Bug 224341

Summary: corrupted jpeg stream in corrupted document crashes poppler
Product: [Applications] okular Reporter: Per (phobie) <kdebugs.phobie>
Component: PDF backendAssignee: Okular developers <okular-devel>
Status: RESOLVED UPSTREAM    
Severity: crash    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed In:

Description Per (phobie) 2010-01-26 16:46:41 UTC 
Application that crashed: okular
Version of the application: 0.9.4
KDE Version: 4.3.4 (KDE 4.3.4)
Qt Version: 4.5.3
Operating System: Linux 2.6.32-4.slh.2-sidux-amd64 x86_64
Distribution: Debian GNU/Linux unstable (sid)

What I was doing when the application crashed:
Save any picture as EPS with KolourPaint.
Start Dolphin and open that file with Okular.

1. KolourPaint creates invalid eps files.
2. Okular needs sanity checks in the eps-file parser.

'''
$ file *
test.eps:                PDF document, version 1.4
test_OOo.eps:      PNG image, 2266 x 383, 8-bit colormap, non-interlaced

$ LANG=C okular test.eps
undefined -21
Error: PDF file is damaged - attempting to reconstruct xref table...
Error (18773): Missing 'endstream'
KCrash: Application 'okular' crashing...
sock_file=/home/phobie/.kde/socket-keto/kdeinit4__0

[1]+  Stopped                 LANG=C okular test.eps
'''


 -- Backtrace:
Application: Okular (okular), signal: Segmentation fault
The current source language is "auto; currently c".
[Current thread is 1 (Thread 0x7f4edaeb8750 (LWP 6866))]

Thread 3 (Thread 0x7f4ec872d910 (LWP 6867)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00007f4ed94be499 in QWaitConditionPrivate::wait (this=0x27dd6c8, mutex=0x27dd6c0, time=18446744073709551615) at thread/qwaitcondition_unix.cpp:87
#2  QWaitCondition::wait (this=0x27dd6c8, mutex=0x27dd6c0, time=18446744073709551615) at thread/qwaitcondition_unix.cpp:159
#3  0x00007f4ed94ba340 in QSemaphore::acquire (this=0x27c6530, n=1) at thread/qsemaphore.cpp:143
#4  0x00007f4ecc06604f in GSRendererThread::run (this=0x27c6520) at ../../../../okular/generators/spectre/rendererthread.cpp:50
#5  0x00007f4ed94bd4a5 in QThreadPrivate::start (arg=0x27c6520) at thread/qthread_unix.cpp:188
#6  0x00007f4ed4bc273a in start_thread (arg=<value optimized out>) at pthread_create.c:300
#7  0x00007f4ed82ab6dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#8  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f4ec6ee0910 (LWP 6868)):
[KCrash Handler]
#5  0x0000000000000000 in ?? ()
#6  0x00007f4ecb45902e in ?? () from /usr/lib/libgs.so.8
#7  0x00007f4ecaedd2d8 in jinit_memory_mgr () from /usr/lib/libjpeg.so.62
#8  0x00007f4ecaecf37d in jpeg_CreateDecompress () from /usr/lib/libjpeg.so.62
#9  0x00007f4ec7196255 in DCTStream::init() () from /usr/lib/libpoppler.so.5
#10 0x00007f4ec71964b3 in DCTStream::DCTStream(Stream*, int) () from /usr/lib/libpoppler.so.5
#11 0x00007f4ec7220b47 in Stream::makeFilter(char*, Stream*, Object*) () from /usr/lib/libpoppler.so.5
#12 0x00007f4ec72212dc in Stream::addFilters(Object*) () from /usr/lib/libpoppler.so.5
#13 0x00007f4ec72164f2 in Parser::makeStream(Object*, unsigned char*, CryptAlgorithm, int, int, int) () from /usr/lib/libpoppler.so.5
#14 0x00007f4ec72167d2 in Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) () from /usr/lib/libpoppler.so.5
#15 0x00007f4ec7225f13 in XRef::fetch(int, int, Object*) () from /usr/lib/libpoppler.so.5
#16 0x00007f4ec71d5126 in GfxResources::lookupXObject(char*, Object*) () from /usr/lib/libpoppler.so.5
#17 0x00007f4ec71d8d73 in Gfx::opXObject(Object*, int) () from /usr/lib/libpoppler.so.5
#18 0x00007f4ec71c874f in Gfx::go(int) () from /usr/lib/libpoppler.so.5
#19 0x00007f4ec71cc894 in Gfx::display(Object*, int) () from /usr/lib/libpoppler.so.5
#20 0x00007f4ec7213c70 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int (*)(Annot*, void*), void*) ()
   from /usr/lib/libpoppler.so.5
#21 0x00007f4ec7abd04b in Poppler::Page::renderToImage(double, double, int, int, int, int, Poppler::Page::Rotation) const () from /usr/lib/libpoppler-qt4.so.3
#22 0x00007f4ec7d20765 in PDFPixmapGeneratorThread::run (this=0x27c5db0) at ../../../../okular/generators/poppler/generator_pdf.cpp:1700
#23 0x00007f4ed94bd4a5 in QThreadPrivate::start (arg=0x27c5db0) at thread/qthread_unix.cpp:188
#24 0x00007f4ed4bc273a in start_thread (arg=<value optimized out>) at pthread_create.c:300
#25 0x00007f4ed82ab6dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#26 0x0000000000000000 in ?? ()
The current source language is "auto; currently asm".

