| Summary: | crash in fast_rgb_to_cmyk | ||
|---|---|---|---|
| Product: | MuPDF | Reporter: | isabella <izaberina> |
| Component: | mupdf | Assignee: | MuPDF bugs <mupdf-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | mjg, tor.andersson |
| Priority: | P4 | ||
| Version: | unspecified | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Customer: | Word Size: | --- | |
| Attachments: | patch to fix the issue | ||
It's a bit strange to have this bug report here with a patch but without any report... In any case, I've got a bug report over at the fedora bz: https://bugzilla.redhat.com/show_bug.cgi?id=1553915 It comes with a PDF that makes mupdf segfault with mupdf: source/fitz/colorspace.c:1399: fast_rgb_to_cmyk: Assertion `"This should never happen" == NULL' failed. which is why I quote it here. This is with mupdf-1.12.0-5.fc27.x86_64 which is 1.12.0 plus several patches for CVEs. commit a101366eeb06d375b32d96f305bce5bc131f7b03 Author: Tor Andersson <tor.andersson@artifex.com> Date: Tue Oct 16 15:43:17 2018 +0200 Fix asserts and checks in fast_xxx_to_yyy functions. fast_rgb_to_cmyk had || instead of && so always triggered incorrectly. Only throw, no need to both assert and throw. |
Created attachment 14609 [details] patch to fix the issue fast_rgb_to_cmyk does this if ((copy_spots || ss != ds) || (!da && sa)) it should probably do this instead if ((copy_spots && ss != ds) || (!da && sa))