New issue
Advanced search Search tips

Issue 633255 link

Starred by 2 users
Status: Fixed
Owner: ----
Closed: Aug 2016
Cc:
weili@chromium.org
thestig@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug



Sign in to add a comment

Hillary’s tax returns crash Chrome’s PDF viewer

Project Member Reported by mark@chromium.org, Aug 1 2016 
I’m using canary 54.0.2815.0 (b04cd370dcb7) on OS X 10.11.6 (15G31), but I see crashes that look like this on Windows too.

go/crash/548b2f4200000000

Thread 0 CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000008 ] MAGIC SIGNATURE THREAD
0x00000001117b182b	(Google Chrome Framework -list:592 )	CJBig2_Context::parseSymbolDict(CJBig2_Segment*, IFX_Pause*)
0x00000001117b038d	(Google Chrome Framework -JBig2_Context.cpp:327 )	CJBig2_Context::decode_SquentialOrgnazation(IFX_Pause*)
0x00000001117b0990	(Google Chrome Framework -JBig2_Context.cpp:118 )	CJBig2_Context::getFirstPage(unsigned char*, int, int, int, IFX_Pause*)
0x00000001117aca07	(Google Chrome Framework -fx_codec_jbig.cpp:70 )	CCodec_Jbig2Module::StartDecode(CCodec_Jbig2Context*, std::__1::unique_ptr<JBig2_DocumentContext, std::__1::default_delete<JBig2_DocumentContext> >*, unsigned int, unsigned int, CPDF_StreamAcc*, CPDF_StreamAcc*, unsigned char*, unsigned int, IFX_Pause*)
0x000000011177b301	(Google Chrome Framework -fpdf_render_loadimage.cpp:352 )	CPDF_DIBSource::ContinueLoadDIBSource(IFX_Pause*)
0x00000001117758ba	(Google Chrome Framework -fpdf_render_cache.cpp:319 )	CPDF_PageRenderCache::Continue(IFX_Pause*)
0x000000011177d7f6	(Google Chrome Framework -fpdf_render_loadimage.cpp:1523 )	CPDF_ImageLoaderHandle::Continue(IFX_Pause*)
0x00000001117762d7	(Google Chrome Framework -fpdf_render_image.cpp:915 )	CPDF_ImageRenderer::Continue(IFX_Pause*)
0x0000000111772590	(Google Chrome Framework -fpdf_render.cpp:276 )	CPDF_RenderStatus::ContinueSingleObject(CPDF_PageObject const*, CFX_Matrix const*, IFX_Pause*)
0x0000000111772700	(Google Chrome Framework -fpdf_render.cpp:303 )	CPDF_RenderStatus::ContinueSingleObject(CPDF_PageObject const*, CFX_Matrix const*, IFX_Pause*)
0x0000000111774a3e	(Google Chrome Framework -fpdf_render.cpp:1053 )	CPDF_ProgressiveRenderer::Continue(IFX_Pause*)
0x00000001116fd77c	(Google Chrome Framework -fpdfview.cpp:904 )	FPDF_RenderPage_Retail(CPDF_PageRenderContext*, void*, int, int, int, int, int, int, int, IFSDK_PAUSE_Adapter*)
0x00000001116f7382	(Google Chrome Framework -fpdf_progressive.cpp:53 )	FPDF_RenderPageBitmap_Start
0x00000001116e4766	(Google Chrome Framework -pdfium_engine.cc:2756 )	chrome_pdf::PDFiumEngine::ContinuePaint(int, pp::ImageData*)
0x00000001116e4483	(Google Chrome Framework -pdfium_engine.cc:958 )	chrome_pdf::PDFiumEngine::Paint(pp::Rect const&, pp::ImageData*, std::__1::vector<pp::Rect, std::__1::allocator<pp::Rect> >*, std::__1::vector<pp::Rect, std::__1::allocator<pp::Rect> >*)
0x00000001116d9b02	(Google Chrome Framework -out_of_process_instance.cc:803 )	chrome_pdf::OutOfProcessInstance::OnPaint(std::__1::vector<pp::Rect, std::__1::allocator<pp::Rect> > const&, std::__1::vector<PaintManager::ReadyRect, std::__1::allocator<PaintManager::ReadyRect> >*, std::__1::vector<pp::Rect, std::__1::allocator<pp::Rect> >*)
0x00000001116e0cfb	(Google Chrome Framework -paint_manager.cc:204 )	PaintManager::DoPaint()
0x00000001116e19a9	(Google Chrome Framework -completion_callback_factory.h:607 )	pp::CompletionCallbackFactory<PaintManager, pp::ThreadSafeThreadTraits>::CallbackData<pp::CompletionCallbackFactory<PaintManager, pp::ThreadSafeThreadTraits>::Dispatcher0<void (PaintManager::*)(int)> >::Thunk(void*, int)
0x000000010f488077	(Google Chrome Framework -pp_completion_callback.h:240 )	ppapi::TrackedCallback::Run(int)
0x000000010f4115cc	(Google Chrome Framework -plugin_resource.cc:54 )	ppapi::proxy::PluginResource::OnReplyReceived(ppapi::proxy::ResourceMessageReplyParams const&, IPC::Message const&)
0x000000010f411091	(Google Chrome Framework -plugin_message_filter.cc:116 )	ppapi::proxy::PluginMessageFilter::DispatchResourceReply(ppapi::proxy::ResourceMessageReplyParams const&, IPC::Message const&)
0x000000010de00bea	(Google Chrome Framework -callback.h:389 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)
0x000000010de21d3b	(Google Chrome Framework -message_loop.cc:496 )	base::MessageLoop::RunTask(base::PendingTask const&)
0x000000010de2204b	(Google Chrome Framework -message_loop.cc:505 )	base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)
0x000000010de223f2	(Google Chrome Framework -message_loop.cc:629 )	base::MessageLoop::DoWork()
[…]

Happens with the 2007–2010 tax returns at https://www.hillaryclinton.com/page/tax-returns/:

https://m.hrc.onl/secretary/10-documents/01-health-financial-records/WJC_HRC_2007_Form_1040.pdf
https://m.hrc.onl/secretary/10-documents/01-health-financial-records/WJC_HRC_2008_Form_1040.pdf
https://m.hrc.onl/secretary/10-documents/01-health-financial-records/WJC_HRC_2009_Form_1040.pdf
https://m.hrc.onl/secretary/10-documents/01-health-financial-records/WJC_HRC_2010_Form_1040.pdf

This may be the same as  bug 631912 , but I thought it would be useful to offer some “in the wild” PDFs not coming from ClusterFuzz.

Comment 1 by thestig@chromium.org, Aug 2 2016

Status: Fixed (was: Untriaged)
r409304 should fix this.

Sign in to add a comment