Thread 1 (Thread 0x7f4edaeb8750 (LWP 6866)):
#0  0x00007f4ed82a0783 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007f4ed34c590a in _xcb_conn_wait (c=0x239cdb0, cond=<value optimized out>, vector=0x7ffff57ee160, count=0x7ffff57ee15c) at ../../src/xcb_conn.c:306
#2  0x00007f4ed34c5ed9 in _xcb_out_send (c=0x239cdb0, vector=0x7ffff57ee160, count=0x7ffff57ee15c) at ../../src/xcb_out.c:338
#3  0x00007f4ed34c6185 in xcb_writev (c=0x239cdb0, vector=0x7ffff57ee1b0, count=3, requests=501) at ../../src/xcb_out.c:286
#4  0x00007f4ed726f38a in _XSend () from /usr/lib/libX11.so.6
#5  0x00007f4ed726f8d5 in _XFlush () from /usr/lib/libX11.so.6
#6  0x00007f4ed6a06260 in XRenderComposite () from /usr/lib/libXrender.so.1
#7  0x00007f4ed8bd0fdd in QX11PaintEngine::drawTiledPixmap (this=<value optimized out>, r=<value optimized out>, pixmap=..., p=<value optimized out>) at painting/qpaintengine_x11.cpp:2155
#8  0x00007f4ed8b3e741 in QPainter::drawTiledPixmap (this=0x7ffff57ee590, r=..., pixmap=..., sp=...) at painting/qpainter.cpp:6381
#9  0x00007f4ed0b95a30 in QPainter::drawTiledPixmap (this=<value optimized out>, s=<value optimized out>, pix=<value optimized out>, w=32, h=7, region=<value optimized out>)
    at /usr/include/qt4/QtGui/qpainter.h:794
#10 TileSet::initPixmap (this=<value optimized out>, s=<value optimized out>, pix=<value optimized out>, w=32, h=7, region=<value optimized out>) at ../../../kstyles/oxygen/lib/tileset.cpp:31
#11 0x00007f4ed0b965ec in TileSet (this=0x283a0c0, pix=..., w1=<value optimized out>, h1=<value optimized out>, w2=32, h2=32) at ../../../kstyles/oxygen/lib/tileset.cpp:56
#12 0x00007f4ed0ba0d06 in OxygenStyleHelper::scrollHole (this=0x2413c30, color=<value optimized out>, orientation=<value optimized out>) at ../../../kstyles/oxygen/helper.cpp:790
#13 0x00007f4ed0ba60e8 in OxygenStyle::renderScrollBarHole (this=<value optimized out>, p=0x7ffff57f2a80, r=..., color=..., orientation=0, tiles=) at ../../../kstyles/oxygen/oxygen.cpp:2465
#14 0x00007f4ed0bb1a26 in OxygenStyle::drawKStylePrimitive (this=0x2406060, widgetType=<value optimized out>, primitive=1, opt=0x7ffff57f1cf0, r=..., pal=<value optimized out>, flags=..., 
    p=0x7ffff57f2a80, widget=0x26aaaa0, kOpt=0x0) at ../../../kstyles/oxygen/oxygen.cpp:974
#15 0x00007f4eda1d0e24 in KStyle::drawControl (this=0x2406060, element=QStyle::CE_ScrollBarSubLine, option=0x7ffff57f1cf0, p=<value optimized out>, widget=0x26aaaa0)
    at ../../kdeui/kernel/kstyle.cpp:2154
#16 0x00007f4ed0ba6843 in OxygenStyle::drawControl (this=0x2406060, element=QStyle::CE_PushButtonBevel, option=0x7ffff57f1cf0, p=0x7ffff57f2a80, widget=0x0) at ../../../kstyles/oxygen/oxygen.cpp:400
#17 0x00007f4ed8ce813c in QCommonStyle::drawComplexControl (this=0x2406060, cc=<value optimized out>, opt=0x7ffff57f2a00, p=0x7ffff57f2a80, widget=0x26aaaa0) at styles/qcommonstyle.cpp:3386
#18 0x00007f4eda1cb38e in KStyle::drawComplexControl (this=0x2406060, cc=QStyle::CC_ScrollBar, opt=0x7ffff57f2a00, p=<value optimized out>, w=0x26aaaa0) at ../../kdeui/kernel/kstyle.cpp:3562
#19 0x00007f4ed0ba663e in OxygenStyle::drawComplexControl (this=0x2406060, control=QStyle::CC_ComboBox, option=0xffffffffffffffff, painter=0x7ffff57f2a80, widget=0x0)
    at ../../../kstyles/oxygen/oxygen.cpp:306
#20 0x00007f4ed8e295fa in QScrollBar::paintEvent (this=0x26aaaa0) at widgets/qscrollbar.cpp:541
#21 0x00007f4ed8a6c196 in QWidget::event (this=0x26aaaa0, event=0x7ffff57f3110) at kernel/qwidget.cpp:7692
