690617 – If FixedPage.Resources is empty, null-ptr results in crash

Bug 690617 - If FixedPage.Resources is empty, null-ptr results in crash

Summary: If FixedPage.Resources is empty, null-ptr results in crash

Status:	NOTIFIED FIXED

Alias:	None

Product:	GhostXPS
Classification:	Unclassified
Component:	General (show other bugs)
Version:	master
Hardware:	PC Windows XP

Importance:	P2 normal
Assignee:	Tor Andersson

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-07-10 07:25 UTC by norbert.janssen
Modified:	2011-09-18 21:47 UTC (History)
CC List:	0 users

See Also:
Customer:	661
Word Size:	---

Attachments
InvisibleObjects.xps (26.96 KB, application/octet-stream) 2009-07-10 07:27 UTC, norbert.janssen	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description norbert.janssen 2009-07-10 07:25:31 UTC

Send attached job (from MicroSoft list of handcrafted XPS test jobs) to GhostXPS
and it crashed because of a null-ptr being handed down to:
xps_resource_dictionary_has_transparency() and
in xps_parse_resource_dictionary().

in xpspage.c: add an extra check that xps_down(node) != 0

detecting transparency:
if ((!strcmp(xps_tag(node), "FixedPage.Resources")) && (xps_down(node) != 0))
    if (xps_resource_dictionary_has_transparency(ctx, xps_down(node)))


drawing contents:
if ((!strcmp(xps_tag(node), "FixedPage.Resources")) && (xps_down(node) != 0))
    if (xps_parse_resource_dictionary(ctx, xps_down(node)))

Comment 1 norbert.janssen 2009-07-10 07:27:19 UTC

Created attachment 5204 [details]
InvisibleObjects.xps

xps testfile from MicroSoft.

Note that this testfile also reveals a another bug in the GhostXPS interpreter
(the part outside the box should not be visible), when the nullptr crash is
fixed

Comment 2 norbert.janssen 2009-07-10 08:01:48 UTC

I just printed with latest version and noticed that the part outside the box is
also invisible. So you can forget the last paragraph in comment #1

Comment 3 norbert.janssen 2009-07-10 11:20:47 UTC

for location of xps sampledocuments:
http://www.microsoft.com/whdc/XPS/XpsSamples.mspx

Comment 4 Masaki Ushizaka 2009-08-14 03:02:26 UTC

Reproduced with ghostpdl r9973 + gs r9980 on Mac OS X.

(gdb) run InvisibleObjects.xps
Starting program: /Users/mushizak/develop/artifex/ghostpdl/xps/obj/gxps InvisibleObjects.xps
Reading symbols for shared libraries +++++++... done

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000004
0x002ebd4e in xps_att (item=0x0, att=0x3504e4 "Source") at ../xps/xpsxml.c:281
281	    for (i = 0; item->atts[i]; i += 2)
(gdb) where
#0  0x002ebd4e in xps_att (item=0x0, att=0x3504e4 "Source") at ../xps/xpsxml.c:281
#1  0x002ef30c in xps_resource_dictionary_has_transparency (ctx=0xc99340, root=0x0) at 
../xps/xpsanalyze.c:34
#2  0x002ee6ad in xps_parse_fixed_page (ctx=0xc99340, part=0xc9d5c4) at ../xps/xpspage.c:199
#3  0x002edcb7 in xps_process_part (ctx=0xc99340, part=0xcad2bc) at ../xps/xpsdoc.c:920
#4  0x002eb447 in xps_process_data (ctx=0xc99340, buf=0xbfffead0) at ../xps/xpszip.c:529
#5  0x00002606 in xps_imp_process (pinstance=0xc99300, pcursor=0xbfffead0) at 
../xps/xpstop.c:224
#6  0x00320a8f in pl_process (instance=0xc99300, cursor=0xbfffead0) at ../pl/pltop.c:148
#7  0x0032b8f7 in pl_main (argc=2, argv=0xbffff900) at ../pl/plmain.c:399
#8  0x0032d911 in main (argc=2, argv=0xbffff900) at ../pl/plmain.c:1280
(gdb)

Comment 5 Marcos H. Woehrmann 2011-09-18 21:47:00 UTC

Changing customer bugs that have been resolved more than a year ago to closed.