b***@artifex.com
2017-12-19 22:56:34 UTC
http://bugs.ghostscript.com/show_bug.cgi?id=698825
Bug ID: 698825
Summary: ASAN/valgrind complaint when rendering document
Product: MuPDF
Version: master
Hardware: PC
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P4
Component: mupdf
Assignee: mupdf-***@artifex.com
Reporter: ***@hotmail.com
QA Contact: gs-***@ghostscript.com
Word Size: ---
When attempting to render http://www.pdfill.com/example/pdf_commenting_new.pdf
using "mutool draw -s t pdf_commenting_new.pdf 4" this triggers an ASAN
complaint as quoted below. Valgrind complains similarly.
==19307==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000000238
at pc 0x563d4a2aa49d bp 0x7ffea6c773e0 sp 0x7ffea6c773d8
READ of size 1 at 0x613000000238 thread T0
#0 0x563d4a2aa49c in fz_colorspace_n source/fitz/colorspace.c:3606
#1 0x563d4a345d2f in fz_append_display_node source/fitz/list-device.c:403
#2 0x563d4a349117 in fz_list_fill_text source/fitz/list-device.c:765
#3 0x563d4a2b3088 in fz_fill_text source/fitz/device.c:210
#4 0x563d4a431024 in pdf_update_free_text_annot_appearance
source/pdf/pdf-appearance.c:2214
#5 0x563d4a434513 in pdf_update_appearance source/pdf/pdf-appearance.c:2519
#6 0x563d4a418363 in pdf_load_annots source/pdf/pdf-annot.c:473
#7 0x563d4a48e635 in pdf_load_page source/pdf/pdf-page.c:1083
#8 0x563d4a2b6f0f in fz_load_page source/fitz/document.c:313
#9 0x563d4a244a33 in drawpage source/tools/mudraw.c:1044
#10 0x563d4a24618e in drawrange source/tools/mudraw.c:1209
#11 0x563d4a24a2eb in mudraw_main source/tools/mudraw.c:1921
#12 0x563d4a23d820 in main source/tools/mutool.c:127
#13 0x7f5e740cb560 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20560)
#14 0x563d4a23d039 in _start
(/home/user/src/mupdf/build/sanitize/mutool+0x154039)
0x613000000238 is located 56 bytes inside of 368-byte region
[0x613000000200,0x613000000370)
freed by thread T0 here:
#0 0x7f5e74a588c8 in __interceptor_free
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd98c8)
#1 0x563d4a37fd96 in fz_free_default source/fitz/memory.c:239
#2 0x563d4a37fc68 in fz_free source/fitz/memory.c:201
#3 0x563d4a290d08 in fz_drop_colorspace_imp source/fitz/colorspace.c:147
#4 0x563d4a3e2c0f in fz_drop_key_storable source/fitz/store.c:218
#5 0x563d4a2911c5 in fz_drop_colorspace source/fitz/colorspace.c:191
#6 0x563d4a431318 in pdf_update_free_text_annot_appearance
source/pdf/pdf-appearance.c:2226
#7 0x563d4a434513 in pdf_update_appearance source/pdf/pdf-appearance.c:2519
#8 0x563d4a418363 in pdf_load_annots source/pdf/pdf-annot.c:473
#9 0x563d4a48e635 in pdf_load_page source/pdf/pdf-page.c:1083
#10 0x563d4a2b6f0f in fz_load_page source/fitz/document.c:313
#11 0x563d4a244a33 in drawpage source/tools/mudraw.c:1044
#12 0x563d4a24618e in drawrange source/tools/mudraw.c:1209
#13 0x563d4a24a2eb in mudraw_main source/tools/mudraw.c:1921
#14 0x563d4a23d820 in main source/tools/mutool.c:127
#15 0x7f5e740cb560 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20560)
previously allocated by thread T0 here:
#0 0x7f5e74a58c20 in __interceptor_malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd9c20)
#1 0x563d4a37fd4f in fz_malloc_default source/fitz/memory.c:227
#2 0x563d4a37ef0f in do_scavenging_malloc source/fitz/memory.c:22
#3 0x563d4a37f60d in fz_calloc source/fitz/memory.c:124
#4 0x563d4a290e6d in fz_new_colorspace source/fitz/colorspace.c:162
#5 0x563d4a2aaf5f in fz_new_icc_colorspace source/fitz/colorspace.c:3709
#6 0x563d4a295756 in fz_set_cmm_engine source/fitz/colorspace.c:755
#7 0x563d4a29593a in fz_new_colorspace_context source/fitz/colorspace.c:773
#8 0x563d4a2ae647 in fz_new_context_imp source/fitz/context.c:247
#9 0x563d4a24868f in mudraw_main source/tools/mudraw.c:1591
#10 0x563d4a23d820 in main source/tools/mutool.c:127
#11 0x7f5e740cb560 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20560)
Bug ID: 698825
Summary: ASAN/valgrind complaint when rendering document
Product: MuPDF
Version: master
Hardware: PC
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P4
Component: mupdf
Assignee: mupdf-***@artifex.com
Reporter: ***@hotmail.com
QA Contact: gs-***@ghostscript.com
Word Size: ---
When attempting to render http://www.pdfill.com/example/pdf_commenting_new.pdf
using "mutool draw -s t pdf_commenting_new.pdf 4" this triggers an ASAN
complaint as quoted below. Valgrind complains similarly.
