From: Michal H. <ms...@gm...> - 2007-11-11 16:25:03
|
On Sun, Nov 11, 2007 at 04:37:58PM +0100, Michal Hocko wrote: > On Fri, Nov 09, 2007 at 04:23:44PM +0100, Michal Hocko wrote: > > Hi. > > While I was trying to patch recent xpdf vulnerability I have noticed > > that we have overseen the new xpdf version (3.02 released at > > 2007-02-27! - see http://www.foolabs.com/xpdf/download.html). I thoug= ht > > that foolabs doesn't work on xpdf anymore and maintenance is done by > > community which uses xpdf code. > >=20 > > Therefore I propose to merge latest version into our tree. > > We can stick with 3.01 too, but there are some non trivial bugs insid= e > > and it is hard to patch them from the 3.02 based patches. > >=20 > > I can do it, but it seem, that it will take some time and it could > > result in some troubles (based on our changes). What do you think abo= ut > > > I have uploaded 3.02 version into the tree. There we tons of changes > (many of them conflicting with our changes). Original tree (also with g= ui, > kernel, utils and kde-3...) was tagged with XPDF_3_01-PDFedit_patches > name. >=20 > Code is compilable, but there are some SEGV (I am working on it). When > it is fixed I will tag whole tree with XPDF_3_02-PDFedit_patches name. Problem occurs when arbitrary document is open. Bt is as follows: (gdb) bt #0 0x08332f19 in GlobalParams::getVectorAntialias (this=3D0x0) at GlobalParams.cc:2354 #1 0x08350547 in SplashOutputDev (this=3D0xbfa1c3a0, colorModeA=3DsplashModeBGR8, bitmapRowPadA=3D1, reverseVideoA=3D0, paperColorA=3D0xbfa1c4b1 "\037a\b=FF=FF=FF=FF=C8=C4=A1=BF\030=F4\a\b\030\037a\b\030\037a\b=D8=C4=A1= =BF\212\215\n\bP=C5=A1=BF=B0=BFp\bx=C5=A1=BF#\034\022\b(\003R\bL=C5=A1=BF= ", bitmapTopDownA=3D1, allowAntialiasA=3D1) at SplashOutputDev.cc:590 #2 0x08304a1d in QOutputDev (this=3D0xbfa1c3a0, paperColor=3D0xbfa1c4b1 "\037a\b=FF=FF=FF=FF=C8=C4=A1=BF\030=F4\a\b\030\037a\b\030\037a\b=D8=C4=A1= =BF\212\215\n\bP=C5=A1=BF=B0=BFp\bx=C5=A1=BF#\034\022\b(\003R\bL=C5=A1=BF= ") at QOutputDev.cpp:32 #3 0x083043ed in QOutputDevPixmap (this=3D0xbfa1c3a0, paperColor=3D0xbfa1c4b1 "\037a\b=FF=FF=FF=FF=C8=C4=A1=BF\030=F4\a\b\030\037a\b\030\037a\b=D8=C4=A1= =BF\212\215\n\bP=C5=A1=BF=B0=BFp\bx=C5=A1=BF#\034\022\b(\003R\bL=C5=A1=BF= ") at QOutputDevPixmap.cpp:40 #4 0x081278c1 in gui::PageViewS::showPage (this=3D0x8520328, page=3D@0xbfa1c54c) at pageviewS.cc:157 #5 0x08121c23 in gui::PageSpace::refresh (this=3D0x851b920, pageToView=3D0xbfa1c5a0, pdf=3D0x85935a0) at pagespace.cc:268 #6 0x0812228b in gui::PageSpace::refresh (this=3D0x851b920, pageToView=3D= 1, pdf=3D0x85935a0) at pagespace.cc:222 #7 0x08122a98 in gui::PageSpace::refresh (this=3D0x851b920, pageToView=3D= 0, pdf=3D0x85935a0) at pagespace.cc:196 #8 0x08198c95 in gui::PageSpace::qt_invoke (this=3D0x851b920, _id=3D66, _o=3D0x870a734) at .moc/moc_pagespace.cpp:743 #9 