698927 – mupdf 1.12 crash with this PDF (1.11 no)

Bug 698927 - mupdf 1.12 crash with this PDF (1.11 no)

Summary: mupdf 1.12 crash with this PDF (1.11 no)

Status:	RESOLVED FIXED

Alias:	None

Product:	MuPDF
Classification:	Unclassified
Component:	mupdf (show other bugs)
Version:	1.12.0
Hardware:	Android Phone Android

Importance:	P4 normal
Assignee:	Michael Vrhel

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-01-26 06:28 UTC by foobnix
Modified:	2018-07-03 18:04 UTC (History)
CC List:	1 user (show)

See Also:
Customer:
Word Size:	---

Attachments
crash.pdf (343.90 KB, application/pdf) 2018-01-26 06:28 UTC, foobnix	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description foobnix 2018-01-26 06:28:53 UTC

Created attachment 14660 [details]
crash.pdf

Please check mupdf 1.12 crash with this PDF file

Comment 1 Sebastian Rasmussen 2018-01-26 07:16:28 UTC

I see an assert() being triggered in debug mode:
mutool: source/fitz/colorspace.c:3245: std_conv_color: Assertion `srcs->to_ccs && dsts->from_ccs' failed.

This is because both srcs->to_ccs and dsts->from_css are == NULL. We're attempting to a conversion CalGray -> CalRGB. Both pointers are set to NULL when fz_new_cal_colorspace() sets both conversion functions to NULL. If there is no CMS then k_default_gray and k_default_rgb set valid pointers.

Looks like fz_new_cal_colorspace() really ought to set the pointers..?

Comment 2 Sebastian Rasmussen 2018-01-26 07:28:11 UTC

Perhaps fz_find_color_converter() ought to handle Cal-colorspaces like it handles ICC-colorspaces since fz_source_colorspace_cm() seems to look for both types, but in the succeeding test Cal-colorspaces are not checked for.

I tried to do:

diff --git a/source/fitz/colorspace.c b/source/fitz/colorspace.c
index 336513fe..45cd59e4 100644
--- a/source/fitz/colorspace.c
+++ b/source/fitz/colorspace.c
@@ -3418,7 +3418,7 @@ void fz_find_color_converter(fz_context *ctx, fz_color_converter *cc, const fz_c
        else
        {
                const fz_colorspace *ss_base = fz_source_colorspace_cm(ctx, ss);
-               if (ss_base != NULL && fz_colorspace_is_icc(ctx, ds))
+               if (ss_base != NULL && (fz_colorspace_is_icc(ctx, ds) || fz_colorspace_is_cal(ctx, ds)))
                {
                        if (ss_base == ss)
                                cc->convert = icc_conv_color;


But that lead to a crash inside cmsGetColorSpace() later on, presumably because fz_cmm_init_profile() failed to make a profile in fz_get_icc_link() and then went on to use the default.

I'm out of my depth here. Either someone with more knowledge needs to look into this one or I have to spend more time trying to figure out how this is supposed to work.

Comment 3 foobnix 2018-01-26 07:31:42 UTC

I don't sure it's affect other pdfs, but this line fix this file


- if (srcs != dsts)
+ if (srcs != dsts && srcs->to_ccs != NULL)

Comment 4 Sebastian Rasmussen 2018-01-26 07:46:45 UTC

(In reply to foobnix from comment #3)
> I don't sure it's affect other pdfs, but this line fix this file
> 
> 
> - if (srcs != dsts)
> + if (srcs != dsts && srcs->to_ccs != NULL)

Yes I can see that this would help, but then the conversion from CalGray to CalRGB might not be correct.

Comment 5 Michael Vrhel 2018-07-02 22:55:41 UTC

I see the issue.  I should have a fix for this shortly.

Comment 6 Michael Vrhel 2018-07-03 18:04:06 UTC

This works fine with head.  It think it was fixed with 

http://git.ghostscript.com/?p=mupdf.git;a=commit;h=56a752c928146b94838b09c7269c50b0aa800e68