[Poppler-bugs] [Bug 102536] New: memory leak on some input PDFs in JPX code

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Sep 4 08:37:39 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=102536

            Bug ID: 102536
           Summary: memory leak on some input PDFs in JPX code
           Product: poppler
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: poppler-bugs at lists.freedesktop.org
          Reporter: hanno at hboeck.de

Check this PDF:
https://github.com/mozilla/pdf.js/blob/master/test/pdfs/issue5567.pdf

Alternative PDF, triggering same bug:
http://web.archive.org/web/20160509072707/http://www.oranjewoudnv.nl/sites/default/files/Oranjewoud%20NV%20-%20%20besluiten%20aandeelhoudersvergadering%2011%20juni%202014.pdf

It will cause memory leaks in poppler, looks like it's calling openjpeg and not
properly cleaning up allocations.
To detect this I compiled poppler with address sanitizer:
./configure CC=clang CFLAGS="-fsanitize=address -g"
CXXFLAGS="-fsanitize=address -g" LDFLAGS="-fsanitize=address -g"
--enable-build-type=debugfull

And then used pdftoppm on the file.

To get a more detailed error message from asan I set
ASAN_OPTIONS="fast_unwind_on_malloc=0"

ASAN output:
==14313==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 120 byte(s) in 1 object(s) allocated from:
    #0 0x7fe2928008e0 in calloc
(/usr/lib/gcc/x86_64-pc-linux-gnu/6.4.0/libasan.so.3+0xc78e0)
    #1 0x7fe28ed368c8 in opj_stream_create (/usr/lib64/libopenjp2.so.7+0x88c8)
    #2 0x7fe292015a62 in JPXStreamPrivate::init2(CODEC_FORMAT, unsigned char*,
int, bool) /mnt/ram/poppler-0.57.0/poppler/JPEG2000Stream.cc:441
    #3 0x7fe2920149a7 in JPXStream::init()
/mnt/ram/poppler-0.57.0/poppler/JPEG2000Stream.cc:388
    #4 0x7fe292013bc0 in JPXStream::getImageParams(int*, StreamColorSpaceMode*)
/mnt/ram/poppler-0.57.0/poppler/JPEG2000Stream.cc:160
    #5 0x7fe2920d80b9 in Gfx::doImage(Object*, Stream*, bool)
/mnt/ram/poppler-0.57.0/poppler/Gfx.cc:4281
    #6 0x7fe2920d7752 in Gfx::opXObject(Object*, int)
/mnt/ram/poppler-0.57.0/poppler/Gfx.cc:4213
    #7 0x7fe2920b1ed6 in Gfx::execOp(Object*, Object*, int)
/mnt/ram/poppler-0.57.0/poppler/Gfx.cc:909
    #8 0x7fe2920b0fa0 in Gfx::go(bool)
/mnt/ram/poppler-0.57.0/poppler/Gfx.cc:767
    #9 0x7fe2920b0ab0 in Gfx::display(Object*, bool)
/mnt/ram/poppler-0.57.0/poppler/Gfx.cc:729
    #10 0x7fe292193ebb in Page::displaySlice(OutputDev*, double, double, int,
bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*,
void*), void*, bool) /mnt/ram/poppler-0.57.0/poppler/Page.cc:601
    #11 0x7fe29219bb90 in PDFDoc::displayPageSlice(OutputDev*, int, double,
double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool
(*)(Annot*, void*), void*, bool) /mnt/ram/poppler-0.57.0/poppler/PDFDoc.cc:528
    #12 0x556730076845 in savePageSlice
/mnt/ram/poppler-0.57.0/utils/pdftoppm.cc:225
    #13 0x556730077b18 in main /mnt/ram/poppler-0.57.0/utils/pdftoppm.cc:532
    #14 0x7fe291166520 in __libc_start_main (/lib64/libc.so.6+0x20520)
    #15 0x5567300765f9 in _start
(/mnt/ram/poppler-0.57.0/utils/.libs/pdftoppm+0x55f9)

Indirect leak of 1048576 byte(s) in 1 object(s) allocated from:
    #0 0x7fe292800720 in malloc
(/usr/lib/gcc/x86_64-pc-linux-gnu/6.4.0/libasan.so.3+0xc7720)
    #1 0x7fe28ed368e0 in opj_stream_create (/usr/lib64/libopenjp2.so.7+0x88e0)
    #2 0x7fe292015a62 in JPXStreamPrivate::init2(CODEC_FORMAT, unsigned char*,
int, bool) /mnt/ram/poppler-0.57.0/poppler/JPEG2000Stream.cc:441
    #3 0x7fe2920149a7 in JPXStream::init()
/mnt/ram/poppler-0.57.0/poppler/JPEG2000Stream.cc:388
    #4 0x7fe292013bc0 in JPXStream::getImageParams(int*, StreamColorSpaceMode*)
/mnt/ram/poppler-0.57.0/poppler/JPEG2000Stream.cc:160
    #5 0x7fe2920d80b9 in Gfx::doImage(Object*, Stream*, bool)
/mnt/ram/poppler-0.57.0/poppler/Gfx.cc:4281
    #6 0x7fe2920d7752 in Gfx::opXObject(Object*, int)
/mnt/ram/poppler-0.57.0/poppler/Gfx.cc:4213
    #7 0x7fe2920b1ed6 in Gfx::execOp(Object*, Object*, int)
/mnt/ram/poppler-0.57.0/poppler/Gfx.cc:909
    #8 0x7fe2920b0fa0 in Gfx::go(bool)
/mnt/ram/poppler-0.57.0/poppler/Gfx.cc:767
    #9 0x7fe2920b0ab0 in Gfx::display(Object*, bool)
/mnt/ram/poppler-0.57.0/poppler/Gfx.cc:729
    #10 0x7fe292193ebb in Page::displaySlice(OutputDev*, double, double, int,
bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*,
void*), void*, bool) /mnt/ram/poppler-0.57.0/poppler/Page.cc:601
    #11 0x7fe29219bb90 in PDFDoc::displayPageSlice(OutputDev*, int, double,
double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool
(*)(Annot*, void*), void*, bool) /mnt/ram/poppler-0.57.0/poppler/PDFDoc.cc:528
    #12 0x556730076845 in savePageSlice
/mnt/ram/poppler-0.57.0/utils/pdftoppm.cc:225
    #13 0x556730077b18 in main /mnt/ram/poppler-0.57.0/utils/pdftoppm.cc:532
    #14 0x7fe291166520 in __libc_start_main (/lib64/libc.so.6+0x20520)
    #15 0x5567300765f9 in _start
(/mnt/ram/poppler-0.57.0/utils/.libs/pdftoppm+0x55f9)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170904/e571bfd8/attachment.html>

More information about the Poppler-bugs mailing list