3299 – crash with evince on opening pdf with : Not a JPEG file: starts with 0x02 0x00

Bug 3299 - crash with evince on opening pdf with : Not a JPEG file: starts with 0x02 0x00

Summary: crash with evince on opening pdf with : Not a JPEG file: starts with 0x02 0x00

Status:	RESOLVED FIXED

Alias:	None

Product:	poppler
Classification:	Unclassified
Component:	general (show other bugs)
Version:	unspecified
Hardware:	x86 (IA32) Linux (All)

Importance:	high normal
Assignee:	Kristian Høgsberg
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-05-16 02:04 UTC by Thilo Pfennig
Modified:	2005-07-25 13:58 UTC (History)
CC List:	2 users (show)

See Also:
i915 platform:
i915 features:

Attachments
the file on which evince crashed (67.59 KB, application/pdf) 2005-05-16 02:08 UTC, Thilo Pfennig	Details
the similar PDF that does not crash (70.82 KB, application/pdf) 2005-05-16 02:09 UTC, Thilo Pfennig	Details
View All

Description Thilo Pfennig 2005-05-16 02:04:59 UTC

= Transfering this bug from GNOME Bugzilla:
http://bugzilla.gnome.org/show_bug.cgi?id=304303 =

------- Additional Comment #1 From Elijah Newren  2005-05-16 02:54 UTC -------

Could you provide a stack trace and the file that causes the crash?  (See
http://live.gnome.org/GettingTraces for more information on how to get a stack
trace)


------- Additional Comment #2 From Nickolay V. Shmyrev 2005-05-16 06:30 UTC -------

Also, this looks like a bug with the PDF backend.  Could you please follow
these instructions to help get this bug fixed. You can attach backtrace and
document directly to poppler bugzilla. 

http://live.gnome.org/Evince/PopplerBugs#poppler

Thank You. 

-------------- cut --------------------------------
backtrace:


GNU gdb Red Hat Linux (6.3.0.0-1.21rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

(gdb) run foobar.pdf
Starting program: /usr/bin/evince foobar.pdf
[Thread debugging using libthread_db enabled]
[New Thread -1208838464 (LWP 4282)]
[New Thread -1211126864 (LWP 4285)]

Program received signal SIG33, Real-time event 33.
[Switching to Thread -1211126864 (LWP 4285)]
0x009cd7e2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2

(gdb) thread apply all bt

Thread 2 (Thread -1211126864 (LWP 4285)):
#0  0x009cd7e2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00c4a7a6 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0x08070086 in ev_render_thread (data=0x0) at ev-job-queue.c:116
#3  0x00d25e9a in g_thread_create_proxy (data=0x8d8d530) at gthread.c:561
#4  0x00c48b80 in start_thread () from /lib/libpthread.so.0
#5  0x00ab9b9e in clone () from /lib/libc.so.6

