Launchpad has imported 7 comments from the remote bug at https://bugs.freedesktop.org/show_bug.cgi?id=92450.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2015-10-13T20:56:39+00:00 Saintlinu wrote: Created attachment 118861 Use of this file could lead to crash the products using poppler library Hello, I've found some vulnerabilities in pdf viewers using famous library named poppler such as evince, xpdf, okular and so on. This is my short report and I used latest version of poppler (poppler-0.37.0). Plus I've attached some findings. Thanks -Alex in details: alex@vm64:$ LD_LIBRARY_PATH=/usr/local/lib gdb --args ./evince ~/hack/project/fuzzer/testcases/pdf/JPXDecode/fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1 GNU gdb (Ubuntu 7.10-1ubuntu2) 7.10 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./evince...done. gdb$ r Starting program: /home/alex/hack/project/evince/evince-3.18.0/shell/.libs/evince /home/alex/hack/project/fuzzer/testcases/pdf/JPXDecode/fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffece5e700 (LWP 17556)] [New Thread 0x7fffec65d700 (LWP 17557)] [New Thread 0x7fffebe5c700 (LWP 17558)] [New Thread 0x7fffeb038700 (LWP 17563)] [New Thread 0x7fffe9a4e700 (LWP 17564)] [New Thread 0x7fffda2ab700 (LWP 17565)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffe9a4e700 (LWP 17564)] -----------------------------------------------------------------------------------------------------------------------[regs] RAX: 0x0000000000000000 RBX: 0x0000000000000000 RBP: 0x00007FFFD005DA40 RSP: 0x00007FFFE9A4CF50 o d I t s z A p c RDI: 0x00007FFFD0042BA0 RSI: 0x0000000000000000 RDX: 0x0000000000000018 RCX: 0x0000000000000001 RIP: 0x00007FFFE8A04C49 R8 : 0x0000000000000000 R9 : 0x0000000000000006 R10: 0x00000000000000A8 R11: 0x00007FFFD005DAB0 R12: 0x00007FFFD0042850 R13: 0x00007FFFD005A0E0 R14: 0x00007FFFD005DAB0 R15: 0x0000000000001923 CS: 0033 DS: 0000 ES: 0000 FS: 0000 GS: 0000 SS: 002B [0x002B:0x00007FFFE9A4CF50]-------------------------------------------------------------------------------------------[stack] 0x00007FFFE9A4CFA0 : 01 00 00 00 FF 7F 00 00 - 01 00 00 00 FF 7F 00 00 ................ 0x00007FFFE9A4CF90 : 00 00 00 00 03 00 00 00 - 01 00 00 00 FF 7F 00 00 ................ 0x00007FFFE9A4CF80 : 50 A1 05 D0 FF 7F 00 00 - 90 BA 06 D0 FF 7F 00 00 P............... 0x00007FFFE9A4CF70 : B4 CF A4 E9 FF 7F 00 00 - 03 00 00 00 00 00 00 00 ................ 0x00007FFFE9A4CF60 : 50 28 04 D0 FF 7F 00 00 - 80 C2 05 D0 FF 7F 00 00 P(.............. 0x00007FFFE9A4CF50 : 40 2D 04 D0 FF 7F 00 00 - 00 00 00 00 00 00 00 00 @-.............. -----------------------------------------------------------------------------------------------------------------------[code] => 0x7fffe8a04c49 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+265>: mov rbp,QWORD PTR [rax+0x10] 0x7fffe8a04c4d <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+269>: lea r11,[rbp+rbx*1+0x0] 0x7fffe8a04c52 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+274>: mov r9d,DWORD PTR [r11+0x14] 0x7fffe8a04c56 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+278>: test r9d,r9d 0x7fffe8a04c59 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+281>: je 0x7fffe8a04ca3 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+355> 0x7fffe8a04c5b <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+283>: mov r8d,DWORD PTR [r11+0x10] 0x7fffe8a04c5f <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+287>: xor eax,eax 0x7fffe8a04c61 <JPXStream::readTilePartData(unsigned int, unsigned int, bool)+289>: xor edi,edi ----------------------------------------------------------------------------------------------------------------------------- 0x00007fffe8a04c49 in