703103 – Segmentation fault template_affine_color_N_lerp

Bug 703103 - Segmentation fault template_affine_color_N_lerp

Summary: Segmentation fault template_affine_color_N_lerp

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	MuPDF
Classification:	Unclassified
Component:	mupdf (show other bugs)
Version:	1.18.0
Hardware:	PC All

Importance:	P4 normal
Assignee:	MuPDF bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-11-09 12:22 UTC by Chengbin Pang
Modified:	2021-02-25 14:32 UTC (History)
CC List:	1 user (show)

See Also:
Customer:
Word Size:	---

Attachments
poc file (588 bytes, text/plain) 2020-11-09 12:22 UTC, Chengbin Pang	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chengbin Pang 2020-11-09 12:22:36 UTC

Created attachment 20126 [details]
poc file

- version: 1.18.0
- how to build: make debug
- how to reproduce: ./mutool draw ./poc

The log of asan:
==13510==ERROR: AddressSanitizer: SEGV on unknown address 0x7f15be762080 (pc 0x000000d165b6 bp 0x000000000000 sp 0x7ffe46121dd0 T0)
==13510==The signal is caused by a READ memory access.
    #0 0xd165b6 in template_affine_color_N_lerp /home/ubuntu/fuzzing_mnt2/mupdf_new/source/fitz/draw-affine.c:1066:14
    #1 0xd16034 in paint_affine_color_lerp_N /home/ubuntu/fuzzing_mnt2/mupdf_new/source/fitz/draw-affine.c:3511:2
    #2 0xcff0a0 in fz_paint_image_imp /home/ubuntu/fuzzing_mnt2/mupdf_new/source/fitz/draw-affine.c:4080:3
    #3 0xcfb0f2 in fz_paint_image_with_color /home/ubuntu/fuzzing_mnt2/mupdf_new/source/fitz/draw-affine.c:4093:2
    #4 0x5e784e in fz_draw_fill_image_mask /home/ubuntu/fuzzing_mnt2/mupdf_new/source/fitz/draw-device.c:1926:3
    #5 0x5979d5 in fz_fill_image_mask /home/ubuntu/fuzzing_mnt2/mupdf_new/source/fitz/device.c:345:4
    #6 0x762f9f in fz_run_display_list /home/ubuntu/fuzzing_mnt2/mupdf_new/source/fitz/list-device.c:1815:5
    #7 0x4e3d1f in drawband /home/ubuntu/fuzzing_mnt2/mupdf_new/source/tools/mudraw.c:584:4
    #8 0x4dfe2a in dodrawpage /home/ubuntu/fuzzing_mnt2/mupdf_new/source/tools/mudraw.c:1062:6
    #9 0x4e4e64 in drawpage /home/ubuntu/fuzzing_mnt2/mupdf_new/source/tools/mudraw.c:1385:4
    #10 0x4d9551 in drawrange /home/ubuntu/fuzzing_mnt2/mupdf_new/source/tools/mudraw.c:1424:6
    #11 0x4d4a90 in mudraw_main /home/ubuntu/fuzzing_mnt2/mupdf_new/source/tools/mudraw.c:2363:7
    #12 0x4cac5b in main /home/ubuntu/fuzzing_mnt2/mupdf_new/source/tools/mutool.c:130:12
    #13 0x7f1542004bf6 in __libc_start_main /build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c:310
    #14 0x41e409 in _start (/home/ubuntu/fuzzing_mnt2/mupdf_debug/build/debug/mutool+0x41e409)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/ubuntu/fuzzing_mnt2/mupdf_new/source/fitz/draw-affine.c:1066:14 in template_affine_color_N_lerp
.

I ran mutool without ASAN, it got "Segmentation fault".

Comment 1 Robin Watts 2021-02-25 14:32:54 UTC

I cannot reproduce this, either with 1.18 or with current master.

If it still exhibits for you, please reopen with an exact SHA and details of what system you are running on.

Thanks.