[cairo-bugs] [Bug 100056] New: pdftocairo crashes on converting big images in PDFs

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Mar 3 19:58:03 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=100056

            Bug ID: 100056
           Summary: pdftocairo crashes on converting big images in PDFs
           Product: cairo
           Version: unspecified
          Hardware: Other
                OS: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: chris at chris-wilson.co.uk
          Reporter: korobkin+lpad at gmail.com
        QA Contact: cairo-bugs at cairographics.org

Created attachment 130054
  --> https://bugs.freedesktop.org/attachment.cgi?id=130054&action=edit
onepager.pdf

When converting the PDFs that contain just a single image (large grayscale
image, seems like a scan), pdftocairo segfaults. 
Tested on Ubuntu 14.04 x64, 
cairo 1.14.8
poppler 0.49.0

$ /usr/bin/pdftocairo -ps -level3 onepager.pdf out.ps
Segmentation fault

Yes, the file contains large image inside: PNG image data, 19833 x 28067,
8-bit/color RGBA, non-interlaced, but pdftops converts the file instantly. 

Here is the output from gdb:

(gdb) file /usr/bin/pdftocairo
Reading symbols from /usr/bin/pdftocairo...Reading symbols from
/usr/lib/debug/.build-id/06/b55d5ad8a0410ac56bafe79e17dca8d917b612.debug...done.
Unable to determine compiler version.
done.
(gdb) set args -ps -level3 onepager.pdf out.ps
(gdb) run
Starting program: /usr/bin/pdftocairo -ps -level3 onepager.pdf out.ps
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6575034 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007ffff6575034 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff736b594 in _cairo_image_surface_snapshot
(abstract_surface=0x5555557b9a40) at
/tmp/build-debs.brV892/build/src/cairo-image-surface.c:792
#2  0x00007ffff73c0516 in _cairo_surface_snapshot_copy_on_write
(surface=0x5555557ba390) at
/tmp/build-debs.brV892/build/src/cairo-surface-snapshot.c:189
#3  0x00007ffff73b62ef in _cairo_surface_detach_snapshot
(snapshot=0x5555557ba390) at
/tmp/build-debs.brV892/build/src/cairo-surface.c:348
#4  0x00007ffff73b625d in _cairo_surface_detach_snapshots
(surface=0x5555557b9a40) at
/tmp/build-debs.brV892/build/src/cairo-surface.c:333
#5  0x00007ffff73b7d29 in _cairo_surface_flush (surface=0x5555557b9a40,
flags=0) at /tmp/build-debs.brV892/build/src/cairo-surface.c:1545
#6  0x00007ffff73b7481 in _cairo_surface_finish_snapshots
(surface=0x5555557b9a40) at
/tmp/build-debs.brV892/build/src/cairo-surface.c:1017
#7  0x00007ffff73b72f1 in INT_cairo_surface_destroy (surface=0x5555557b9a40) at
/tmp/build-debs.brV892/build/src/cairo-surface.c:961
#8  0x00007ffff738f51c in _cairo_pattern_fini (pattern=0x5555557b98a0) at
/tmp/build-debs.brV892/build/src/cairo-pattern.c:443
#9  0x00007ffff738feea in INT_cairo_pattern_destroy (pattern=0x5555557b98a0) at
/tmp/build-debs.brV892/build/src/cairo-pattern.c:1131
#10 0x000055555556950a in CairoOutputDev::drawImage (this=<optimized out>,
state=0x5555557bcd70, ref=0x7fffffffd960, str=0x5555557bb9a0, widthA=<optimized
out>, 
    heightA=<optimized out>, colorMap=0x5555558012b0, interpolate=false,
maskColors=0x0, inlineImg=false) at CairoOutputDev.cc:3265
#11 0x00007ffff7a618cd in Gfx::doImage (this=this at entry=0x5555557af5a0,
ref=ref at entry=0x7fffffffd960, str=0x5555557bb9a0,
inlineImg=inlineImg at entry=false) at Gfx.cc:4709
#12 0x00007ffff7a62ed9 in Gfx::opXObject (this=0x5555557af5a0, args=<optimized
out>, numArgs=<optimized out>) at Gfx.cc:4208
#13 0x00007ffff7a5cd79 in Gfx::go (this=this at entry=0x5555557af5a0,
topLevel=topLevel at entry=true) at Gfx.cc:763
#14 0x00007ffff7a5d18d in Gfx::display (this=this at entry=0x5555557af5a0,
obj=obj at entry=0x7fffffffdd40, topLevel=topLevel at entry=true) at Gfx.cc:729
#15 0x00007ffff7aa5128 in Page::displaySlice (this=0x5555557a93e0,
out=0x5555557a9d70, hDPI=72, vDPI=72, rotate=<optimized out>,
useMediaBox=<optimized out>, 
    crop=<optimized out>, sliceX=<optimized out>, sliceY=-1, sliceW=-1,
sliceH=-1, printing=true, abortCheckCbk=0x0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0x0, 
    annotDisplayDecideCbkData=0x0, copyXRef=false) at Page.cc:601
#16 0x000055555555fb61 in renderPage (output_h=842, output_w=595,
page_h=<optimized out>, page_w=<optimized out>, pg=1, cairoOut=0x5555557a9d70,
doc=0x5555557b0050)
    at pdftocairo.cc:673
#17 main (argc=3, argv=<optimized out>) at pdftocairo.cc:1197
(gdb)

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20170303/3d59734d/attachment.html>

More information about the cairo-bugs mailing list