JPXStream::readTilePartData (this=this@entry=0x7fffd0042d40, tileIdx=<optimized out>, tilePartLen=0x1923, tilePartToEOC=tilePartToEOC@entry=0x0) at JPXStream.cc:2142 2142 if (!bits) { gdb$ bt #0 0x00007fffe8a04c49 in JPXStream::readTilePartData (this=this@entry=0x7fffd0042d40, tileIdx=<optimized out>, tilePartLen=0x1923, tilePartToEOC=tilePartToEOC@entry=0x0) at JPXStream.cc:2142 #1 0x00007fffe8a05f89 in JPXStream::readTilePart (this=this@entry=0x7fffd0042d40) at JPXStream.cc:2100 #2 0x00007fffe8a06f17 in JPXStream::readCodestream (this=this@entry=0x7fffd0042d40, len=<optimized out>) at JPXStream.cc:1488 #3 0x00007fffe8a08df1 in JPXStream::readBoxes (this=this@entry=0x7fffd0042d40) at JPXStream.cc:780 #4 0x00007fffe8a09036 in JPXStream::reset (this=0x7fffd0042d40) at JPXStream.cc:275 #5 0x00007fffe8e1c812 in RescaleDrawImage::getSourceImage (this=this@entry=0x7fffe9a4d310, str=str@entry=0x7fffd0042d40, widthA=widthA@entry=0x66, height=height@entry=0xf1, scaledWidth=0x2f9, scaledHeight=0x6fd, printing=0x0, colorMapA=0x7fffd0042f30, maskColorsA=0x0) at CairoOutputDev.cc:2881 #6 0x00007fffe8e1ae21 in CairoOutputDev::drawImage (this=0x7fffd003e030, state=0x7fffd00421c0, ref=0x7fffe9a4d640, str=0x7fffd0042d40, widthA=0x66, heightA=0xf1, colorMap=0x7fffd0042f30, interpolate=0x0, maskColors=0x0, inlineImg=0x0) at CairoOutputDev.cc:3028 #7 0x00007fffe8a4ba9e in Gfx::doImage (this=this@entry=0x7fffd0041f60, ref=ref@entry=0x7fffe9a4d640, str=0x7fffd0042d40, inlineImg=inlineImg@entry=0x0) at Gfx.cc:4663 #8 0x00007fffe8a4c6af in Gfx::opXObject (this=0x7fffd0041f60, args=<optimized out>, numArgs=<optimized out>) at Gfx.cc:4189 #9 0x00007fffe8a46f26 in Gfx::go (this=this@entry=0x7fffd0041f60, topLevel=topLevel@entry=0x1) at Gfx.cc:763 #10 0x00007fffe8a47409 in Gfx::display (this=this@entry=0x7fffd0041f60, obj=obj@entry=0x7fffe9a4da40, topLevel=topLevel@entry=0x1) at Gfx.cc:729 #11 0x00007fffe8a85c28 in Page::displaySlice (this=0x7fffd00407e0, out=out@entry=0x7fffd003e030, hDPI=hDPI@entry=72, vDPI=vDPI@entry=72, rotate=rotate@entry=0x0, useMediaBox=useMediaBox@entry=0x0, crop=crop@entry=0x1, sliceX=sliceX@entry=0xffffffff, sliceY=0xffffffff, sliceW=0xffffffff, sliceH=0xffffffff, printing=0x0, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=0x0) at Page.cc:599 #12 0x00007fffe8e03ace in _poppler_page_render (page=0xa8c6c0, cairo=0xa30510, printing=<optimized out>, print_flags=<optimized out>) at poppler-page.cc:362 #13 0x00007fffe90450b3 in pdf_page_render (page=page@entry=0xa8c6c0, width=0x2f9, height=0x6fd, rc=rc@entry=0xa8c700) at /build/buildd/evince-3.16.1/./backend/pdf/ev-poppler.cc:415 #14 0x00007fffe90452f1 in pdf_document_render (document=<optimized out>, rc=0xa8c700) at /build/buildd/evince-3.16.1/./backend/pdf/ev-poppler.cc:442 #15 0x00007ffff7968832 in ev_job_render_run (job=0xb49bc0) at /build/buildd/evince-3.16.1/./libview/ev-jobs.c:638 #16 0x00007ffff796a68a in ev_job_thread (job=0xb49bc0) at /build/buildd/evince-3.16.1/./libview/ev-job-scheduler.c:184 #17 ev_job_thread_proxy (data=<optimized out>) at /build/buildd/evince-3.16.1/./libview/ev-job-scheduler.c:217 #18 0x00007ffff5714965 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #19 0x00007ffff51856aa in start_thread (arg=0x7fffe9a4e700) at pthread_create.c:333 #20 0x00007ffff4ebaeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Reply at: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/0 ------------------------------------------------------------------------ On 2015-10-13T21:07:06+00:00 Albert Astals Cid wrote: You should be using the openjpeg version of the JPXStream, the other version is basically unmaintained and just there for convenience. Meaning i won't be working on fixing this, but of course