Ubuntu
poppler package

CMapCache::getCMap SEGV with 'Creusage_-_Tunnel_sous_la_Manche.pdf'

Bug #952314 reported by Paul Sladen
26
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Poppler
Invalid
Medium
poppler (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

The following PDF reliably causes xpdf and Evince to crash/hang:

  http://www.gramme.be/unite9/pmwiki/uploads/PrGC0708/Creusage_-_Tunnel_sous_la_Manche.pdf

Even when the file is split up into separate pages using 'pdftk burst', all pages still cause the crash, including the smallest one at 11kB; the crash is likely related to the loading of one of the embedded fonts.

Ideally even if Poppler can't handle a particular font, it should not result in a crash.

Revision history for this message
In , Paul Sladen (sladen) wrote :

Created attachment 58289
Page 7 11kB minimal from 'pdftk burst Creusage*.pdf'

Forwarded from: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/952314

The following PDF reliably causes xpdf and Evince to crash/hang:

  http://www.gramme.be/unite9/pmwiki/uploads/PrGC0708/Creusage_-_Tunnel_sous_la_Manche.pdf

Even when the file is split up into separate pages using 'pdftk burst', all pages still cause the crash, including the smallest one at 11kB; the crash is likely related to the loading of one of the embedded fonts.

Ideally even if Poppler can't handle a particular font, it should not result in a crash.

Revision history for this message
In , Albert Astals Cid (aacid) wrote :

Which poppler version are you using?

Which bactrace do you get?

Revision history for this message
In , Paul Sladen (sladen) wrote :

Hello Aacid,

$ ldd /usr/bin/xpdf.real | grep poppler
libpoppler.so.19 => /usr/lib/x86_64-linux-gnu/libpoppler.so.19 (0x00007fc59cef5000)

$ COLUMNS=200 dpkg -l libpoppler19 | tail -1 | awk '{print $2,$3}'
libpoppler19 0.18.4-1ubuntu2

$ gdb --args /usr/bin/xpdf.real Creusage_-_Tunnel_sous_la_Manche.pdf
Starting program: /usr/bin/xpdf.real Creusage_-_Tunnel_sous_la_Manche.pdf
***** MediaBox = ll:0,0 ur:841.89,595.276
***** CropBox = ll:0,0 ur:841.89,595.276
***** Rotate = 0

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff77095e8 in CMapCache::getCMap(GooString*, GooString*, Stream*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.19
(gdb) bt
#0 0x00007ffff77095e8 in CMapCache::getCMap(GooString*, GooString*, Stream*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.19
#1 0x00007ffff774a3ad in GlobalParams::getCMap(GooString*, GooString*, Stream*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.19
#2 0x00007ffff7732363 in GfxCIDFont::GfxCIDFont(XRef*, char*, Ref, GooString*, Dict*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.19
#3 0x00007ffff7733353 in GfxFont::makeFont(XRef*, char*, Ref, Dict*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.19
#4 0x00007ffff77334ff in GfxFontDict::GfxFontDict(XRef*, Ref*, Dict*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.19
#5 0x00007ffff771b16d in GfxResources::GfxResources(XRef*, Dict*, GfxResources*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.19
#6 0x00007ffff772dbca in Gfx::Gfx(XRef*, OutputDev*, int, Dict*, Catalog*, double, double, PDFRectangle*, PDFRectangle*, int, bool (*)(void*), void*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.19
#7 0x00007ffff7761937 in Page::createGfx(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, Catalog*, bool (*)(void*), void*, bool (*)(Annot*, void*), void*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.19
#8 0x00007ffff7761bbd in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, Catalog*, bool (*)(void*), void*, bool (*)(Annot*, void*), void*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.19

Revision history for this message
In , Albert Astals Cid (aacid) wrote :

I'm sorry, i don't support popple- patched xpdf as a valid source of backtraces, give me a evince or okular one or a pdftoppm or pdftocairo or something that their original developers coded to use poppler, not something that someone in a distribution patched against its developer decision.

Also install your distro poppler debug packages so that your backtrace is more useful.

And if you can run it through valgrind also that'd be even better :-)

Robert Roth (evfool)
Changed in poppler (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Adrian Bunk (bunk) wrote :

I ran into the same segfault with another document, and for both documents the crash goes away and the document gets shown properly after downgrading libpoppler19 to the unmodified 0.18.4-1 package from Debian experimental.

When I recompile the poppler 0.18.4-1 package from Debian experimental on my up-to-date amd64 precise and install the libpoppler19 binary package built, xpdf does crash on both documents.

Can someone confirm that observation?

It smells like a bug in Ubuntu's gcc to me (but I might be wrong on that).

Revision history for this message
Sebastien Bacher (seb128) wrote :

upstream asked for an evince backtrace is somebody wants to provide one

Changed in poppler (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
In , Albert Astals Cid (aacid) wrote :

User didn't follow up

Bug Watch Updater (bug-watch-updater)
Changed in poppler:
importance: Unknown → Medium
status: Unknown → Invalid
Revision history for this message
madbiologist (me-again) wrote :

The document in this bug's description doesn't crash evince on Ubuntu 14.04 "Trusty Tahr", but it does take a long time for each page to be displayed.

evince 3.10.3-0ubuntu10.2
poppler 0.24.5-2ubuntu4.2

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.