When running this jpeg image: https://raw.githubusercontent.com/Grumbel/imagetestsuite/master/jpg/21a84b8472f6d18f5bb5c0026e97cfaa.jpg using the following command: valgrind ./build/debug/mutool draw -i -s t 21a84b8472f6d18f5bb5c0026e97cfaa.jpg I see a SIGSEGV: ==11895== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info ... Corrupt JPEG data: 87 extraneous bytes before marker 0xdb ==11895== Process terminating with default action of signal 11 (SIGSEGV) ==11895== Bad permissions for mapped region at address 0x809B739 ==11895== at 0x8072D5D: fz_vthrow (error.c:163) ==11895== by 0x8072DEE: fz_throw (error.c:185) ==11895== by 0x8091855: error_exit (load-jpeg.c:70) ==11895== by 0x81BBE7A: get_sos (jdmarker.c:371) ==11895== by 0x81BE9DA: read_markers (jdmarker.c:1152) ==11895== by 0x81BB1F1: consume_markers (jdinput.c:568) ==11895== by 0x81B935F: jpeg_consume_input (jdapimin.c:302) ==11895== by 0x81B928E: jpeg_read_header (jdapimin.c:250) ==11895== by 0x809252A: fz_load_jpeg_info (load-jpeg.c:360) ==11895== by 0x808CDB2: fz_new_image_from_buffer (image.c:960) ==11895== by 0x8100A85: img_open_document_with_stream (muimg.c:120) ==11895== by 0x8100B60: img_open_document (muimg.c:143)
I believe that the following files fail for the same reason, i.e. it crashed while reporting errors from the jpeg decoder: https://raw.githubusercontent.com/Grumbel/imagetestsuite/master/jpg/$FILENAME 28968137f4fc75fbf56f16d7a7a8551a.jpg 3ba6af611cc5467cfdbd5566561b8478.jpg 3cc4a7fc6481ea3681138da4643f3d16.jpg 3ef05501315073d9d4e1c6b654d99ac0.jpg 46e5ac4a62d7a445a7c1fb704fafe05c.jpg 5633ed9d0eb700d0093bf85d86a95ebf.jpg 5a43fa2cf9c1e47f0331ef71b928ee55.jpg 627c0779eb46b98f751187c5c9f43aa3.jpg 6903d4538fd33c8fd0ded32cb30d618e.jpg 6de166ee2a3a60df9017650e2a808408.jpg 754664a12e36abff7950e796c906ae39.jpg 7e7cdf7f4ee50b308531313bbf43e0c3.jpg 8417a305e3b43d5b1bda4ff06a660c54.jpg 897b8b6d8feb466aa6cad5f512c3fce2.jpg 8e330afbd99ba01b66570ed62fcdc6ab.jpg 90e46387f562ca8fa106b51dfcda1dc6.jpg acce3629083f0e348e94fb58f952d3de.jpg adcb34b94f4c839bdd29037419a0ee53.jpg c1ca5583e4bfadc73e7fe9418b6e6bf4.jpg c4ced510f44a9bfe85c696c05a7f791d.jpg c8bc97335529d069a753c67475b8c82c.jpg cc23dd79637b606cf5ba234a037e17ba.jpg ce380515a534e8226209daae00e7b4e8.jpg d3b044a94486cae0224c002800ddd642.jpg de4ae285a275bcfe2ac87c0126742552.jpg e18bb52107598f65b81b02be2c6c5124.jpg eddea4ef9629be031f750a8ff0b7497c.jpg ef724193653930f52acffa90e6426fd2.jpg fddcfc778ada60229380c2493fc4c243.jpg
This should probably be marked as fuzzing, sorry for the noise.
*** Bug 697164 has been marked as a duplicate of this bug. ***
Fixed in commit 2945b540908b2c05cc730335829726675028475b.