patches are welcome. Reply at: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/1 ------------------------------------------------------------------------ On 2015-10-14T12:03:58+00:00 Saintlinu wrote: Created attachment 118869 removed a finding file Reply at: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/3 ------------------------------------------------------------------------ On 2015-10-14T12:06:35+00:00 Saintlinu wrote: Oh, I see. Thank you for quick response -Alex Reply at: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/4 ------------------------------------------------------------------------ On 2015-10-14T20:51:54+00:00 Adrian Johnson wrote: Created attachment 118877 Warn that the DCT/JPX internal decoders are unmaintained Reply at: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/5 ------------------------------------------------------------------------ On 2015-10-14T20:52:33+00:00 Adrian Johnson wrote: Created attachment 118878 Synchronize cmake warnings with configure warnings Reply at: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/6 ------------------------------------------------------------------------ On 2015-10-14T20:55:05+00:00 Albert Astals Cid wrote: looks good to me. Reply at: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/comments/7 ** Changed in: poppler Status: Unknown => Confirmed ** Changed in: poppler Importance: Unknown => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1505858 Title: Segmentation fault in JPXStream::readTilePartData(JPXStream.cc:2142) Status in Poppler: Confirmed Status in poppler package in Ubuntu: Confirmed Bug description: Hello, I've found some vulnerabilities in pdf viewers using famous library named poppler such as evince, xpdf, okular and so on. This is my short report and I used latest version of poppler (poppler-0.37.0). Plus I've attached a finding as comment below To be honest, I already posted this bug on popplers' and developer answered the question (https://bugs.freedesktop.org/show_bug.cgi?id=92450#c1). As far as I can tell, all of these software what I tested such as evince, xpdf okular on Ubuntu system have same problem. So I'd like to post this issue in here. in details: alex@vm64 $ uname -a Linux vm64 4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux alex@vm64 $ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=15.10 DISTRIB_CODENAME=wily DISTRIB_DESCRIPTION="Ubuntu Wily Werewolf (development branch)" okular: Installed: 4:15.08.1-0ubuntu1 Candidate: 4:15.08.1-0ubuntu1 Version table: *** 4:15.08.1-0ubuntu1 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages 100 /var/lib/dpkg/status xpdf: Installed: 3.03-17ubuntu2 Candidate: 3.03-17ubuntu2 Version table: *** 3.03-17ubuntu2 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages 100 /var/lib/dpkg/status evince: Installed: 3.16.1-0ubuntu1 Candidate: 3.16.1-0ubuntu1 Version table: *** 3.16.1-0ubuntu1 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages 100 /var/lib/dpkg/status libpoppler-dev: Installed: 0.33.0-0ubuntu3 Candidate: 0.33.0-0ubuntu3 Version table: *** 0.33.0-0ubuntu3 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages 100 /var/lib/dpkg/status + I used latest version of poppler too. Application: Okular (okular), signal: Segmentation fault Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 [Current thread is 1 (Thread 0x7f640ae42840 (LWP 6180))] Thread 4 (Thread 0x7f63f36f1700 (LWP 6184)): #0 0x00007f6407db6743 in select () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007f64087ed51f in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f640537c6aa in start_thread (arg=0x7f63f36f1700) at pthread_create.c:333 #4 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Thread 