evince crashed with SIGSEGV in __memset_sse2() when opening a PDF
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Poppler |
Fix Released
|
Medium
|
|||
poppler (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: evince
evince (2.29.92-0ubuntu1 on Lucid alpha 2, i386) segfaults when opening a PDF with some corrupted JBIG2 content. The PDF is attached. I have not investigated whether this can be exploited to run code or if it's just a crash.
The backtrace is as follows:
(gdb) bt
#0 0xb7312f03 in __memset_sse2 ()
at ../sysdeps/
#1 0xb4e11e03 in JBIG2Bitmap:
at /usr/include/
#2 0xb4e13425 in JBIG2Bitmap:
y=1727642229, wA=2497357600, hA=1833388479) at JBIG2Stream.cc:745
#3 0xb4e17955 in JBIG2Stream:
this=
refSegs=0x0, nRefSegs=0) at JBIG2Stream.cc:3209
#4 0xb4e1c726 in JBIG2Stream:
at JBIG2Stream.cc:1403
#5 0xb4e1c8b3 in JBIG2Stream::reset (this=0xb5013270) at JBIG2Stream.cc:1215
#6 0xb4e30323 in ImageStream::reset (this=0xb50138a0) at Stream.cc:421
#7 0xb515e90a in CairoOutputDev:
state=
colorMap=
at CairoOutputDev.
#8 0xb4de5326 in Gfx::doImage (this=0xb5013e90, ref=0xb597ece0,
str=0xb5013270, inlineImg=0) at Gfx.cc:4129
#9 0xb4debad3 in Gfx::opXObject (this=0xb5013e90, args=0xb597edd4, numArgs=1)
at Gfx.cc:3736
#10 0xb4dda716 in Gfx::execOp (this=0xb5013e90, cmd=0xb597ef74,
args=
#11 0xb4ddad79 in Gfx::go (this=0xb5013e90, topLevel=1) at Gfx.cc:671
#12 0xb4ddb7a9 in Gfx::display (this=0xb5013e90, obj=0xb597f074, topLevel=1)
at Gfx.cc:640
#13 0xb4e28c40 in Page::displaySlice (this=0xb5b5bd00, out=0xb5ad2200,
hDPI=
crop=1, sliceX=0, sliceY=0, sliceW=100, sliceH=129, printing=0,
catalog=
annotDispla
#14 0xb5156b81 in _poppler_
src_
scale=
at poppler-page.cc:778
#15 0xb5179fcd in make_thumbnail_
rc=<value optimized out>, width=100, height=129) at ev-poppler.cc:1435
#16 0xb517a0b3 in pdf_document_
document_
at ev-poppler.cc:1498
#17 0x00829743 in ev_document_
rc=0xb5ad1e20, border=1) at ev-document-
#18 0x003e8dc5 in ev_job_
#19 0x003e6341 in ev_job_run (job=0xb5b30350) at ev-jobs.c:210
#20 0x003e9ef8 in ev_job_thread (data=0x0) at ev-job-
#21 ev_job_thread_proxy (data=0x0) at ev-job-
#22 0x0072cf5f in ?? () from /lib/libglib-
#23 0x002b996e in start_thread (arg=0xb597fb70) at pthread_
#24 0xb72d292e in clone () at ../sysdeps/
ProblemType: Crash
Architecture: i386
Date: Thu Mar 11 14:48:15 2010
DistroRelease: Ubuntu 10.04
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/evince
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Alpha i386 (20100113)
KernLog:
Package: evince 2.29.92-0ubuntu1
ProcCmdline: BOOT_IMAGE=
ProcEnviron:
SHELL=/bin/bash
LANG=en_US.UTF-8
ProcVersionSign
SegvAnalysis:
Segfault happened at: 0x36a1f03 <__memset_
PC (0x036a1f03) ok
source "(%ebx,%ecx,4)" (0xb4c1f040) not located in a known VMA region (needed readable region)!
destination "%ebx" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: evince
StacktraceTop:
__memset_sse2 ()
JBIG2Bitmap:
JBIG2Bitmap:
JBIG2Stream:
JBIG2Stream:
Title: evince crashed with SIGSEGV in __memset_sse2()
Uname: Linux 2.6.32-10-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
XsessionErrors:
(polkit-
(gnome-
security vulnerability: | yes → no |
visibility: | private → public |
Changed in evince (Ubuntu): | |
status: | Incomplete → New |
affects: | evince → poppler |
affects: | evince (Ubuntu) → poppler (Ubuntu) |
Changed in poppler: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
Changed in poppler: | |
importance: | Medium → Unknown |
Changed in poppler: | |
importance: | Unknown → Medium |
StacktraceTop: ssse3_rep () from /lib/tls/ i686/cmov/ libc.so. 6 :getSlice (this=0x2d902e0, x=1730813931, :readGenericRef inementRegionSe g ( :readSegments (this=0x2cce368)
__mempcpy_
JBIG2Stream::close (this=0x66f9ba75) at JBIG2Stream.cc:1230
JBIG2Bitmap:
JBIG2Stream:
JBIG2Stream: