Crash report can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=752388 I've reproduced bug for all latex generated PDFs.
Can you attach the file that crashes please? I can't see it on the redhat bug report.
(In reply to comment #0) > Crash report can be found here: > https://bugzilla.redhat.com/show_bug.cgi?id=752388 > I've reproduced bug for all latex generated PDFs. Really? I have mupdf-0.9-1.fc16.x86_64 and tried a few latex-generated PDFs. From the two redhat bugzilla backtraces though, it looks like it is string buffer overrun. Does your LaTeX pdf's have extremely long titles? apps/pdfapps.c: line 360 -ish, have this: ----------- static void pdfapp_showpage(pdfapp_t *app, int loadpage, int drawpage, int repaint) { char buf[256]; ----------- could you try changing the 256 to some large number, and/or the sprintf() a few lines down, to snprintf(buf, 256, ...)? --------------- if (drawpage) { sprintf(buf, "%s - %d/%d (%d dpi)", app->doctitle, -------------
Created attachment 8411 [details] a pdf with a stupidously long pdfdoc title Based on my inspection of the mupdf code and my suspection that I can overrun that string buffer, I made a pdf with a stupideously long pdfdoc title. And it crashes mupdf. Both xpdf and gs are happy to open it.
Fixed in: commit 33dc06b61c0816854193f006c35a9e797f098a22 Author: Robin Watts <robin.watts@artifex.com> Date: Tue Mar 13 19:38:56 2012 +0000 Bug 692882 - fix buffer overflow. Long doctitles (filenames in this case) can cause a buffer overflow. Fix here. Thanks to Hin-Tak and Pavel Zhukov. Thanks!