Crashes thumbnailing a specific file
Trying to thumbnail TooCoolToBeForgotten.cbz
from Humble Bundle #4
.
Apr 03 13:48:19 classic systemd-coredump[821983]: [🡕] Process 821980 (evince-thumbnai) of user 1000 dumped core.
Module linux-vdso.so.1 with build-id dc05335294b537c5450d51b3f22cfce38ffa8018
Module libattr.so.1 with build-id 4ad7e55dd83c73134eea5018a729a71c170edcc5
Metadata for module libattr.so.1 owned by FDO found: {
"type" : "rpm",
"name" : "attr",
"version" : "2.5.1-4.fc36",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:36"
}
Module libacl.so.1 with build-id 1f8547b434d8ae3dcf4e30e7aa890e2df4b33c5f
Metadata for module libacl.so.1 owned by FDO found: {
"type" : "rpm",
"name" : "acl",
"version" : "2.3.1-3.fc36",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:36"
}
Module libcrypto.so.3 with build-id ddd97176a76e9b93e73b03b5cb90d75e998d0d0d
Metadata for module libcrypto.so.3 owned by FDO found: {
"type" : "rpm",
"name" : "openssl",
"version" : "3.0.2-1.fc36",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:36"
}
Module libarchive.so.13 with build-id dd951e1d62a630e52076ff853edfd5511168003d
Stack trace of thread 2:
#0 0x00007fc421e03535 realloc (libc.so.6 + 0xa1535)
#1 0x00007fc410daa1e8 archive_string_ensure (libarchive.so.13 + 0x5e1e8)
#2 0x00007fc410dadbf2 archive_string_append_from_wcs (libarchive.so.13 + 0x61bf2)
#3 0x00007fc410db7e48 archive_mstring_get_mbs (libarchive.so.13 + 0x6be48)
#4 0x00007fc410d6cdda archive_entry_pathname (libarchive.so.13 + 0x20dda)
#5 0x00007fc410e442b5 archive_reopen_if_needed.constprop.0 (libcomicsdocument.so + 0x72b5)
#6 0x00007fc410e45034 comics_document_get_page_size (libcomicsdocument.so + 0x8034)
#7 0x00007fc422b3a8c1 ev_document_get_page_size (libevdocument3.so.4 + 0x188c1)
#8 0x000056329a96ed41 evince_thumbnail_pngenc_get (evince-thumbnailer + 0x2d41)
#9 0x000056329a96e855 main (evince-thumbnailer + 0x2855)
#10 0x00007fc421d8f590 __libc_start_call_main (libc.so.6 + 0x2d590)
#11 0x00007fc421d8f649 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2d649)
#12 0x000056329a96ebb5 _start (evince-thumbnailer + 0x2bb5)
Stack trace of thread 3:
#0 0x00007fc421e786ce __clone3 (libc.so.6 + 0x1166ce)
ELF object binary architecture: AMD x86-64
using evince-thumbnailer-42.1-1.fc36.x86_64
Thankfully, it shows up in valgrind:
==822465== Invalid read of size 8
==822465== at 0x179DDDBF: archive_entry_pathname (archive_entry.c:575)
==822465== by 0x1798C2B4: archive_reopen_if_needed.constprop.0 (comics-document.c:156)
==822465== by 0x1798D033: comics_document_get_page_size (comics-document.c:444)
==822465== by 0x48928C0: UnknownInlinedFun (ev-document.c:860)
==822465== by 0x48928C0: ev_document_get_page_size (ev-document.c:897)
==822465== by 0x10AD40: evince_thumbnail_pngenc_get (evince-thumbnailer.c:207)
==822465== by 0x10A854: main (evince-thumbnailer.c:329)
==822465== Address 0x90a1c60 is 0 bytes inside a block of size 1,280 free'd
==822465== at 0x48480E4: free (vg_replace_malloc.c:872)
==822465== by 0x179ECC1A: UnknownInlinedFun (archive_read.c:1135)
==822465== by 0x179ECC1A: _archive_read_free.lto_priv.0 (archive_read.c:1081)
==822465== by 0x1798A89D: ev_archive_reset (ev-archive.c:367)
==822465== by 0x1798C90C: UnknownInlinedFun (comics-document.c:272)
==822465== by 0x1798C90C: comics_document_load (comics-document.c:379)
==822465== by 0x4891D62: ev_document_load_full (ev-document.c:415)
==822465== by 0x489656D: ev_document_factory_get_document_full (ev-document-factory.c:320)
==822465== by 0x10A7DC: UnknownInlinedFun (evince-thumbnailer.c:170)
==822465== by 0x10A7DC: main (evince-thumbnailer.c:297)
==822465== Block was alloc'd at
==822465== at 0x484A464: calloc (vg_replace_malloc.c:1328)
==822465== by 0x179D81E6: archive_entry_new2 (archive_entry.c:269)
==822465== by 0x179E78DD: archive_read_new (archive_read.c:111)
==822465== by 0x1798A6A2: libarchive_set_archive_type (ev-archive.c:87)
==822465== by 0x1798A7C9: ev_archive_set_archive_type (ev-archive.c:124)
==822465== by 0x1798CB05: UnknownInlinedFun (comics-document.c:301)
==822465== by 0x1798CB05: comics_document_load (comics-document.c:372)
==822465== by 0x4891D62: ev_document_load_full (ev-document.c:415)
==822465== by 0x489656D: ev_document_factory_get_document_full (ev-document-factory.c:320)
==822465== by 0x10A7DC: UnknownInlinedFun (evince-thumbnailer.c:170)
==822465== by 0x10A7DC: main (evince-thumbnailer.c:297)