#22 0x00007f4ed8a1c01d in QApplicationPrivate::notify_helper (this=0x23913e0, receiver=0x26aaaa0, e=0x7ffff57f3110) at kernel/qapplication.cpp:4065
#23 0x00007f4ed8a2407a in QApplication::notify (this=0x7ffff57f5490, receiver=0x26aaaa0, e=0x7ffff57f3110) at kernel/qapplication.cpp:4030
#24 0x00007f4eda1bde06 in KApplication::notify (this=0x7ffff57f5490, receiver=0x26aaaa0, event=0x7ffff57f3110) at ../../kdeui/kernel/kapplication.cpp:302
#25 0x00007f4ed95a2c9c in QCoreApplication::notifyInternal (this=0x7ffff57f5490, receiver=0x26aaaa0, event=0x7ffff57f3110) at kernel/qcoreapplication.cpp:610
#26 0x00007f4ed8a731be in QWidgetPrivate::drawWidget (this=0x26b1970, pdev=0x2454648, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0) at kernel/qwidget.cpp:5084
#27 0x00007f4ed8a73907 in QWidgetPrivate::paintSiblingsRecursive (this=0x26ae950, pdev=0x2454648, siblings=..., index=0, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0)
    at kernel/qwidget.cpp:5194
#28 0x00007f4ed8a72e37 in QWidgetPrivate::drawWidget (this=0x26ae950, pdev=0x2454648, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0) at kernel/qwidget.cpp:5133
#29 0x00007f4ed8a73907 in QWidgetPrivate::paintSiblingsRecursive (this=0x26af7f0, pdev=0x2454648, siblings=..., index=50, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0)
    at kernel/qwidget.cpp:5194
#30 0x00007f4ed8a73816 in QWidgetPrivate::paintSiblingsRecursive (this=0x26af7f0, pdev=0x2454648, siblings=..., index=51, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0)
    at kernel/qwidget.cpp:5185
#31 0x00007f4ed8a72e37 in QWidgetPrivate::drawWidget (this=0x26af7f0, pdev=0x2454648, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0) at kernel/qwidget.cpp:5133
#32 0x00007f4ed8a73907 in QWidgetPrivate::paintSiblingsRecursive (this=0x269da40, pdev=0x2454648, siblings=..., index=3, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0)
    at kernel/qwidget.cpp:5194
#33 0x00007f4ed8a72e37 in QWidgetPrivate::drawWidget (this=0x269da40, pdev=0x2454648, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0) at kernel/qwidget.cpp:5133
#34 0x00007f4ed8a73907 in QWidgetPrivate::paintSiblingsRecursive (this=0x24d8970, pdev=0x2454648, siblings=..., index=0, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0)
    at kernel/qwidget.cpp:5194
#35 0x00007f4ed8a72e37 in QWidgetPrivate::drawWidget (this=0x24d8970, pdev=0x2454648, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0) at kernel/qwidget.cpp:5133
#36 0x00007f4ed8a73907 in QWidgetPrivate::paintSiblingsRecursive (this=0x24aa370, pdev=0x2454648, siblings=..., index=2, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0)
    at kernel/qwidget.cpp:5194
#37 0x00007f4ed8a72e37 in QWidgetPrivate::drawWidget (this=0x24aa370, pdev=0x2454648, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0) at kernel/qwidget.cpp:5133
#38 0x00007f4ed8a73907 in QWidgetPrivate::paintSiblingsRecursive (this=0x2482450, pdev=0x2454648, siblings=..., index=6, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0)
    at kernel/qwidget.cpp:5194
#39 0x00007f4ed8a72e37 in QWidgetPrivate::drawWidget (this=0x2482450, pdev=0x2454648, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x24543d0) at kernel/qwidget.cpp:5133
#40 0x00007f4ed8be8ed5 in QWidgetBackingStore::sync (this=0x24543d0) at painting/qbackingstore.cpp:1272
#41 0x00007f4ed8a65220 in QWidgetPrivate::syncBackingStore (this=0x2482450) at kernel/qwidget.cpp:1603
#42 0x00007f4ed8a6c031 in QWidget::event (this=0x248e190, event=0x28120e0) at kernel/qwidget.cpp:7832
