After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 743931 - Poppler JPXStream.cc JPXStream::inverseTransform(JPXTileComp*) received SIGSEGV Memory Corruption Vulnerability
Poppler JPXStream.cc JPXStream::inverseTransform(JPXTileComp*) received SIGSE...
Status: RESOLVED NOTGNOME
Product: evince
Classification: Core
Component: PDF
3.4.x
Other Linux
: Normal normal
: ---
Assigned To: Evince Maintainers
Evince Maintainers
Depends on:
Blocks:
 
 
Reported: 2015-02-03 13:16 UTC by Veysel
Modified: 2015-02-05 11:47 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Veysel 2015-02-03 13:16:51 UTC
d debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[New Thread 0xb6953b40 (LWP 20591)]
[New Thread 0xb5fffb40 (LWP 20592)]
[New Thread 0xb57feb40 (LWP 20593)]
[New Thread 0xb4bc1b40 (LWP 20594)]
[Thread 0xb57feb40 (LWP 20593) exited]
[New Thread 0xb57feb40 (LWP 20598)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb57feb40 (LWP 20598)]
[----------------------------------registers-----------------------------------]
EAX: 0x0 
EBX: 0xb43a9ff4 --> 0x1b0ba4 
ECX: 0x9d 
EDX: 0xb3d13814 --> 0x1 
ESI: 0xb60ff0d8 --> 0xb6000100 --> 0xb60000f8 --> 0xb60000f0 --> 0xb60000e8 --> 0xb60000e0 --> 0xb60000d8 --> 0xb60000d0 --> 0xb60000c8 --> 0xb60000c0 --> 0xb60000b8 --> 0xb60000b0 --> 0xb60000a8 --> 0xb60000a0 --> 0xb6000098 --> 0xb6000090 --> 0xb6000088 --> 0xb6000080 --> 0xb6000078 --> 0xb6000070 --> 0xb6000068 --> 0xb6000060 --> 0xb6000058 --> 0xb6000050 --> 0xb6000048 --> 0xb6000040 --> 0xb3c99d38 --> 0x5c4200 ('')
EDI: 0x34 ('4')
EBP: 0xb60fea50 --> 0xb43a72c8 --> 0xb4258390 (<_ZN9JPXStreamD2Ev>:     sub    esp,0x1c)
ESP: 0xb57fd730 --> 0xb60fea50 --> 0xb43a72c8 --> 0xb4258390 (<_ZN9JPXStreamD2Ev>:      sub    esp,0x1c)
EIP: 0xb4259e5a (<_ZN9JPXStream16inverseTransformEP11JPXTileComp+42>:   mov    eax,DWORD PTR [eax+0x10])
EFLAGS: 0x10292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0xb4259e50 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+32>:      mov    eax,DWORD PTR [eax+0x54]
   0xb4259e53 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+35>:      mov    DWORD PTR [esp+0x4c],eax
   0xb4259e57 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+39>:      mov    eax,DWORD PTR [eax+0x48]
=> 0xb4259e5a <_ZN9JPXStream16inverseTransformEP11JPXTileComp+42>:      mov    eax,DWORD PTR [eax+0x10]
   0xb4259e5d <_ZN9JPXStream16inverseTransformEP11JPXTileComp+45>:      mov    DWORD PTR [esp+0x3c],eax
   0xb4259e61 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+49>:      mov    eax,DWORD PTR [esi+0x28]
   0xb4259e64 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+52>:      mov    edx,eax
   0xb4259e66 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+54>:      shr    edx,0x5
[------------------------------------stack-------------------------------------]
0000| 0xb57fd730 --> 0xb60fea50 --> 0xb43a72c8 --> 0xb4258390 (<_ZN9JPXStreamD2Ev>:     sub    esp,0x1c)
0004| 0xb57fd734 --> 0xb60c91a8 --> 0x0 
0008| 0xb57fd738 --> 0x5 
0012| 0xb57fd73c --> 0xb3d4a414 --> 0xf 
0016| 0xb57fd740 --> 0x0 
0020| 0xb57fd744 --> 0x0 
0024| 0xb57fd748 --> 0x78 ('x')
0028| 0xb57fd74c --> 0x9d 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0xb4259e5a in JPXStream::inverseTransform(JPXTileComp*) () from /usr/lib/i386-linux-gnu/libpoppler.so.19
gdb-peda$
Comment 1 José Aliste 2015-02-03 16:51:44 UTC
these are bugs in poppler, please submit only one bug to poppler's bugzilla with the pdf that makes all the crash happen.
Comment 2 Veysel 2015-02-05 08:14:46 UTC
See Also: https://bugs.freedesktop.org/show_bug.cgi?id=88988
Comment 3 Germán Poo-Caamaño 2015-02-05 11:47:22 UTC
Thanks for reporting the bug to poppler's bugzilla and adding the reference
here.

Closing this one as NOTGNOME.