3 (Thread 0x7f63f253c700 (LWP 6200)): [KCrash Handler] #6 0x00007f63f25f5619 in JPXStream::readTilePartData(unsigned int, unsigned int, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #7 0x00007f63f25f6b73 in JPXStream::readTilePart() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #8 0x00007f63f25f7a77 in JPXStream::readCodestream(unsigned int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #9 0x00007f63f25f9c95 in JPXStream::readBoxes() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #10 0x00007f63f25fa0d6 in JPXStream::reset() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #11 0x00007f63f25edbf9 in SplashOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool, int*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #12 0x00007f63f26419ca in Gfx::doImage(Object*, Stream*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #13 0x00007f63f2642ce8 in Gfx::opXObject(Object*, int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #14 0x00007f63f263cffe in Gfx::go(bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #15 0x00007f63f263d4a0 in Gfx::display(Object*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #16 0x00007f63f2683255 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #17 0x00007f63f29dadc6 in Poppler::Page::renderToImage(double, double, int, int, int, int, Poppler::Page::Rotation) const () from /usr/lib/x86_64-linux-gnu/libpoppler-qt4.so.4 #18 0x00007f63f2c2be74 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so #19 0x00007f63f738c613 in ?? () from /usr/lib/libokularcore.so.6 #20 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #21 0x00007f640537c6aa in start_thread (arg=0x7f63f253c700) at pthread_create.c:333 #22 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Thread 2 (Thread 0x7f63f1d3b700 (LWP 6201)): #0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 #1 0x00007f6408701622 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f64086fd8e5 in QMutex::lockInternal() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f63f2c2acf4 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so #4 0x00007f63f738bf12 in ?? () from /usr/lib/libokularcore.so.6 #5 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #6 0x00007f640537c6aa in start_thread (arg=0x7f63f1d3b700) at pthread_create.c:333 #7 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Thread 1 (Thread 0x7f640ae42840 (LWP 6180)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x00007f6408703286 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f64087028ae in QThread::wait(unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f64087ed0ad in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #4 0x00007f6407cf2d32 in __run_exit_handlers (status=1, listp=0x7f640807d698 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82 #5 0x00007f6407cf2d85 in __GI_exit (status=<optimized out>) at exit.c:104 #6 0x00007f640928e6a8 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #7 0x00007f6409f83370 in KApplication::xioErrhandler(_XDisplay*) () from /usr/lib/libkdeui.so.5 #8 0x00007f64071cbcee in _XIOError () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #9 0x00007f64071c957d in _XEventsQueued () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #10 0x00007f64071a5832 in XCheckIfEvent () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #11 0x00007f64092923e9 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #12 0x00007f64092a26eb in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #13 0x00007f64092ccb52 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #14 0x00007f6404e96ff7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #15 0x00007f6404e97250 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #16 