[email protected] (Debian Bug Tracking System) writes: > Make sure you've also updated to the expa from squeeze. This bug has > been reported many times now: #628591, #603153, etc.
Upgrading libexpat1 indeed changes behaviour and avoids the obvious bug symptoms, presumably due to a differently aligned heap/stack. That explains why only a few people have experienced this. However, this changes _absolutely nothing_ with regard to the grave bug in Debian's xpdf or -- if you will -- poppler. Like I have stated, due to the incompatibility of GlobalParams in xpdf and poppler, xpdf is accessing uninitilized memory, leading to undefined behaviour. In the best case, it 'works' by chance. But on the next upgrade, whether it be libexpat or libc or whatever, the bug _surely_ will bite again! At worst, this will become a security issue sometime. If you don't want to reproduce my instrumentation, please try "valgrind xpdf any.pdf": ==5746== Conditional jump or move depends on uninitialised value(s) ==5746== at 0x5289CD4: Gfx::go(bool) (in /usr/lib/libpoppler.so.13.0.0) ==5746== by 0x528A104: Gfx::display(Object*, bool) (in /usr/lib/libpoppler.so.13.0.0) ==5746== by 0x52D3B35: Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, Catalog*, bool (*)(void*), void*, bool (*)(Annot*, void*), void*) (in /usr/lib/libpoppler.so.13.0.0) ==5746== by 0x41C87C: PDFCore::needTile(PDFCorePage*, int, int) (PDFCore.cc:890) ==5746== by 0x41BC39: PDFCore::update(int, int, int, double, int, bool, bool, bool) (PDFCore.cc:712) ==5746== by 0x4248E2: XPDFCore::update(int, int, int, double, int, bool, bool, bool) (XPDFCore.cc:288) ==5746== by 0x419E98: PDFCore::displayPage(int, double, int, bool, bool) (PDFCore.cc:301) ==5746== by 0x42E3FC: XPDFViewer::displayPage(int, double, int, bool, bool) (XPDFViewer.cc:463) ==5746== by 0x42D881: XPDFViewer::XPDFViewer(XPDFApp*, GooString*, int, GooString*, bool, GooString*, GooString*) (XPDFViewer.cc:302) ==5746== by 0x4225CD: XPDFApp::open(GooString*, int, GooString*, GooString*) (XPDFApp.cc:228) ==5746== by 0x42B405: main (xpdf.cc:313) ==5746== Uninitialised value was created by a heap allocation ==5746== at 0x4C24DFA: operator new(unsigned long) (vg_replace_malloc.c:261) ==5746== by 0x42AB77: main (xpdf.cc:159) and xpdf.xx:159 is exactly the forementioned problematic: globalParams = new GlobalParams(cfgFileName); I have now invested \approx 6h in this report and am 100% sure it is a grave bug. Please consider re-opening. Thanks, Wolfram Gloger -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
