Bug 698888

Summary: oss-fuzz 5503/5598: Assert triggered in copy_node_types()
Product: MuPDF Reporter: Sebastian Rasmussen <sebastian.rasmussen>
Component: mupdfAssignee: Sebastian Rasmussen <sebastian.rasmussen>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P4    
Version: unspecified   
Hardware: PC   
OS: Linux   
Customer: Word Size: ---
Attachments: Minimized PDF from oss-fuzz.

Description Sebastian Rasmussen 2018-01-22 06:47:36 UTC 
Created attachment 14619 [details]
Minimized PDF from oss-fuzz.

Running

build/sanitize/mutool draw -s t ./oss-fuzz-5503.pdf 

causes

error: cannot recognize xref format
warning: trying to repair broken xref
warning: repairing PDF document
warning: object missing 'endobj' token
warning: ignoring invalid character in hex string
warning: ... repeated 3 times ...
warning: bf_range limits out of range in cmap pdfapi2-MyReCBH~1380294183+0
warning: ignoring invalid character in hex string
warning: ... repeated 56 times ...
warning: premature end of data in flate filter
warning: ignoring invalid character in hex string
warning: ... repeated 17 times ...
warning: lexical error (unexpected '>')
warning: ... repeated 2 times ...
warning: ignoring invalid character in hex string
warning: ... repeated 6 times ...
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: ... repeated 2 times ...
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: ... repeated 2 times ...
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: ... repeated 9 times ...
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: ... repeated 3 times ...
warning: lexical error (unexpected '>')
warning: ... repeated 4 times ...
warning: ignoring invalid character in hex string
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: ... repeated 2 times ...
warning: lexical error (unexpected '>')
warning: ... repeated 2 times ...
warning: ignoring invalid character in hex string
warning: ... repeated 9 times ...
warning: premature end of data in flate filter
mutool: source/pdf/pdf-cmap.c:701: copy_node_types: Assertion `node->low == node->high' failed.
Aborted
Comment 1 Sebastian Rasmussen 2018-01-22 18:17:16 UTC 
I have a tentative fix awaiting review in commit 05cb1243fab1ebd9771d1791f39706e2339abfa5 that appears to fix this issue.
Comment 2 Sebastian Rasmussen 2018-01-26 09:05:18 UTC 
Fixed in 

commit 71ceebcf56e682504da22c4035b39a2d451e8ffd
Author: Sebastian Rasmussen <sebras@gmail.com>
Date:   Tue Jan 23 03:04:33 2018 +0100

    Bug 698888: Keep one-to-many state when splitting nodes in cmap splay trees.
    
    Thanks to oss-fuzz for reporting this.