Thread 1 (Thread -1208838464 (LWP 4282)):
#0  0x009cd7e2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00c479e6 in __nptl_setxid () from /lib/libpthread.so.0
#2  0x00ab1f78 in seteuid () from /lib/libc.so.6
#3  0x0019560d in gnome_vfs_add_module_to_hash_table (name=0x8e0d5a0 "file")
    at gnome-vfs-method.c:328
#4  0x001957d0 in gnome_vfs_transform_get (name=0x8e0d5a0 "file")
    at gnome-vfs-method.c:391
#5  0x001a5351 in gnome_vfs_uri_new_private (
    text_uri=0x8e0d628 "file:///home/vinci/.recently-used",
    allow_unknown_methods=0, allow_unsafe_methods=0, allow_transforms=1)
    at gnome-vfs-uri.c:533
#6  0x001a54a0 in gnome_vfs_uri_new (
    text_uri=0xfffffffc <Address 0xfffffffc out of bounds>)
    at gnome-vfs-uri.c:494
#7  0x001a01d7 in gnome_vfs_monitor_add (handle=0xfffffffc,
    text_uri=0xfffffffc <Address 0xfffffffc out of bounds>,
    monitor_type=4294967292, callback=0xfffffffc, user_data=0xfffffffc)
    at gnome-vfs-ops.c:765
#8  0x08066272 in egg_recent_model_monitor (model=0x8e0a9e8,
should_monitor=Variable "should_monitor" is not available.
)
    at egg-recent-model.c:684
#9  0x008cfea7 in IA__g_type_create_instance (type=148950384) at gtype.c:1596
#10 0x008b6830 in g_object_constructor (type=4294967292,
    n_construct_properties=0, construct_params=0x0) at gobject.c:1045
#11 0x008b7489 in IA__g_object_newv (object_type=148950384, n_parameters=1,
    parameters=0x8e0d228) at gobject.c:942
#12 0x008b80e3 in IA__g_object_new_valist (object_type=148950384,
    first_property_name=0x8079b73 "sort-type", var_args=Variable "var_args" is
not available.
) at gobject.c:1026
#13 0x008b81dc in IA__g_object_new (object_type=148950384,
    first_property_name=0xfffffffc <Address 0xfffffffc out of bounds>)
    at gobject.c:823
#14 0x0806821e in egg_recent_model_new (sort=EGG_RECENT_MODEL_SORT_LRU)
    at egg-recent-model.c:1224
#15 0x080629d7 in ev_window_init (ev_window=0x8d9ad48) at ev-window.c:791
#16 0x008cfea7 in IA__g_type_create_instance (type=148432840) at gtype.c:1596
#17 0x008b6830 in g_object_constructor (type=4294967292,
    n_construct_properties=1, construct_params=0x8d9a0e8) at gobject.c:1045
#18 0x008b7489 in IA__g_object_newv (object_type=148432840, n_parameters=3,
    parameters=0x8d9aba0) at gobject.c:942
#19 0x008b80e3 in IA__g_object_new_valist (object_type=148432840,
    first_property_name=0x807a7c2 "type", var_args=Variable "var_args" is not
available.
) at gobject.c:1026
#20 0x008b81dc in IA__g_object_new (object_type=148432840,
    first_property_name=0xfffffffc <Address 0xfffffffc out of bounds>)
    at gobject.c:823
#21 0x080576a7 in ev_application_new_window (application=0x8d8e1d0)
    at ev-application.c:79
#22 0x08065cd2 in main (argc=1, argv=0x1) at main.c:58

Comment 1 Thilo Pfennig 2005-05-16 02:08:40 UTC

Created attachment 2684 [details]
the file on which evince crashed 

picture is license CC-by-sa1.0

Comment 2 Thilo Pfennig 2005-05-16 02:09:41 UTC

Created attachment 2685 [details]
the similar PDF that does not crash

Comment 3 Jeff Muizelaar 2005-06-03 19:34:16 UTC

So the problem is that libjpeg does not like the jpeg inside the pdf. How was
the crashing pdf produced?

-Jeff

Comment 4 Albert Astals Cid 2005-07-26 04:31:38 UTC

The problem is that libjpeg is strict with jpeg format and adobe is not that   
much. The file that crashes begins the DCTStream with  
  
stream^M  
^B^@3^@^@^@^C^@^E&#216;^@^@^@^@^@^@^@^@^@^@^@^@^@^@^A^@^[^@^@^@  
^@^@^@^@^@^@^@^@^@^A^@^@^@^A^@^@^@^A^@^@^@^A^@^@^@^A&#255;&#216;&#255;à^@^PJFIF  
  
when the good start is  
  
stream^M  
&#255;&#216;&#255;à^@^PJFIF  
  
You see there's a lot of "gargabe" before the &#255;&#216; marker that is the start 
marker of a JPEG "file". 
  
I've made a way too hackish patch that fixes that, i suppose we can find a  
better way to plug our own marker function in libjpeg code so that this file  
is correctly read.  
  
We also can close this bug as INVALID as the pdf itself is faulty.

Comment 5 Albert Astals Cid 2005-07-26 04:33:06 UTC

Created attachment 3140 [details] [review]
Proposed patch

Comment 6 Albert Astals Cid 2005-07-26 05:12:26 UTC

Created attachment 3141 [details] [review]
Second attempt

Comment 7 Thilo Pfennig 2005-07-26 23:32:05 UTC

(In reply to comment #4)
> We also can close this bug as INVALID as the pdf itself is faulty. 
>   

Well INVALID? ok, the PDF is faulty, but I think the optimum would be not to
crash. Either give a note like "this PDF is faulty and cannot be displayed" or
open it, nevertheless. I would think a crash should never happen?

Comment 8 Albert Astals Cid 2005-07-26 23:58:39 UTC

The bug is already fixed in cvs.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.