GNOME Bugzilla – Bug 743931
Poppler JPXStream.cc JPXStream::inverseTransform(JPXTileComp*) received SIGSEGV Memory Corruption Vulnerability
Last modified: 2015-02-05 11:47:22 UTC
d debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". [New Thread 0xb6953b40 (LWP 20591)] [New Thread 0xb5fffb40 (LWP 20592)] [New Thread 0xb57feb40 (LWP 20593)] [New Thread 0xb4bc1b40 (LWP 20594)] [Thread 0xb57feb40 (LWP 20593) exited] [New Thread 0xb57feb40 (LWP 20598)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb57feb40 (LWP 20598)] [----------------------------------registers-----------------------------------] EAX: 0x0 EBX: 0xb43a9ff4 --> 0x1b0ba4 ECX: 0x9d EDX: 0xb3d13814 --> 0x1 ESI: 0xb60ff0d8 --> 0xb6000100 --> 0xb60000f8 --> 0xb60000f0 --> 0xb60000e8 --> 0xb60000e0 --> 0xb60000d8 --> 0xb60000d0 --> 0xb60000c8 --> 0xb60000c0 --> 0xb60000b8 --> 0xb60000b0 --> 0xb60000a8 --> 0xb60000a0 --> 0xb6000098 --> 0xb6000090 --> 0xb6000088 --> 0xb6000080 --> 0xb6000078 --> 0xb6000070 --> 0xb6000068 --> 0xb6000060 --> 0xb6000058 --> 0xb6000050 --> 0xb6000048 --> 0xb6000040 --> 0xb3c99d38 --> 0x5c4200 ('') EDI: 0x34 ('4') EBP: 0xb60fea50 --> 0xb43a72c8 --> 0xb4258390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) ESP: 0xb57fd730 --> 0xb60fea50 --> 0xb43a72c8 --> 0xb4258390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) EIP: 0xb4259e5a (<_ZN9JPXStream16inverseTransformEP11JPXTileComp+42>: mov eax,DWORD PTR [eax+0x10]) EFLAGS: 0x10292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0xb4259e50 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+32>: mov eax,DWORD PTR [eax+0x54] 0xb4259e53 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+35>: mov DWORD PTR [esp+0x4c],eax 0xb4259e57 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+39>: mov eax,DWORD PTR [eax+0x48] => 0xb4259e5a <_ZN9JPXStream16inverseTransformEP11JPXTileComp+42>: mov eax,DWORD PTR [eax+0x10] 0xb4259e5d <_ZN9JPXStream16inverseTransformEP11JPXTileComp+45>: mov DWORD PTR [esp+0x3c],eax 0xb4259e61 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+49>: mov eax,DWORD PTR [esi+0x28] 0xb4259e64 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+52>: mov edx,eax 0xb4259e66 <_ZN9JPXStream16inverseTransformEP11JPXTileComp+54>: shr edx,0x5 [------------------------------------stack-------------------------------------] 0000| 0xb57fd730 --> 0xb60fea50 --> 0xb43a72c8 --> 0xb4258390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) 0004| 0xb57fd734 --> 0xb60c91a8 --> 0x0 0008| 0xb57fd738 --> 0x5 0012| 0xb57fd73c --> 0xb3d4a414 --> 0xf 0016| 0xb57fd740 --> 0x0 0020| 0xb57fd744 --> 0x0 0024| 0xb57fd748 --> 0x78 ('x') 0028| 0xb57fd74c --> 0x9d [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV 0xb4259e5a in JPXStream::inverseTransform(JPXTileComp*) () from /usr/lib/i386-linux-gnu/libpoppler.so.19 gdb-peda$
these are bugs in poppler, please submit only one bug to poppler's bugzilla with the pdf that makes all the crash happen.
See Also: https://bugs.freedesktop.org/show_bug.cgi?id=88988
Thanks for reporting the bug to poppler's bugzilla and adding the reference here. Closing this one as NOTGNOME.