Bug 698877

Summary: crash in fast_rgb_to_cmyk
Product: MuPDF Reporter: isabella <izaberina>
Component: mupdfAssignee: MuPDF bugs <mupdf-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: mjg, tor.andersson
Priority: P4    
Version: unspecified   
Hardware: PC   
OS: Linux   
Customer: Word Size: ---
Attachments: patch to fix the issue

Description isabella 2018-01-20 20:00:18 UTC
Created attachment 14609 [details]
patch to fix the issue

fast_rgb_to_cmyk does this
if ((copy_spots || ss != ds) || (!da && sa)) 

it should probably do this instead
if ((copy_spots && ss != ds) || (!da && sa))
Comment 1 M.J.G. 2018-03-11 07:20:40 UTC
It's a bit strange to have this bug report here with a patch but without any report... In any case, I've got a bug report over at the fedora bz:

https://bugzilla.redhat.com/show_bug.cgi?id=1553915

It comes with a PDF that makes mupdf segfault with

mupdf: source/fitz/colorspace.c:1399: fast_rgb_to_cmyk: Assertion `"This should never happen" == NULL' failed.

which is why I quote it here. This is with mupdf-1.12.0-5.fc27.x86_64 which is 1.12.0 plus several patches for CVEs.
Comment 2 Tor Andersson 2018-11-07 22:07:36 UTC
commit a101366eeb06d375b32d96f305bce5bc131f7b03
Author: Tor Andersson <tor.andersson@artifex.com>
Date:   Tue Oct 16 15:43:17 2018 +0200

    Fix asserts and checks in fast_xxx_to_yyy functions.
    
    fast_rgb_to_cmyk had || instead of && so always triggered incorrectly.
    
    Only throw, no need to both assert and throw.