After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 743929 - Poppler JPXStream.cc JPXStream::readCodestream(unsigned int) received SIGSEGV Memory Corruption Vulnerability
Poppler JPXStream.cc JPXStream::readCodestream(unsigned int) received SIGSEGV...
Status: RESOLVED NOTGNOME
Product: evince
Classification: Core
Component: PDF
3.4.x
Other Linux
: Normal major
: ---
Assigned To: Evince Maintainers
Evince Maintainers
Depends on:
Blocks:
 
 
Reported: 2015-02-03 13:07 UTC by Veysel
Modified: 2015-02-05 11:47 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Crasher.pdf (566.24 KB, application/pdf)
2015-02-03 13:07 UTC, Veysel
Details

Description Veysel 2015-02-03 13:07:28 UTC
Created attachment 296017 [details]
Crasher.pdf

d 0xb2b84b40 (LWP 21042) exited]
[Thread 0xb3385b40 (LWP 21040) exited]
[New Thread 0xb3385b40 (LWP 21049)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb3385b40 (LWP 21049)]
[----------------------------------registers-----------------------------------]
EAX: 0x0 
EBX: 0xb5f3dff4 --> 0x1b0ba4 
ECX: 0xb5a82c40 --> 0xb5f3b2c8 --> 0xb5dec390 (<_ZN9JPXStreamD2Ev>:     sub    esp,0x1c)
EDX: 0xb5a82c40 --> 0xb5f3b2c8 --> 0xb5dec390 (<_ZN9JPXStreamD2Ev>:     sub    esp,0x1c)
ESI: 0x52 ('R')
EDI: 0xb5a22240 --> 0x7 
EBP: 0xb5a82c40 --> 0xb5f3b2c8 --> 0xb5dec390 (<_ZN9JPXStreamD2Ev>:     sub    esp,0x1c)
ESP: 0xb33847b0 --> 0xb5a82c40 --> 0xb5f3b2c8 --> 0xb5dec390 (<_ZN9JPXStreamD2Ev>:      sub    esp,0x1c)
EIP: 0xb5df12e3 (<_ZN9JPXStream14readCodestreamEj+275>: mov    eax,DWORD PTR [eax+0x30])
EFLAGS: 0x10283 (CARRY parity adjust zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0xb5df12d8 <_ZN9JPXStream14readCodestreamEj+264>:    ret    
   0xb5df12d9 <_ZN9JPXStream14readCodestreamEj+265>:    mov    edx,DWORD PTR [esp+0x24]
   0xb5df12dd <_ZN9JPXStream14readCodestreamEj+269>:    mov    eax,DWORD PTR [edx+0xb4]
=> 0xb5df12e3 <_ZN9JPXStream14readCodestreamEj+275>:    mov    eax,DWORD PTR [eax+0x30]
   0xb5df12e6 <_ZN9JPXStream14readCodestreamEj+278>:    mov    DWORD PTR [esp],edx
   0xb5df12e9 <_ZN9JPXStream14readCodestreamEj+281>:    add    eax,0x10
   0xb5df12ec <_ZN9JPXStream14readCodestreamEj+284>:    mov    DWORD PTR [esp+0x4],eax
   0xb5df12f0 <_ZN9JPXStream14readCodestreamEj+288>:    call   0xb5dee4e0 <_ZN9JPXStream9readUByteEPj>
[------------------------------------stack-------------------------------------]
0000| 0xb33847b0 --> 0xb5a82c40 --> 0xb5f3b2c8 --> 0xb5dec390 (<_ZN9JPXStreamD2Ev>:     sub    esp,0x1c)
0004| 0xb33847b4 --> 0xb33847f8 --> 0x52 ('R')
0008| 0xb33847b8 --> 0xb3384804 --> 0xc ('\x0c')
0012| 0xb33847bc --> 0xb5dee6ce (<_ZN9JPXStream9readULongEPj+94>:       mov    edx,DWORD PTR [esp+0x18])
0016| 0xb33847c0 --> 0xb5a82b00 --> 0xb5f3cb48 --> 0xb5e745b0 (<_ZN10FileStreamD2Ev>:   sub    esp,0x1c)
0020| 0xb33847c4 --> 0x7 
0024| 0xb33847c8 --> 0x1 
0028| 0xb33847cc --> 0xb5dee8e7 (<_ZN9JPXStream16readColorSpecBoxEj+199>:       test   al,al)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0xb5df12e3 in JPXStream::readCodestream(unsigned int) () from /usr/lib/i386-linux-gnu/libpoppler.so.19
gdb-peda$
Comment 1 Germán Poo-Caamaño 2015-02-05 11:47:41 UTC
Thanks for reporting the bug to poppler's bugzilla and adding the reference
here.

Closing this one as NOTGNOME.