Created attachment 14621 [details] Minimzed PDF from oss-fuzz. Oss-fuzz claims to see an assert get triggered in fz_draw_end_group(). I cannot reproduce this yet, or get ASAN or valgrind to complain: error: cannot recognize xref format warning: trying to repair broken xref warning: repairing PDF document warning: object missing 'endobj' token warning: ignoring object with invalid object number (0 0 R) error: invalid key in dict error: name too long warning: skipping ahead to next token error: invalid key in dict warning: ignoring broken object (15 0 R) error: Illegal dimensions for pixmap -16777216 0 error: cannot recognize xref format warning: trying to repair broken xref warning: repairing PDF document warning: object missing 'endobj' token warning: ignoring object with invalid object number (0 0 R) error: invalid key in dict error: name too long warning: skipping ahead to next token error: invalid key in dict warning: ignoring broken object (15 0 R) error: could not parse color space (3 0 R) warning: Error while reading DefaultRGB: could not parse color space (3 0 R) error: could not parse color space (3 0 R) warning: ignoring zlib error: incorrect data check warning: ... repeated 3 times ... warning: premature end of data in flate filter warning: ... repeated 2 times ... warning: padding truncated image warning: lcms error: Couldn't link the profiles error: cmsCreateTransform failed warning: unrecoverable error; ignoring rest of page pdf_fuzzer: source/fitz/draw-device.c:2435: void fz_draw_end_group(fz_context *, fz_device *): Assertion `state[0].group_alpha == NULL || state[0].group_alpha != state[1].group_alpha' failed. AddressSanitizer:DEADLYSIGNAL ================================================================= ==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7f839e38a428 bp 0x000000d143c0 sp 0x7ffd7077db18 T0) SCARINESS: 10 (signal) #0 0x7f839e38a427 in gsignal /build/glibc-bfm8X4/glibc-2.23/sysdeps/unix/sysv/linux/raise.c:54 #1 0x7f839e38c029 in abort /build/glibc-bfm8X4/glibc-2.23/stdlib/abort.c:89 #2 0x7f839e382bd6 in __assert_fail_base /build/glibc-bfm8X4/glibc-2.23/assert/assert.c:92 #3 0x7f839e382c81 in __assert_fail /build/glibc-bfm8X4/glibc-2.23/assert/assert.c:101 #4 0x5d09b1 in fz_draw_end_group /src/mupdf/source/fitz/draw-device.c:2435:2 #5 0x71cd53 in fz_end_group /src/mupdf/source/fitz/device.c:460:3 #6 0x899581 in pdf_run_xobject /src/mupdf/source/pdf/pdf-op-run.c:1319:6 #7 0x7f6c5d in pdf_process_Do /src/mupdf/source/pdf/pdf-interpret.c:353:5 #8 0x7f20a1 in pdf_process_keyword /src/mupdf/source/pdf/pdf-interpret.c:788:19 #9 0x7ed24b in pdf_process_stream /src/mupdf/source/pdf/pdf-interpret.c:963:6 #10 0x7ec8c8 in pdf_process_contents /src/mupdf/source/pdf/pdf-interpret.c:1057:3 #11 0x840c4d in pdf_run_page_contents_with_usage /src/mupdf/source/pdf/pdf-run.c:84:3 #12 0x840593 in pdf_run_page_contents /src/mupdf/source/pdf/pdf-run.c:110:3 #13 0x5c04e0 in fz_run_page_contents /src/mupdf/source/fitz/document.c:368:4 #14 0x5c081f in fz_run_page /src/mupdf/source/fitz/document.c:400:2 #15 0x6a3ea1 in fz_new_pixmap_from_page /src/mupdf/source/fitz/util.c:237:3 #16 0x6a4176 in fz_new_pixmap_from_page_number /src/mupdf/source/fitz/util.c:261:9 #17 0x51d316 in LLVMFuzzerTestOneInput /src/mupdf/source/fuzz/pdf_fuzzer.cc:33:13
Fixed in commit b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a Author: Sebastian Rasmussen <sebras@gmail.com> Date: Sat Feb 3 02:52:59 2018 +0100 Bug 698890: Remember to end groups when showing images.