#43 0x00007f4ed8deed2b in QMainWindow::event (this=0x248e190, event=0x28120e0) at widgets/qmainwindow.cpp:1399
#44 0x00007f4eda2c8543 in KXmlGuiWindow::event (this=0x7ffff57ee0d0, ev=0x1) at ../../kdeui/xmlgui/kxmlguiwindow.cpp:131
#45 0x00007f4ed8a1c01d in QApplicationPrivate::notify_helper (this=0x23913e0, receiver=0x248e190, e=0x28120e0) at kernel/qapplication.cpp:4065
#46 0x00007f4ed8a2407a in QApplication::notify (this=0x7ffff57f5490, receiver=0x248e190, e=0x28120e0) at kernel/qapplication.cpp:4030
#47 0x00007f4eda1bde06 in KApplication::notify (this=0x7ffff57f5490, receiver=0x248e190, event=0x28120e0) at ../../kdeui/kernel/kapplication.cpp:302
#48 0x00007f4ed95a2c9c in QCoreApplication::notifyInternal (this=0x7ffff57f5490, receiver=0x248e190, event=0x28120e0) at kernel/qcoreapplication.cpp:610
#49 0x00007f4ed95a38e4 in QCoreApplication::sendEvent (receiver=0x0, event_type=0, data=0x2378950) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213
#50 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x2378950) at kernel/qcoreapplication.cpp:1247
#51 0x00007f4ed95cb7d3 in QCoreApplication::sendPostedEvents (s=<value optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#52 postEventSourceDispatch (s=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:276
#53 0x00007f4ed4e1390e in g_main_dispatch (context=0x2393df0) at /tmp/buildd/glib2.0-2.22.4/glib/gmain.c:1960
#54 IA__g_main_context_dispatch (context=0x2393df0) at /tmp/buildd/glib2.0-2.22.4/glib/gmain.c:2513
#55 0x00007f4ed4e172c8 in g_main_context_iterate (context=0x2393df0, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>)
    at /tmp/buildd/glib2.0-2.22.4/glib/gmain.c:2591
#56 0x00007f4ed4e173f0 in IA__g_main_context_iteration (context=0x2393df0, may_block=1) at /tmp/buildd/glib2.0-2.22.4/glib/gmain.c:2654
#57 0x00007f4ed95cb39c in QEventDispatcherGlib::processEvents (this=0x2378160, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:407
#58 0x00007f4ed8ab2f1f in QGuiEventDispatcherGlib::processEvents (this=0x7ffff57ee0d0, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#59 0x00007f4ed95a1562 in QEventLoop::processEvents (this=<value optimized out>, flags=...) at kernel/qeventloop.cpp:149
#60 0x00007f4ed95a1934 in QEventLoop::exec (this=0x7ffff57f53e0, flags=...) at kernel/qeventloop.cpp:201
#61 0x00007f4ed95a3ba4 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#62 0x000000000040891c in main (argc=<value optimized out>, argv=<value optimized out>) at ../../../okular/shell/main.cpp:81
The current source language is "auto; currently c".

Reported using DrKonqi
Comment 1 Pino Toscano 2010-01-26 17:14:20 UTC 
Hi,

> 1. KolourPaint creates invalid eps files.

Looks like the KDE EPS image exporting filter produces a PDF and not an EPS...
(will be handled separately)

> 2. Okular needs sanity checks in the eps-file parser.

No, this is the Poppler library crashing.
Basically, the document is detected as PDF (as it is), but as it is corrupted then Poppler (the library used by Okular for reading and rendering PDF documents) crashes.
You should please report the issue in the Poppler bug tracking system, at https://bugs.freedesktop.org, "poppler" product, "general" component. Please don't forget to attach your test.eps, renaming it as test.pdf (as it is).

Thanks for your report.
Comment 2 Per (phobie) 2010-01-28 20:44:01 UTC 
I reported the bug here:
https://bugs.freedesktop.org/show_bug.cgi?id=26280