690592 – mupdf generates a malloc(3) abord with this pdf

Bug 690592 - mupdf generates a malloc(3) abord with this pdf

Summary: mupdf generates a malloc(3) abord with this pdf

Status:	NOTIFIED FIXED

Alias:	None

Product:	MuPDF
Classification:	Unclassified
Component:	fitz (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P4 normal
Assignee:	Tor Andersson

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-07-02 11:45 UTC by James Cloos
Modified:	2010-05-07 08:24 UTC (History)
CC List:	0 users

See Also:
Customer:
Word Size:	---

Attachments
pdf which crashes mupdf (175.96 KB, application/pdf) 2009-07-02 11:50 UTC, James Cloos	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description James Cloos 2009-07-02 11:45:05 UTC

When viewing the attached pdf with mupdf, glibc-2.9 (claims to) detect(s) a
memory corruption error during a call to malloc(3) and aborts.

Interestingly, running with MALLOC_CHECK_=1 or MALLOC_CHECK_=2 avoids the abort.

The malloc abort occurs in a call to fz_newname() with the string "PANTONE 7545
U".  I presume that is in 62 0 R.

It looks like something else, earlier, must set up the abort.

The only notable issue with the pdf is that it uses named spot colours and may
be, rather than a PDF generated by Illustrator, in Illustrator’s PDF-based save
format.

Comment 1 James Cloos 2009-07-02 11:50:01 UTC

Created attachment 5178 [details]
pdf which crashes mupdf

Comment 2 Tor Andersson 2009-07-02 14:24:15 UTC

Fixed by one of the recent refcounting patches.

Comment 3 James Cloos 2010-05-07 08:24:54 UTC

Closing resolved bugs which I reported.