc16.i686
Comment 4 Nerijus Baliūnas 2012-07-17 14:10:00 UTC
openjpeg-libs-1.4-13.fc16.i686 and poppler-0.18.0-3.fc16.i686 fixed the crash.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.