0x00007f6404e972fc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #17 0x00007f64088431ee in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #18 0x00007f64092ccc26 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #19 0x00007f64088110d1 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #20 0x00007f6408811445 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #21 0x00007f6408817429 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #22 0x0000000000409878 in ?? () #23 0x00007f6407cd9a40 in __libc_start_main (main=0x409430, argc=2, argv=0x7ffd3a61ac18, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd3a61ac08) at libc-start.c:289 #24 0x000000000040b4a9 in _start () evince 3.16.1 / xpdf version 3.03 ******************************************************************************** Segmentation fault ******************************************************************************** crashed file: fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1 Register dump: RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000006 RSI: 0000000000000002 RDI: 0000000000000000 RBP: 0000000000000000 R8 : 0000000000000000 R9 : 0000000000000006 R10: 0000000000000070 R11: 0000000000000000 R12: 00000000014af420 R13: 00000000000018d2 R14: 00000000014af420 R15: 00000000014d7600 RSP: 00007ffdede2b6b0 RIP: 00007f28d94be0df EFLAGS: 00010246 CS: 0033 FS: 0000 GS: 0000 Trap: 0000000e Error: 00000004 OldMask: 00000000 CR2: 00000010 stack trace: 0x00007ffdede2b6b0: 10 fa 4a 01 00 00 00 00 00 00 00 00 00 00 00 00 ..J............. 0x00007ffdede2b6c0: 20 f4 4a 01 00 00 00 00 50 dc 4b 01 00 00 00 00 .J.....P.K..... 0x00007ffdede2b6d0: 14 b7 e2 ed fd 7f 00 00 03 00 00 00 01 00 00 00 ................ 0x00007ffdede2b6e0: 90 d2 4b 01 00 00 00 00 00 00 00 00 01 00 00 00 ..K............. 0x00007ffdede2b6f0: 01 00 00 00 00 00 00 00 20 f4 4a 01 00 00 00 00 ........ .J..... 0x00007ffdede2b700: a0 41 54 01 00 00 00 00 01 00 00 00 00 00 00 00 .AT............. 0x00007ffdede2b710: d0 52 54 01 01 00 00 00 00 48 38 da c1 7a d9 ac .RT......H8..z.. 0x00007ffdede2b720: 90 96 54 01 00 00 00 00 10 fa 4a 01 00 00 00 00 ..T.......J..... Backtrace: 0x00007f28e4d22cc0: [catch_segfault():4000] 0x00007f28e3512d10: [__restore_rt():0] 0x00007f28d94be0df: [_ZN9JPXStream16readTilePartDataEjjb():287] 0x00007f28d94bf688: [_ZN9JPXStream12readTilePartEv():2920] 0x00007f28d94c1278: [_ZN9JPXStream14readCodestreamEj():248] 0x00007f28d94c3ff1: [_ZN9JPXStream9readBoxesEv():1809] 0x00007f28d94c4766: [_ZN9JPXStream5resetEv():22] 0x00007f28d9c8d753: [_ZN14CairoOutputDev9drawImageEP8GfxStateP6ObjectP6StreamiiP16GfxImageColorMapbPib():323] 0x00007f28d950ce45: [_ZN3Gfx7doImageEP6ObjectP6Streamb():3013] 0x00007f28d950e143: [_ZN3Gfx9opXObjectEP6Objecti():627] 0x00007f28d9508058: [_ZN3Gfx2goEb():344] 0x00007f28d9508558: [_ZN3Gfx7displayEP6Objectb():280] 0x00007f28d9550dc5: [_ZN4Page12displaySliceEP9OutputDevddibbiiiibPFbPvES2_PFbP5AnnotS2_ES2_b():357] 0x00007f28d9c76522: [poppler_page_get_type():482] 0x00007f28d9eb5ad3: [_init():13019] 0x00007f28d9eb616e: [_init():14710] 0x0000000000401a90: [_init():2368] 0x000000000040172d: [_init():1501] 0x00007f28e3158a40: [__libc_start_main():240] 0x00000000004018a9: [_init():1881] Disassemble: 0x00007f28d94be0df: add rax, qword ptr [rdi + 0x10] 0x00007f28d94be0e3: mov r11d, dword ptr [rax + 0x14] 0x00007f28d94be0e7: test r11d, r11d 0x00007f28d94be0ea: je 0x7f28d94be25d 0x00007f28d94be0f0: mov r8d, dword ptr [rax + 0x10] 0x00007f28d94be0f4: mov r13, qword ptr [rsp] 0x00007f28d94be0f8: mov r15, r14 HASHTAG: 8DBAE794E10FF8F8CBF9AA94744D5759 Thanks -Alex To manage notifications about this bug go to: https://bugs.launchpad.net/poppler/+bug/1505858/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp