[Desktop-packages] [Bug 599439] Re: evince crashed with SIGSEGV in JPXStream::readTilePartData()
** Changed in: poppler Status: Confirmed => Unknown -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/599439 Title: evince crashed with SIGSEGV in JPXStream::readTilePartData() Status in Poppler: Unknown Status in poppler package in Ubuntu: Triaged Bug description: evince crashes with the following valgrind output when opening the attached file. $ valgrind evince sample.pdf ==12903== Memcheck, a memory error detector. ==12903== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==12903== Using LibVEX rev 1884, a library for dynamic binary translation. ==12903== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==12903== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework. ==12903== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==12903== For more details, rerun with: -v ==12903== Error: PDF file is damaged - attempting to reconstruct xref table... ==12903== Thread 2: ==12903== Use of uninitialised value of size 4 ==12903==at 0x4E1E47F: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1951) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903==by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903==by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903==by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903==by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903==by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903==by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903==by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Use of uninitialised value of size 4 ==12903==at 0x4E1E48A: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1952) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903==by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903==by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903==by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903==by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903==by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903==by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903==by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Conditional jump or move depends on uninitialised value(s) ==12903==at 0x4E1E509: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1977) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903==by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903==by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903==by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903==by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903==by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903==by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903==by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Use of uninitialised value of size 4 ==12903==at 0x4E1E515: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1978) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903==by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903==by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, Gf
[Desktop-packages] [Bug 599439] Re: evince crashed with SIGSEGV in JPXStream::readTilePartData()
On Ubuntu 17.04 "Zesty Zapus", the attached file doesn't crash evince, but most of the page is not displayed. Firefox 56.0 doesn't display any of it. Possibly a broken document? evince 3.24.0-0ubuntu1.1 poppler 0.48.0-2ubuntu2.4 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/599439 Title: evince crashed with SIGSEGV in JPXStream::readTilePartData() Status in Poppler: Confirmed Status in poppler package in Ubuntu: Triaged Bug description: evince crashes with the following valgrind output when opening the attached file. $ valgrind evince sample.pdf ==12903== Memcheck, a memory error detector. ==12903== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==12903== Using LibVEX rev 1884, a library for dynamic binary translation. ==12903== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==12903== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework. ==12903== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==12903== For more details, rerun with: -v ==12903== Error: PDF file is damaged - attempting to reconstruct xref table... ==12903== Thread 2: ==12903== Use of uninitialised value of size 4 ==12903==at 0x4E1E47F: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1951) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903==by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903==by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903==by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903==by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903==by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903==by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903==by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Use of uninitialised value of size 4 ==12903==at 0x4E1E48A: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1952) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903==by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903==by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903==by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903==by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903==by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903==by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903==by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Conditional jump or move depends on uninitialised value(s) ==12903==at 0x4E1E509: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1977) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903==by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903==by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903==by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903==by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903==by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903==by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903==by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Use of uninitialised value of size 4 ==12903==at 0x4E1E515: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1978) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272)
[Desktop-packages] [Bug 599439] Re: evince crashed with SIGSEGV in JPXStream::readTilePartData()
Still crashes evince on Ubuntu 14.04 "Trusty Tahr". evince 3.10.3-0ubuntu10.2 poppler 0.24.5-2ubuntu4.2 ** Tags added: jaunty maverick ** Tags added: trusty -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/599439 Title: evince crashed with SIGSEGV in JPXStream::readTilePartData() Status in Poppler: Confirmed Status in poppler package in Ubuntu: Triaged Bug description: evince crashes with the following valgrind output when opening the attached file. $ valgrind evince sample.pdf ==12903== Memcheck, a memory error detector. ==12903== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==12903== Using LibVEX rev 1884, a library for dynamic binary translation. ==12903== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==12903== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework. ==12903== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==12903== For more details, rerun with: -v ==12903== Error: PDF file is damaged - attempting to reconstruct xref table... ==12903== Thread 2: ==12903== Use of uninitialised value of size 4 ==12903==at 0x4E1E47F: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1951) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903==by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903==by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903==by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903==by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903==by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903==by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903==by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Use of uninitialised value of size 4 ==12903==at 0x4E1E48A: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1952) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903==by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903==by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903==by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903==by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903==by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903==by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903==by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Conditional jump or move depends on uninitialised value(s) ==12903==at 0x4E1E509: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1977) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903==by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==12903==by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int, GfxImageColorMap*) (CairoOutputDev.cc:1485) ==12903==by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857) ==12903==by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526) ==12903==by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771) ==12903==by 0x4E5307E: Gfx::go(int) (Gfx.cc:642) ==12903==by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611) ==12903== ==12903== Use of uninitialised value of size 4 ==12903==at 0x4E1E515: JPXStream::readTilePartData(unsigned int, unsigned int, int) (JPXStream.cc:1978) ==12903==by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924) ==12903==by 0x4E20766: JPXStream::readCodestream(unsigned int) (JPXStream.cc:1366) ==12903==by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735) ==12903==by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272) ==12903==by 0x4EA33E2: ImageStream::reset() (Stream.cc:419) ==
