Bug 698888 - oss-fuzz 5503/5598: Assert triggered in copy_node_types()
Summary: oss-fuzz 5503/5598: Assert triggered in copy_node_types()
Status: RESOLVED FIXED
Alias: None
Product: MuPDF
Classification: Unclassified
Component: mupdf (show other bugs)
Version: unspecified
Hardware: PC Linux
: P4 normal
Assignee: Sebastian Rasmussen
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-22 06:47 UTC by Sebastian Rasmussen
Modified: 2019-05-08 14:00 UTC (History)
0 users

See Also:
Customer:
Word Size: ---

Attachments
Minimized PDF from oss-fuzz. (4.42 KB, application/pdf)
2018-01-22 06:47 UTC, Sebastian Rasmussen 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Rasmussen 2018-01-22 06:47:36 UTC 
Created attachment 14619 [details]
Minimized PDF from oss-fuzz.

Running

build/sanitize/mutool draw -s t ./oss-fuzz-5503.pdf 

causes

error: cannot recognize xref format
warning: trying to repair broken xref
warning: repairing PDF document
warning: object missing 'endobj' token
warning: ignoring invalid character in hex string
warning: ... repeated 3 times ...
warning: bf_range limits out of range in cmap pdfapi2-MyReCBH~1380294183+0
warning: ignoring invalid character in hex string
warning: ... repeated 56 times ...
warning: premature end of data in flate filter
warning: ignoring invalid character in hex string
warning: ... repeated 17 times ...
warning: lexical error (unexpected '>')
warning: ... repeated 2 times ...
warning: ignoring invalid character in hex string
warning: ... repeated 6 times ...
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: ... repeated 2 times ...
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: ... repeated 2 times ...
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: ... repeated 9 times ...
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: ... repeated 3 times ...
warning: lexical error (unexpected '>')
warning: ... repeated 4 times ...
warning: ignoring invalid character in hex string
warning: lexical error (unexpected '>')
warning: ignoring invalid character in hex string
warning: ... repeated 2 times ...
warning: lexical error (unexpected '>')
warning: ... repeated 2 times ...
warning: ignoring invalid character in hex string
warning: ... repeated 9 times ...
warning: premature end of data in flate filter
mutool: source/pdf/pdf-cmap.c:701: copy_node_types: Assertion `node->low == node->high' failed.
Aborted
Comment 1 Sebastian Rasmussen 2018-01-22 18:17:16 UTC 
I have a tentative fix awaiting review in commit 05cb1243fab1ebd9771d1791f39706e2339abfa5 that appears to fix this issue.
Comment 2 Sebastian Rasmussen 2018-01-26 09:05:18 UTC 
Fixed in 

commit 71ceebcf56e682504da22c4035b39a2d451e8ffd
Author: Sebastian Rasmussen <sebras@gmail.com>
Date:   Tue Jan 23 03:04:33 2018 +0100

    Bug 698888: Keep one-to-many state when splitting nodes in cmap splay trees.
    
    Thanks to oss-fuzz for reporting this.