Bug 698877 - crash in fast_rgb_to_cmyk
Summary: crash in fast_rgb_to_cmyk
Alias: None
Product: MuPDF
Classification: Unclassified
Component: mupdf (show other bugs)
Version: unspecified
Hardware: PC Linux
: P4 normal
Assignee: MuPDF bugs
Depends on:
Reported: 2018-01-20 20:00 UTC by isabella
Modified: 2018-11-07 22:07 UTC (History)
2 users (show)

See Also:
Word Size: ---

patch to fix the issue (912 bytes, patch)
2018-01-20 20:00 UTC, isabella
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description isabella 2018-01-20 20:00:18 UTC
Created attachment 14609 [details]
patch to fix the issue

fast_rgb_to_cmyk does this
if ((copy_spots || ss != ds) || (!da && sa)) 

it should probably do this instead
if ((copy_spots && ss != ds) || (!da && sa))
Comment 1 M.J.G. 2018-03-11 07:20:40 UTC
It's a bit strange to have this bug report here with a patch but without any report... In any case, I've got a bug report over at the fedora bz:


It comes with a PDF that makes mupdf segfault with

mupdf: source/fitz/colorspace.c:1399: fast_rgb_to_cmyk: Assertion `"This should never happen" == NULL' failed.

which is why I quote it here. This is with mupdf-1.12.0-5.fc27.x86_64 which is 1.12.0 plus several patches for CVEs.
Comment 2 Tor Andersson 2018-11-07 22:07:36 UTC
commit a101366eeb06d375b32d96f305bce5bc131f7b03
Author: Tor Andersson <tor.andersson@artifex.com>
Date:   Tue Oct 16 15:43:17 2018 +0200

    Fix asserts and checks in fast_xxx_to_yyy functions.
    fast_rgb_to_cmyk had || instead of && so always triggered incorrectly.
    Only throw, no need to both assert and throw.