GNOME Bugzilla – Bug 743929
Poppler JPXStream.cc JPXStream::readCodestream(unsigned int) received SIGSEGV Memory Corruption Vulnerability
Last modified: 2015-02-05 11:47:41 UTC
Created attachment 296017 [details] Crasher.pdf d 0xb2b84b40 (LWP 21042) exited] [Thread 0xb3385b40 (LWP 21040) exited] [New Thread 0xb3385b40 (LWP 21049)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb3385b40 (LWP 21049)] [----------------------------------registers-----------------------------------] EAX: 0x0 EBX: 0xb5f3dff4 --> 0x1b0ba4 ECX: 0xb5a82c40 --> 0xb5f3b2c8 --> 0xb5dec390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) EDX: 0xb5a82c40 --> 0xb5f3b2c8 --> 0xb5dec390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) ESI: 0x52 ('R') EDI: 0xb5a22240 --> 0x7 EBP: 0xb5a82c40 --> 0xb5f3b2c8 --> 0xb5dec390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) ESP: 0xb33847b0 --> 0xb5a82c40 --> 0xb5f3b2c8 --> 0xb5dec390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) EIP: 0xb5df12e3 (<_ZN9JPXStream14readCodestreamEj+275>: mov eax,DWORD PTR [eax+0x30]) EFLAGS: 0x10283 (CARRY parity adjust zero SIGN trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0xb5df12d8 <_ZN9JPXStream14readCodestreamEj+264>: ret 0xb5df12d9 <_ZN9JPXStream14readCodestreamEj+265>: mov edx,DWORD PTR [esp+0x24] 0xb5df12dd <_ZN9JPXStream14readCodestreamEj+269>: mov eax,DWORD PTR [edx+0xb4] => 0xb5df12e3 <_ZN9JPXStream14readCodestreamEj+275>: mov eax,DWORD PTR [eax+0x30] 0xb5df12e6 <_ZN9JPXStream14readCodestreamEj+278>: mov DWORD PTR [esp],edx 0xb5df12e9 <_ZN9JPXStream14readCodestreamEj+281>: add eax,0x10 0xb5df12ec <_ZN9JPXStream14readCodestreamEj+284>: mov DWORD PTR [esp+0x4],eax 0xb5df12f0 <_ZN9JPXStream14readCodestreamEj+288>: call 0xb5dee4e0 <_ZN9JPXStream9readUByteEPj> [------------------------------------stack-------------------------------------] 0000| 0xb33847b0 --> 0xb5a82c40 --> 0xb5f3b2c8 --> 0xb5dec390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) 0004| 0xb33847b4 --> 0xb33847f8 --> 0x52 ('R') 0008| 0xb33847b8 --> 0xb3384804 --> 0xc ('\x0c') 0012| 0xb33847bc --> 0xb5dee6ce (<_ZN9JPXStream9readULongEPj+94>: mov edx,DWORD PTR [esp+0x18]) 0016| 0xb33847c0 --> 0xb5a82b00 --> 0xb5f3cb48 --> 0xb5e745b0 (<_ZN10FileStreamD2Ev>: sub esp,0x1c) 0020| 0xb33847c4 --> 0x7 0024| 0xb33847c8 --> 0x1 0028| 0xb33847cc --> 0xb5dee8e7 (<_ZN9JPXStream16readColorSpecBoxEj+199>: test al,al) [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV 0xb5df12e3 in JPXStream::readCodestream(unsigned int) () from /usr/lib/i386-linux-gnu/libpoppler.so.19 gdb-peda$
Thanks for reporting the bug to poppler's bugzilla and adding the reference here. Closing this one as NOTGNOME.