When attempting to render http://www.pdfill.com/example/pdf_commenting_new.pdf using "mutool draw -s t pdf_commenting_new.pdf 4" this triggers an ASAN complaint as quoted below. Valgrind complains similarly. ==19307==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000000238 at pc 0x563d4a2aa49d bp 0x7ffea6c773e0 sp 0x7ffea6c773d8 READ of size 1 at 0x613000000238 thread T0 #0 0x563d4a2aa49c in fz_colorspace_n source/fitz/colorspace.c:3606 #1 0x563d4a345d2f in fz_append_display_node source/fitz/list-device.c:403 #2 0x563d4a349117 in fz_list_fill_text source/fitz/list-device.c:765 #3 0x563d4a2b3088 in fz_fill_text source/fitz/device.c:210 #4 0x563d4a431024 in pdf_update_free_text_annot_appearance source/pdf/pdf-appearance.c:2214 #5 0x563d4a434513 in pdf_update_appearance source/pdf/pdf-appearance.c:2519 #6 0x563d4a418363 in pdf_load_annots source/pdf/pdf-annot.c:473 #7 0x563d4a48e635 in pdf_load_page source/pdf/pdf-page.c:1083 #8 0x563d4a2b6f0f in fz_load_page source/fitz/document.c:313 #9 0x563d4a244a33 in drawpage source/tools/mudraw.c:1044 #10 0x563d4a24618e in drawrange source/tools/mudraw.c:1209 #11 0x563d4a24a2eb in mudraw_main source/tools/mudraw.c:1921 #12 0x563d4a23d820 in main source/tools/mutool.c:127 #13 0x7f5e740cb560 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20560) #14 0x563d4a23d039 in _start (/home/user/src/mupdf/build/sanitize/mutool+0x154039) 0x613000000238 is located 56 bytes inside of 368-byte region [0x613000000200,0x613000000370) freed by thread T0 here: #0 0x7f5e74a588c8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd98c8) #1 0x563d4a37fd96 in fz_free_default source/fitz/memory.c:239 #2 0x563d4a37fc68 in fz_free source/fitz/memory.c:201 #3 0x563d4a290d08 in fz_drop_colorspace_imp source/fitz/colorspace.c:147 #4 0x563d4a3e2c0f in fz_drop_key_storable source/fitz/store.c:218 #5 0x563d4a2911c5 in fz_drop_colorspace source/fitz/colorspace.c:191 #6 0x563d4a431318 in pdf_update_free_text_annot_appearance source/pdf/pdf-appearance.c:2226 #7 0x563d4a434513 in pdf_update_appearance source/pdf/pdf-appearance.c:2519 #8 0x563d4a418363 in pdf_load_annots source/pdf/pdf-annot.c:473 #9 0x563d4a48e635 in pdf_load_page source/pdf/pdf-page.c:1083 #10 0x563d4a2b6f0f in fz_load_page source/fitz/document.c:313 #11 0x563d4a244a33 in drawpage source/tools/mudraw.c:1044 #12 0x563d4a24618e in drawrange source/tools/mudraw.c:1209 #13 0x563d4a24a2eb in mudraw_main source/tools/mudraw.c:1921 #14 0x563d4a23d820 in main source/tools/mutool.c:127 #15 0x7f5e740cb560 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20560) previously allocated by thread T0 here: #0 0x7f5e74a58c20 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xd9c20) #1 0x563d4a37fd4f in fz_malloc_default source/fitz/memory.c:227 #2 0x563d4a37ef0f in do_scavenging_malloc source/fitz/memory.c:22 #3 0x563d4a37f60d in fz_calloc source/fitz/memory.c:124 #4 0x563d4a290e6d in fz_new_colorspace source/fitz/colorspace.c:162 #5 0x563d4a2aaf5f in fz_new_icc_colorspace source/fitz/colorspace.c:3709 #6 0x563d4a295756 in fz_set_cmm_engine source/fitz/colorspace.c:755 #7 0x563d4a29593a in fz_new_colorspace_context source/fitz/colorspace.c:773 #8 0x563d4a2ae647 in fz_new_context_imp source/fitz/context.c:247 #9 0x563d4a24868f in mudraw_main source/tools/mudraw.c:1591 #10 0x563d4a23d820 in main source/tools/mutool.c:127 #11 0x7f5e740cb560 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20560)
A proposed patch to resolve this is available in 321ba1de287016b0036bf4a56ce774ad11763384.
Fixed in commit 321ba1de287016b0036bf4a56ce774ad11763384 Author: Sebastian Rasmussen <sebras@gmail.com> Date: Tue Dec 19 23:47:47 2017 +0100 Bug 698825: Do not drop borrowed colorspaces. Previously the borrowed colorspace was dropped when updating annotation appearances, leading to use after free warnings from valgrind/ASAN.
*** Bug 698873 has been marked as a duplicate of this bug. ***