Bug 691958

Summary: jbig2_complete_page doesn't check if there's a page at all
Product: jbig2dec Reporter: zeniko
Component: ParsingAssignee: Tor Andersson <tor.andersson>
Status: RESOLVED FIXED    
Severity: normal CC: chris.liddell, henry.stiles, robin.watts, shailesh.mistry
Priority: P4 Keywords: bountiable
Version: 0.11   
Hardware: All   
OS: All   
Customer: Word Size: ---
Attachments: testcase
Patch for Bug 691958

Description zeniko 2011-02-12 12:02:50 UTC 
Created attachment 7238 [details]
testcase

... setting the page's state to JBIG2_PAGE_COMPLETE even if the page's image is NULL, leading to a NULL pointer dereference in jbig2_page_out.

To reproduce, load the attached document in MuPDF.
Comment 1 Shailesh Mistry 2011-11-06 23:01:28 UTC 
Created attachment 8082 [details]
Patch for Bug 691958

This patch checks for an image before marking a page as complete. Otherwise, the page remains flagged as free and can be recovered by the normal mechanism.
Comment 2 Shailesh Mistry 2011-11-21 20:58:23 UTC 
Updated patch committed in f7f2daea2778213306a3edfe87a8f72af494427a
Comment 3 Robin Watts 2012-01-24 13:50:09 UTC 
Under MuPDF this test file still crashes, due to jbig2_image_clone being called with image = NULL. I've committed a trivial fix for this as:

commit dbbd539088760077581f72787ca9adbbeb9e569e
Author: Robin Watts <robin.watts@artifex.com>
Date:   Tue Jan 24 00:22:44 2012 +0000

    Make xps_free_context cope with NULL arg.

    All destructors should accept NULL.

This cures both:

  tests_private/pdf/sumatra/691958 - jbig2dec crash.pdf

and

  tests_private/pdf/sumatra/1239 - skip invalid content streams.pdf