Created attachment 11757 [details] crashing input sample The attached files will cause a null pointer access / segfault in jbig2dec. Both have slightly different stack traces, but look similar. Address Sanitizer stack traces: ==6967==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x00000051c067 bp 0x000000000001 sp 0x7fff3bb8ff10 T0) #0 0x51c066 in jbig2_image_get_pixel /f/jbig2dec/jbig2dec-0.12/jbig2_image.c:328:17 #1 0x508e4b in jbig2_decode_refinement_template1_unopt /f/jbig2dec/jbig2dec-0.12/jbig2_refinement.c:134:18 #2 0x508e4b in jbig2_decode_refinement_region /f/jbig2dec/jbig2dec-0.12/jbig2_refinement.c:391 #3 0x50a993 in jbig2_refinement_region /f/jbig2dec/jbig2dec-0.12/jbig2_refinement.c:558:12 #4 0x4eba5b in jbig2_parse_segment /f/jbig2dec/jbig2dec-0.12/jbig2_segment.c:280:14 #5 0x4e81fa in jbig2_data_in /f/jbig2dec/jbig2dec-0.12/jbig2.c:364:11 #6 0x4dee17 in main /f/jbig2dec/jbig2dec-0.12/jbig2dec.c:454:11 #7 0x7f8c84569f9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289 #8 0x437e56 in _start (/mnt/ram/jb2/jbig2dec+0x437e56) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /f/jbig2dec/jbig2dec-0.12/jbig2_image.c:328 jbig2_image_get_pixel ==6967==ABORTING ==29123==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x00000051c067 bp 0x000000000000 sp 0x7fff5a2e2010 T0) #0 0x51c066 in jbig2_image_get_pixel /f/jbig2dec/jbig2dec-0.12/jbig2_image.c:328:17 #1 0x509290 in jbig2_decode_refinement_template0_unopt /f/jbig2dec/jbig2dec-0.12/jbig2_refinement.c:78:18 #2 0x509290 in jbig2_decode_refinement_region /f/jbig2dec/jbig2dec-0.12/jbig2_refinement.c:394 #3 0x50a993 in jbig2_refinement_region /f/jbig2dec/jbig2dec-0.12/jbig2_refinement.c:558:12 #4 0x4eba5b in jbig2_parse_segment /f/jbig2dec/jbig2dec-0.12/jbig2_segment.c:280:14 #5 0x4e81fa in jbig2_data_in /f/jbig2dec/jbig2dec-0.12/jbig2.c:364:11 #6 0x4dee17 in main /f/jbig2dec/jbig2dec-0.12/jbig2dec.c:454:11 #7 0x7efe8c774f9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289 #8 0x437e56 in _start (/mnt/ram/jb2/jbig2dec+0x437e56) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /f/jbig2dec/jbig2dec-0.12/jbig2_image.c:328 jbig2_image_get_pixel ==29123==ABORTING
Created attachment 11758 [details] crashing input sample 2
Created attachment 11885 [details] Patch to check for missing image The attached sample images try to access an image that does not exist. This patch checks that the cloned image exists before proceeding further.
Fixed in http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c48fb6fb210b852d4156ea303c3ba0e9060c7a75