0x08272e51 in executeSlot (env=3D0x858c780, qobj=3D0x851b920, mds=3D@0xbfa1c918) at ../kernel/quickobjects.cpp:486 #10 0x08273c45 in QSWrapperClass::invoke (this=3D0x8598a00, objPtr=3D0xbfa1ca24, mem=3D@0xbfa1ca10) at ../kernel/quickobjects.cpp:100= 3 #11 0x0829a116 in QSObject::invoke (this=3D0xbfa1ca24, mem=3D@0xbfa1ca10, args=3D@0x8618a40) at ../engine/qsobject.cpp:418 #12 0x082f8a7e in QSFunctionCallNode::rhs (this=3D0x86988f8, env=3D0x858c780) at ../engine/qsnodes.cpp:623 #13 0x082fb955 in QSExprStatementNode::execute (this=3D0x8695978, env=3D0x858c780) at ../engine/qsnodes.cpp:1265 #14 0x082efe62 in QSSourceElementNode::execute (this=3D0x8695a68, env=3D0x858c780) at ../engine/qsnodes.cpp:1739 #15 0x082f460a in QSSourceElementsNode::execute (this=3D0x8694c30, env=3D0x858c780) at ../engine/qsnodes.cpp:1712 #16 0x082f4638 in QSSourceElementsNode::execute (this=3D0x86945d8, env=3D0x858c780) at ../engine/qsnodes.cpp:1714 #17 0x082f4f19 in QSFunctionBodyNode::execute (this=3D0x8693ce8, env=3D0x858c780) at ../engine/qsnodes.cpp:1641 #18 0x0828fd21 in QSClass::invoke (this=3D0x8597b00, objPtr=3D0xbfa1ce04, mem=3D@0xbfa1cdf0) at ../engine/qsclass.cpp:525 #19 0x082906e6 in QSWritableClass::invoke (this=3D0x8597b00, objPtr=3D0xbfa1ce04, mem=3D@0xbfa1cdf0) at ../engine/qsclass.cpp:1248 #20 0x08273b21 in QSWrapperClass::invoke (this=3D0x8597b00, objPtr=3D0xbfa1ce04, mem=3D@0xbfa1cdf0) at ../kernel/quickobjects.cpp:993 #21 0x0829a116 in QSObject::invoke (this=3D0xbfa1ce04, mem=3D@0xbfa1cdf0, args=3D@0x85cac90) at ../engine/qsobject.cpp:418 #22 0x082f8a7e in QSFunctionCallNode::rhs (this=3D0x85d6c48, env=3D0x858c780) at ../engine/qsnodes.cpp:623 #23 0x082fb955 in QSExprStatementNode::execute (this=3D0x8614c30, env=3D0x858c780) at ../engine/qsnodes.cpp:1265 #24 0x082efe62 in QSSourceElementNode::execute (this=3D0x85cc108, env=3D0x858c780) at ../engine/qsnodes.cpp:1739 #25 0x082f460a in QSSourceElementsNode::execute (this=3D0x8649a80, env=3D0x858c780) at ../engine/qsnodes.cpp:1712 #26 0x082f4f19 in QSFunctionBodyNode::execute (this=3D0x86e6150, env=3D0x858c780) at ../engine/qsnodes.cpp:1641 #27 0x0829d518 in QSEngineImp::evaluate (this=3D0x858c510, code=3D@0xbfa1d09c, thisV=3D0xbfa1d08c, onlyCheckSyntax=3Dfalse, checkMod= e=3D0, lineZero=3D0) at ../engine/qsinternal.cpp:329 #28 0x0829827e in QSEngine::evaluate (this=3D0x858c478, thisV=3D@0xbfa1d0= 8c, code=3D@0xbfa1d09c, linezero=3D0) at ../engine/qsengine.cpp:81 #29 0x0826045a in QuickInterpreter::execute (this=3D0x858c478, obj=3D0x858c250, c=3D@0xbfa1d168, name=3D@0xbfa1d194) at ../kernel/quickinterpreter.cpp:604 #30 0x08242c9e in QSInterpreter::evaluate (this=3D0x858c328, code=3D@0xbfa1d168, context=3D0x858c250, scriptName=3D@0xbfa1d194) at qsinterpreter.cpp:537 #31 0x081792bd in gui::BaseCore::call (this=3D0x858c250, name=3D@0xbfa1d2= 44, arguments=3D@0xbfa1d240) at basecore.cc:155 #32 0x08116051 in gui::PdfEditWindow::openFile (this=3D0x85182b8, name=3D@0x85c9260) at pdfeditwindow.cc:837 #33 0x0817b7b6 in gui::BaseGUI::openFile (this=3D0x858c250, name=3D@0x85c9260) at basegui.cc:554 #34 0x081a35fe in gui::BaseGUI::qt_invoke (this=3D0x858c250, _id=3D82, _o=3D0xbfa1d3b4) at .moc/moc_basegui.cpp:524 #35 0x082724b0 in qsa_execute_slot_no_cast (env=3D0x858c780, qobj=3D0x858c250, mds=3D@0xbfa1d6b8, matched=3D0xbfa1d61b) at ../kernel/quickobjects.cpp:376 #36 0x08272653 in executeSlot (env=3D0x858c780, qobj=3D0x858c250, mds=3D@0xbfa1d6b8) at ../kernel/quickobjects.cpp:402 #37 0x08273c45 in QSWrapperClass::invoke (this=3D0x8597b00, objPtr=3D0xbfa1d7c4, mem=3D@0xbfa1d7b0) at ../kernel/quickobjects.cpp:100= 3 #38 0x0829a116 in QSObject::invoke (this=3D0xbfa1d7c4, mem=3D@0xbfa1d7b0, args=3D@0x8630c88) at ../engine/qsobject.cpp:418 #39 0x082f8a7e in QSFunctionCallNode::rhs (this=3D0x870d1b8, env=3D0x858c780) at ../engine/qsnodes.cpp:623 #40 0x082fb955 in QSExprStatementNode::execute (this=3D0x870d158, env=3D0x858c780) at ../engine/qsnodes.cpp:1265 #41 0x082f474d in QSStatListNode::execute (this=3D0x870ace8, env=3D0x858c780) at ../engine/qsnodes.cpp:1135 #42 0x082f4798 in QSStatListNode::execute (this=3D0x8709640, env=3D0x858c780) at ../engine/qsnodes.cpp:1139 #43 0x082f4798 in QSStatListNode::execute (this=3D0x8704cc8, env=3D0x858c780) at ../engine/qsnodes.cpp:1139 #44 0x082f4798 in QSStatListNode::execute (this=3D0x86f5a68, env=3D0x858c780) at ../engine/qsnodes.cpp:1139 #45 0x082f4548 in QSBlockNode::executeStatement (this=3D0x86f6200, env=3D0x858c780) at ../engine/qsnodes.cpp:1128 #46 0x082f6054 in QSScopeNode::execute (this=3D0x86f6200, env=3D0x858c780= ) at ../engine/qsnodes.cpp:1114 #47 0x082fb85d in QSIfNode::execute (this=3D0x86f6af0, env=3D0x858c780) a= t ../engine/qsnodes.cpp:1289 #48 0x082f474d in QSStatListNode::execute (this=3D0x86d0878, env=3D0x858c780) at ../engine/qsnodes.cpp:1135 #49 0x082f4548 in QSBlockNode::executeStatement (this=3D0x86d1240, env=3D0x858c780) at ../engine/qsnodes.cpp:1128 #50 0x082f6054 in QSScopeNode::execute (this=3D0x86d1240, env=3D0x858c780= ) at ../engine/qsnodes.cpp:1114 [...] So it seems that globalParams is not allocated. How this regression can be created by the new xpdf code? Who should create this global variable? I have found openXpdfMess which initializes this object and it is called on several places: grep openXpdfMess kernel/* kernel/cpage.cc: xpdf::openXpdfMess (); kernel/cpage.cc: xpdf::openXpdfMess (); kernel/cpage.cc: xpdf::openXpdfMess (); Bin=E1rn=ED soubor kernel/kernel_tests odpov=EDd=E1 Bin=E1rn=ED soubor kernel/libkernel.a odpov=EDd=E1 kernel/stateupdater.h: xpdf::openXpdfMess (); Is it enough to call this method before document open (e.g. when application starts)? https://lists.sourceforge.net/lists/listinfo/pdfedit-devel --=20 Michal Hocko |