Bug 691958 - jbig2_complete_page doesn't check if there's a page at all
Summary: jbig2_complete_page doesn't check if there's a page at all
Status: RESOLVED FIXED
Alias: None
Product: jbig2dec
Classification: Unclassified
Component: Parsing (show other bugs)
Version: 0.11
Hardware: All All
: P4 normal
Assignee: Tor Andersson
URL:
Keywords: bountiable
Depends on:
Blocks:
 
Reported: 2011-02-12 12:02 UTC by zeniko
Modified: 2012-01-24 13:50 UTC (History)
4 users (show)

See Also:
Customer:
Word Size: ---

Attachments
testcase (506 bytes, application/pdf)
2011-02-12 12:02 UTC, zeniko 		Details
Patch for Bug 691958 (493 bytes, patch)
2011-11-06 23:01 UTC, Shailesh Mistry 		Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description zeniko 2011-02-12 12:02:50 UTC 
Created attachment 7238 [details]
testcase

... setting the page's state to JBIG2_PAGE_COMPLETE even if the page's image is NULL, leading to a NULL pointer dereference in jbig2_page_out.

To reproduce, load the attached document in MuPDF.
Comment 1 Shailesh Mistry 2011-11-06 23:01:28 UTC 
Created attachment 8082 [details]
Patch for Bug 691958

This patch checks for an image before marking a page as complete. Otherwise, the page remains flagged as free and can be recovered by the normal mechanism.
Comment 2 Shailesh Mistry 2011-11-21 20:58:23 UTC 
Updated patch committed in f7f2daea2778213306a3edfe87a8f72af494427a
Comment 3 Robin Watts 2012-01-24 13:50:09 UTC 
Under MuPDF this test file still crashes, due to jbig2_image_clone being called with image = NULL. I've committed a trivial fix for this as:

commit dbbd539088760077581f72787ca9adbbeb9e569e
Author: Robin Watts <robin.watts@artifex.com>
Date:   Tue Jan 24 00:22:44 2012 +0000

    Make xps_free_context cope with NULL arg.

    All destructors should accept NULL.

This cures both:

  tests_private/pdf/sumatra/691958 - jbig2dec crash.pdf

and

  tests_private/pdf/sumatra/1239 - skip invalid content streams.pdf