Bug 26280 - corrupted jpeg stream in corrupted document crashes poppler
Summary: corrupted jpeg stream in corrupted document crashes poppler
Alias: None
Product: poppler
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: high normal
Assignee: poppler-bugs
QA Contact:
URL: https://bugs.kde.org/show_bug.cgi?id=...
Depends on:
Reported: 2010-01-27 09:58 UTC by phobie
Modified: 2010-04-05 11:16 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Example PDF-File created by kolourpaint (3.93 KB, application/postscript)
2010-01-27 09:58 UTC, phobie

Description phobie 2010-01-27 09:58:11 UTC
Created attachment 32854 [details]
Example PDF-File created by kolourpaint

I created a picture with kolourpaint 4.3.4 and used the eps-export function.
This function is buggy and creates a corrupted pdf-file.
Now that is not popplers problem, but poppler crashed okular while trying to reading that document.

Used poppler version 0.12.2-2.1 on debian/sid amd64.

For more information see the linked kde-bug-report or test with the attached file!

Thread 2 (Thread 0x7f4ec6ee0910 (LWP 6868)):
[KCrash Handler]
#5  0x0000000000000000 in ?? ()
#6  0x00007f4ecb45902e in ?? () from /usr/lib/libgs.so.8
#7  0x00007f4ecaedd2d8 in jinit_memory_mgr () from /usr/lib/libjpeg.so.62
#8  0x00007f4ecaecf37d in jpeg_CreateDecompress () from /usr/lib/libjpeg.so.62
#9  0x00007f4ec7196255 in DCTStream::init() () from /usr/lib/libpoppler.so.5
#10 0x00007f4ec71964b3 in DCTStream::DCTStream(Stream*, int) () from
#11 0x00007f4ec7220b47 in Stream::makeFilter(char*, Stream*, Object*) () from
#12 0x00007f4ec72212dc in Stream::addFilters(Object*) () from
#13 0x00007f4ec72164f2 in Parser::makeStream(Object*, unsigned char*,
CryptAlgorithm, int, int, int) () from /usr/lib/libpoppler.so.5
#14 0x00007f4ec72167d2 in Parser::getObj(Object*, unsigned char*,
CryptAlgorithm, int, int, int) () from /usr/lib/libpoppler.so.5
#15 0x00007f4ec7225f13 in XRef::fetch(int, int, Object*) () from
#16 0x00007f4ec71d5126 in GfxResources::lookupXObject(char*, Object*) () from
#17 0x00007f4ec71d8d73 in Gfx::opXObject(Object*, int) () from
#18 0x00007f4ec71c874f in Gfx::go(int) () from /usr/lib/libpoppler.so.5
#19 0x00007f4ec71cc894 in Gfx::display(Object*, int) () from
#20 0x00007f4ec7213c70 in Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) ()
   from /usr/lib/libpoppler.so.5
#21 0x00007f4ec7abd04b in Poppler::Page::renderToImage(double, double, int,
int, int, int, Poppler::Page::Rotation) const () from
#22 0x00007f4ec7d20765 in PDFPixmapGeneratorThread::run (this=0x27c5db0) at
#23 0x00007f4ed94bd4a5 in QThreadPrivate::start (arg=0x27c5db0) at
#24 0x00007f4ed4bc273a in start_thread (arg=<value optimized out>) at
#25 0x00007f4ed82ab6dd in clone () at
#26 0x0000000000000000 in ?? ()
The current source language is "auto; currently asm".
Comment 1 Albert Astals Cid 2010-02-09 15:08:37 UTC
We have to change our implementation of DCTStream to use setjmp/longjmp
Comment 2 Albert Astals Cid 2010-04-05 11:16:30 UTC
Fixed in next poppler 0.13.x release

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.