There is a type confusion in JBIG2Decode. In `z_jbig2decode`, `sop` comes from the dictionary argument:
It is then assumed to be of struct type without checking and used in `r_ptr`, with the result cast into `s_jbig2_global_data_t`. The following illustrates the type confusion issue:
gs -q -sDEVICE=ppmraw -dSAFER -dJBIG2
GS><</.jbig2globalctx 16#41 >> /JBIG2Decode filter
Segmentation fault (core dumped)
Tested on a build with commit 2dceb04.
Thank you very much for your help and please let me know if there is anything I can help.
By the way, when I filed the issue, the `Possible Duplicates` field showed up with some suggestions. As it only showed another ticket that I filed, I don't know if it would give suggestions of tickets from other people. I suggest that for security issues, the duplicate detection should only show tickets that the user filed, otherwise someone can just type in different security issue names in the title to potentially discover undisclosed security issues.
Man Yue Mo
Fixed in commit 606a22e77e7f081781e99e44644cd0119f559e03