Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1684867 - calling cmsGetColorSpace with NULL parameter
Summary: calling cmsGetColorSpace with NULL parameter
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: poppler
Version: 28
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Marek Kašík
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-03 11:13 UTC by Sami Farin
Modified: 2019-03-03 11:13 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Sami Farin 2019-03-03 11:13:42 UTC
Description of problem:
geeqie segfaulted when making preview of a PDF.

Thread 17 "pool" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff7effe700 (LWP 63281)]
0x00007fffdf7b46ae in cmsGetColorSpace (hProfile=0x0) at cmsio0.c:959
959	    return Icc -> ColorSpace;
(gdb) bt
#0  0x00007fffdf7b46ae in cmsGetColorSpace (hProfile=0x0) at cmsio0.c:959
#1  0x00007fffe92322f8 in GfxICCBasedColorSpace::parse(Array*, OutputDev*, GfxState*, int) (arr=0x7fff7004eb50, out=0x7fff70034a40, state=0x7fff7004e7d0, recursion=0) at /usr/src/redhat/BUILD/poppler-0.62.0/poppler/GfxState.cc:1969
#2  0x00007fffe922ba32 in GfxColorSpace::parse(GfxResources*, Object*, OutputDev*, GfxState*, int) (res=0x7fff70035bc0, csObj=0x7fff7effba70, out=0x7fff70034a40, state=0x7fff7004e7d0, recursion=0) at /usr/src/redhat/BUILD/poppler-0.62.0/poppler/GfxState.cc:373
#3  0x00007fffe920a076 in Gfx::opSetFillColorSpace(Object*, int) (this=0x7fff70037230, args=0x7fff7effbba0, numArgs=1)
    at /usr/src/redhat/BUILD/poppler-0.62.0/poppler/Gfx.cc:1509
#4  0x00007fffe9206968 in Gfx::execOp(Object*, Object*, int) (this=0x7fff70037230, cmd=0x7fff7effbdb0, args=0x7fff7effbba0, numArgs=1)
    at /usr/src/redhat/BUILD/poppler-0.62.0/poppler/Gfx.cc:873
#5  0x00007fffe9206294 in Gfx::go(bool) (this=0x7fff70037230, topLevel=true) at /usr/src/redhat/BUILD/poppler-0.62.0/poppler/Gfx.cc:737
#6  0x00007fffe9206077 in Gfx::display(Object*, bool) (this=0x7fff70037230, obj=0x7fff7effbed0, topLevel=true)
    at /usr/src/redhat/BUILD/poppler-0.62.0/poppler/Gfx.cc:699
#7  0x00007fffe926e508 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) (this=0x7fff700366e0, out=0x7fff70034a40, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, crop=true, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=
    0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at /usr/src/redhat/BUILD/poppler-0.62.0/poppler/Page.cc:560
#8  0x00007ffff10b5969 in _poppler_page_render(_PopplerPage*, _cairo*, bool, PopplerPrintFlags) () at /usr/lib64/libpoppler-glib.so.8
#9  0x0000555555640745 in image_loader_pdf_load ()
#10 0x000055555563a54c in image_loader_begin.part ()
#11 0x000055555563b128 in image_loader_thread_run ()
#12 0x00007ffff5b76a23 in g_thread_pool_thread_proxy (data=<optimized out>) at gthreadpool.c:307
#13 0x00007ffff5b7601a in g_thread_proxy (data=0x5555572ee140) at gthread.c:784
#14 0x00007ffff029a594 in start_thread (arg=<optimized out>) at pthread_create.c:463
#15 0x00007fffeffcdf4f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb) frame 1
#1  0x00007fffe92322f8 in GfxICCBasedColorSpace::parse (arr=0x7fff7004eb50, out=0x7fff70034a40, state=0x7fff7004e7d0, recursion=0)
    at /usr/src/redhat/BUILD/poppler-0.62.0/poppler/GfxState.cc:1969
1969	    unsigned int dNChannels = getCMSNChannels(cmsGetColorSpace(dhp));
(gdb) p hp
$1 = (cmsHPROFILE) 0x7fff7009a820
(gdb) p dhp
$2 = (cmsHPROFILE) 0x0
(gdb) list
1964	        GfxColorSpace::setupColorProfiles();
1965	      }
1966	      dhp = RGBProfile;
1967	    }
1968	    unsigned int cst = getCMSColorSpaceType(cmsGetColorSpace(hp));
1969	    unsigned int dNChannels = getCMSNChannels(cmsGetColorSpace(dhp));
1970	    unsigned int dcst = getCMSColorSpaceType(cmsGetColorSpace(dhp));
1971	    cmsHTRANSFORM transform;
1972	
1973	    int cmsIntent = INTENT_RELATIVE_COLORIMETRIC;
(gdb) 



Version-Release number of selected component (if applicable):
poppler 0.62.0-16

How reproducible:
100%

Steps to Reproduce:
1. load a funny pdf
2.
3.

Actual results:
segfault

Expected results:
maybe check dhp != NULL

Additional info:


Note You need to log in before you can comment on or make changes to this bug.