Package: libdjvulibre21
Version: 3.5.27.1-7
DjVuLibre crashes with floating point exception while trying to decode the
attached file:
$ ddjvu fpe.djvu
Floating point exception
GDB says it's a division by zero:
Thread 3 "ddjvu" received signal SIGFPE, Arithmetic exception.
[Switching to Thread 0xf75c2b40 (LWP 7535)]
0xf7f2ec4d in DJVU::IW44Image::Map::image (this=0xf6c00b18,
img8=img8@entry=0x0, rowsize=rowsize@entry=0, pixsep=pixsep@entry=3,
fast=fast@entry=0) at IW44Image.cpp:679
679 if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
(gdb) print bw
$1 = 0
(gdb) bt
#0 0xf7f2ec4d in DJVU::IW44Image::Map::image (this=0xf6c00b18,
img8=img8@entry=0x0, rowsize=rowsize@entry=0, pixsep=pixsep@entry=3,
fast=fast@entry=0) at IW44Image.cpp:679
#1 0xf7f30353 in DJVU::IWPixmap::get_pixmap (this=0xf6c00b98) at
IW44Image.cpp:1656
#2 0xf7ea721e in DJVU::DjVuFile::decode_chunk (this=this@entry=0x565d05c0,
id=..., gbs=..., djvi=false, djvu=true, iw44=false) at DjVuFile.cpp:984
#3 0xf7ea951d in DJVU::DjVuFile::decode (this=<optimized out>,
this@entry=0x565d05c0, gbs=...) at DjVuFile.cpp:1255
#4 0xf7ea9cf8 in DJVU::DjVuFile::decode_func (this=this@entry=0x565d05c0) at
DjVuFile.cpp:484
#5 0xf7eaa57e in DJVU::DjVuFile::static_decode_func (cl_data=0x565d05c0) at
DjVuFile.cpp:464
#6 0xf7f0ff7d in DJVU::GThread::start (arg=0x565c9bc0) at GThreads.cpp:392
#7 0xf7d7327a in start_thread (arg=0xf75c2b40) at pthread_create.c:333
#8 0xf7aafad6 in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:110
Found using American Fuzzy Lop:
http://lcamtuf.coredump.cx/afl/
-- System Information:
Architecture: i386
Foreign Architectures: amd64
Kernel: Linux 4.11.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages libdjvulibre21:i386 depends on:
ii libc6 2.24-12
ii libdjvulibre-text 3.5.27.1-7
ii libgcc1 1:7.1.0-10
ii libjpeg62-turbo 1:1.5.1-2
ii libstdc++6 7.1.0-10
--
Jakub Wilk