==19307==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000000238
at pc 0x563d4a2aa49d bp 0x7ffea6c773e0 sp 0x7ffea6c773d8
READ of size 1 at 0x613000000238 thread T0
#0 0x563d4a2aa49c in fz_colorspace_n source/fitz/colorspace.c:3606
#1 0x563d4a345d2f in fz_append_display_node source/fitz/list-device.c:403
#2 0x563d4a349117 in fz_list_fill_text source/fitz/list-device.c:765
#3 0x563d4a2b3088 in fz_fill_text source/fitz/device.c:210
#4 0x563d4a431024 in pdf_update_free_text_annot_appearance
source/pdf/pdf-appearance.c:2214
#5 0x563d4a434513 in pdf_update_appearance source/pdf/pdf-appearance.c:2519
#6 0x563d4a418363 in pdf_load_annots source/pdf/pdf-annot.c:473
#7 0x563d4a48e635 in pdf_load_page source/pdf/pdf-page.c:1083
#8 0x563d4a2b6f0f in fz_load_page source/fitz/document.c:313
#9 0x563d4a244a33 in drawpage source/tools/mudraw.c:1044
#10 0x563d4a24618e in drawrange source/tools/mudraw.c:1209
#11 0x563d4a24a2eb in mudraw_main source/tools/mudraw.c:1921
#12 0x563d4a23d820 in main source/tools/mutool.c:127
#13 0x7f5e740cb560 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20560)
#14 0x563d4a23d039 in _start
(/home/user/src/mupdf/build/sanitize/mutool+0x154039)
0x613000000238 is located 56 bytes inside of 368-byte region
[0x613000000200,0x613000000370)
freed by thread T0 here:
#0 0x7f5e74a588c8 in __interceptor_free
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd98c8)
#1 0x563d4a37fd96 in fz_free_default source/fitz/memory.c:239
#2 0x563d4a37fc68 in fz_free source/fitz/memory.c:201
#3 0x563d4a290d08 in fz_drop_colorspace_imp source/fitz/colorspace.c:147
#4 0x563d4a3e2c0f in fz_drop_key_storable source/fitz/store.c:218
#5 0x563d4a2911c5 in fz_drop_colorspace source/fitz/colorspace.c:191
#6 0x563d4a431318 in pdf_update_free_text_annot_appearance
source/pdf/pdf-appearance.c:2226
#7 0x563d4a434513 in pdf_update_appearance source/pdf/pdf-appearance.c:2519
#8 0x563d4a418363 in pdf_load_annots source/pdf/pdf-annot.c:473
#9 0x563d4a48e635 in pdf_load_page source/pdf/pdf-page.c:1083
#10 0x563d4a2b6f0f in fz_load_page source/fitz/document.c:313
#11 0x563d4a244a33 in drawpage source/tools/mudraw.c:1044
#12 0x563d4a24618e in drawrange source/tools/mudraw.c:1209
#13 0x563d4a24a2eb in mudraw_main source/tools/mudraw.c:1921
#14 0x563d4a23d820 in main source/tools/mutool.c:127
#15 0x7f5e740cb560 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20560)
previously allocated by thread T0 here:
#0 0x7f5e74a58c20 in __interceptor_malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd9c20)
#1 0x563d4a37fd4f in fz_malloc_default source/fitz/memory.c:227
#2 0x563d4a37ef0f in do_scavenging_malloc source/fitz/memory.c:22
#3 0x563d4a37f60d in fz_calloc source/fitz/memory.c:124
#4 0x563d4a290e6d in fz_new_colorspace source/fitz/colorspace.c:162
#5 0x563d4a2aaf5f in fz_new_icc_colorspace source/fitz/colorspace.c:3709
#6 0x563d4a295756 in fz_set_cmm_engine source/fitz/colorspace.c:755
#7 0x563d4a29593a in fz_new_colorspace_context source/fitz/colorspace.c:773
#8 0x563d4a2ae647 in fz_new_context_imp source/fitz/context.c:247
#9 0x563d4a24868f in mudraw_main source/tools/mudraw.c:1591
#10 0x563d4a23d820 in main source/tools/mutool.c:127
#11 0x7f5e740cb560 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20560)
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are receiving this mail because:
You are the QA Contact for the bug.