Created attachment 10693 [details] Crashes and hangs. We had a fuzzer tool generate many PDFs that crash and hang muPDF on Android. Please find the archive attached. It contains the file that created a crash and a stack trace in the txt.
Thanks for the report and the attached files. Proposed fixes for some of these issues: * for the integer overflow in pdf_xref_size_from_old_trailer: http://git.ghostscript.com/?p=user/zeniko/mupdf.git;a=commitdiff;h=7223acff42988ca66dd8e75dcb06c4f67b9d0e1a * for the hangs in path flattening: http://git.ghostscript.com/?p=user/zeniko/mupdf.git;a=commitdiff;h=64c222a3886db70923b9a4d1c886e17d34281e55 * for the infinite loop in Freetype: https://code.google.com/p/sumatrapdf/source/browse/trunk/ext/_patches/freetype2.patch?spec=svn8620&r=8620#74
I've reported the Freetype issue upstream as https://savannah.nongnu.org/bugs/index.php?41590 BTW: The crashers seem to have been fixed already as far as I can tell. Do the files requiring a password crash when opened with the password or do they crash without a password prompt?
I am honestly not sure what the behavior of those is. These samples have been provided by a 3rd party.
When can we expect to see the fixes in a released package?
(In reply to comment #4) > When can we expect to see the fixes in a released package? Releases for MuPDF are currently scheduled for March and September of each year. You should thus get these fixes in a release build within the next month.
Removing the Android tag here, as these problems look to be in the core of MuPDF rather than being Android specific.
What about following crash? E/AndroidRuntime(18359): java.lang.UnsatisfiedLinkError: dlopen failed: cannot locate symbol "strtof" referenced by "libmupdf.so"...
(In reply to Jitesh Lalwani from comment #7) > What about following crash? > > E/AndroidRuntime(18359): java.lang.UnsatisfiedLinkError: dlopen failed: > cannot locate symbol "strtof" referenced by "libmupdf.so"... In what way is that connected with this bug report ?
I suggest that this bug be closed. After a couple of hours of bisecting I have now determined that all the issues exhibited by the 55 attached PDFs have been resolved since 1.2. Most by zeniko, robin and fredrossperry. Details below. SIGSEGV-070214-125025-294.pdf SIGSEGV-070214-135117-7.pdf SIGSEGV-070214-141527-132.pdf SIGSEGV-070214-153520-31.pdf SIGSEGV-070214-210731-226.pdf SIGSEGV-080214-001832-158.pdf SIGSEGV-080214-141736-64.pdf SIGSEGV-080214-174551-209.pdf SIGSEGV-080214-183817-180.pdf SIGSEGV-080214-211214-275.pdf SIGSEGV-080214-225022-278.pdf SIGSEGV-090214-031457-187.pdf SIGSEGV-090214-055227-289.pdf SIGSEGV-090214-074703-165.pdf SIGSEGV-090214-132516-287.pdf SIGSEGV-090214-223606-3.pdf SIGSEGV-100214-031331-276.pdf SIGSEGV-100214-055356-134.pdf SIGSEGV-100214-060842-124.pdf These worked out of the box in 1.2: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=9d20a4f3a69fdea855f8678c1ad50b5db7472d81 SIGABRT-070214-173711-9.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=527afcaa0744472d7ad2ef84ce79ab34a036ad85 SIGABRT-070214-235544-6.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=835488aa0fb45f7c752f12f7184c76df26e8e5dc SIGABRT-090214-045131-116.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=527afcaa0744472d7ad2ef84ce79ab34a036ad85 SIGABRT-090214-054007-189.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=835488aa0fb45f7c752f12f7184c76df26e8e5dc SIGABRT-090214-073019-69.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=835488aa0fb45f7c752f12f7184c76df26e8e5dc SIGABRT-090214-113325-239.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=835488aa0fb45f7c752f12f7184c76df26e8e5dc SIGABRT-090214-235300-139.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=835488aa0fb45f7c752f12f7184c76df26e8e5dc SIGSEGV-070214-174847-58.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=527afcaa0744472d7ad2ef84ce79ab34a036ad85 SIGSEGV-070214-193825-129.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=527afcaa0744472d7ad2ef84ce79ab34a036ad85 SIGSEGV-080214-203043-271.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=527afcaa0744472d7ad2ef84ce79ab34a036ad85 SIGSEGV-090214-002802-245.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=527afcaa0744472d7ad2ef84ce79ab34a036ad85 SIGSEGV-100214-011252-226.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=527afcaa0744472d7ad2ef84ce79ab34a036ad85 SIGSEGV-100214-015140-81.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=835488aa0fb45f7c752f12f7184c76df26e8e5dc SIGSEGV-100214-025204-187.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=835488aa0fb45f7c752f12f7184c76df26e8e5dc SIGSEGV-100214-032831-186.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=7e2fd58613a92dfd94550e35cfede9fa5b714e7f hang-070214-232647-177.pdf hang-080214-013356-214.pdf hang-080214-163033-256.pdf hang-090214-032319-156.pdf hang-100214-080937-163.pdf hang-080214-181527-138.pdf hang-090214-015108-51.pdf These worked out of the box in 1.2: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=9d20a4f3a69fdea855f8678c1ad50b5db7472d81 hang-070214-144840-137.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=a985147b714a928646f1b5350bc1d7ae0866c615 hang-070214-163132-74.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=cb6fca717d7deef4de48fcb54d7eefe768f06bb9 hang-070214-214127-114.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=6a0253dab60fb9e94e5d9a21826cf1bc6e83e03a hang-080214-010754-87.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=a985147b714a928646f1b5350bc1d7ae0866c615 hang-080214-152005-90.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=9f879e14e5645aff6b4be27271f2196c05f5a193 hang-080214-190111-53.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=cb6fca717d7deef4de48fcb54d7eefe768f06bb9 hang-090214-022051-78.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=cb6fca717d7deef4de48fcb54d7eefe768f06bb9 hang-090214-050329-164.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=6a0253dab60fb9e94e5d9a21826cf1bc6e83e03a hang-090214-143518-64.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=cb6fca717d7deef4de48fcb54d7eefe768f06bb9 hang-090214-181103-111.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=9f879e14e5645aff6b4be27271f2196c05f5a193 hang-090214-193551-230.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=9f879e14e5645aff6b4be27271f2196c05f5a193 hang-090214-211402-4.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=cb6fca717d7deef4de48fcb54d7eefe768f06bb9 hang-090214-230709-184.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=9f879e14e5645aff6b4be27271f2196c05f5a193 hang-100214-053010-269.pdf Fixed by http://git.ghostscript.com/?p=mupdf.git;a=commit;h=9a0954091d7108be84f5d9a624d8e7d0d7beced8
The PDFs in the attached archive can definitely cause issue with MuPDF 1.2, but several has been fixed since then as mentioned in my previous comment.
The last remaining issue, caused by SIGABRT-090214-045131-116.pdf, was to validate the length of an encryption key. This which was fixed today: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=afef491c2f4651d84315bbaf41daa750854f6fe5