[Desktop-packages] [Bug 1640670] Re: Crash in GfxICCBasedColorSpace::parse

Tue, 24 Jan 2017 03:41:47 -0800 

*** This bug is a duplicate of bug 1635812 ***
    https://bugs.launchpad.net/bugs/1635812

Backtrace is the same as in #1635812 (also see the patch there).

** This bug has been marked a duplicate of bug 1635812
   atril-thumbnailer crashed with SIGSEGV in cmsGetColorSpace()

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/1640670

Title:
  Crash in GfxICCBasedColorSpace::parse

Status in poppler package in Ubuntu:
  New

Bug description:
  #0  cmsGetColorSpace (hProfile=0x0) at cmsio0.c:934
  #1  0x00007f174b47b438 in GfxICCBasedColorSpace::parse(Array*, OutputDev*, 
GfxState*, int) ()
     from /usr/lib/x86_64-linux-gnu/libpoppler.so.61
  #2  0x00007f174b47a952 in GfxColorSpace::parse(GfxResources*, Object*, 
OutputDev*, GfxState*, int) ()
     from /usr/lib/x86_64-linux-gnu/libpoppler.so.61
  #3  0x00007f174b4a0872 in Page::loadThumb(unsigned char**, int*, int*, int*) 
() from /usr/lib/x86_64-linux-gnu/libpoppler.so.61
  #4  0x00007f174bbb7de9 in poppler_page_get_thumbnail () from 
/usr/lib/x86_64-linux-gnu/libpoppler-glib.so.8
  #5  0x00007f174bdf5b1b in ?? () from 
/usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so
  #6  0x0000557297930bb2 in evince_thumbnail_pngenc_get 
(document=0x7f1744003700, 
      thumbnail=0x5572995948c0 "/tmp/.gnome_desktop_thumbnail.ZD13QY", 
size=256) at evince-thumbnailer.c:182
  #7  0x00005572979307d0 in main (argc=<optimised out>, argv=<optimised out>) 
at evince-thumbnailer.c:301

  
  getColorSpace, part of lcms, is passed a null pointer.

  GfxICCBasedColorSpace::parse has this sequence of code:

  
    if (hp == 0) {
      error(errSyntaxWarning, -1, "read ICCBased color space profile error");
    } else {
      cmsHPROFILE dhp = (state != NULL && state->getDisplayProfile() != NULL) ? 
state->getDisplayProfile() : displayProfile;
      if (dhp == NULL) dhp = RGBProfile;
      unsigned int cst = getCMSColorSpaceType(cmsGetColorSpace(hp));
      unsigned int dNChannels = getCMSNChannels(cmsGetColorSpace(dhp));
      unsigned int dcst = getCMSColorSpaceType(cmsGetColorSpace(dhp));

  hp can't be null, or else we wouldn't be calling cmsGetColorSpace.
  This means dhp must be NULL, which can only happen if RGBProfile is
  null.

  RGBProfile is set up in GfxColorSpace::setupColorProfiles(). Assuming
  this function has been called, it does the following:

    RGBProfile = loadColorProfile("RGB.icc");
    if (RGBProfile == NULL) {
      /* use built in sRGB profile */
      RGBProfile = cmsCreate_sRGBProfile();
    }

  cmsCreate_sRGBProfile can return NULL in a number of ways.

  I'm not sure what the fix is though.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1640670/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to