Package: python3-pymupdf
Version: 1.25.0+ds1-2
Severity: serious

Hi,

the autopkgtest of pymupdf currently segfaults on arm64, ppc64el and
riscv64. In an attempt to get to the bottom of this I found a minimal reproducer:

python3 -c "import pymupdf,sys; doc=pymupdf,sys; doc=pymupdf.open(sys.argv[1]);doc[0].get_text()" /usr/share/doc/fig2dev/manual.pdf

Which pdf document is opened seems to be irrelevant. It crashed for any that I tried. This makes this bug RC, I think.

I can reproduce the problem in a minimal Debian unstable chroot:

mmdebstrap --include=python3-pymupdf,python3-pymupdf-dbgsym,libmupdf25.1-dbgsym,gdb,fig2dev --customize-hook='env SHELL=/bin/sh chroot "$1" gdb -batch -ex "set logging enabled on" -ex "set pagination off" -ex run -ex "bt full" -ex quit --args python3 -c "
import pymupdf,sys; doc=pymupdf,sys; doc=pymupdf.open(sys.argv[1]);doc[0].get_text()" /usr/share/doc/fig2dev/manual.pdf' unstable /dev/null http://deb.debian.org/debian "deb http://deb.debian.org/debian-debug unstable-debug main"
[...]
Program received signal SIGSEGV, Segmentation fault.
0x0000fffff2d13ce8 in mupdf::FzStextPageIterator::FzStextPageIterator (this=0xfffff74b5e6c, item=...) at platform/c++/implementation/classes.cpp:22939
warning: 22939 platform/c++/implementation/classes.cpp: No such file or directory
#0 0x0000fffff2d13ce8 in mupdf::FzStextPageIterator::FzStextPageIterator (this=0xfffff74b5e6c, item=...) at platform/c++/implementation/classes.cpp:22939
No locals.
#1 0x0000fffff2d13d3c in mupdf::FzStextPage::begin (this=this@entry=0x11dd690) at platform/c++/implementation/classes.cpp:22868
ret = {m_item = {m_internal = 0x6665727800000000, static s_num_instances = 1}}
#2 0x0000fffff74ad020 in JM_print_stext_page_as_text (res=..., page=...) at ./src/build/extra.i.cpp:5570
block = {m_internal = 0xfffff7fe6420}
__for_range = @0x11dd690: {m_internal = 0x1196ea8}
__for_begin = {m_item = {m_internal = 0xfffff7fe6430}}
__for_end = {m_item = {m_internal = 0xffffffffe7c0}}
rect = {x0 = <optimized out>, y0 = 0, x1 = <optimized out>, y1 = 792} #3 0x0000fffff74ad320 in _wrap_JM_print_stext_page_as_text (self=<optimized out>, args=<optimized out>) at ./src/build/extra.i.cpp:10767
fail = <optimized out>
resultobj = 0x0
arg1 = 0x11dd560
arg2 = <optimized out>
argp1 = 0x11dd560
res1 = <optimized out>
argp2 = 0x11dd690
res2 = <optimized out>
swig_obj = {0xfffff196af90, 0xfffff196b380}
#4 0x00000000004e924c in ?? ()
No symbol table info available.
#5 0x00000000004a3dc0 in _PyObject_MakeTpCall ()
No symbol table info available.
#6 0x00000000004c1fd4 in _PyEval_EvalFrameDefault ()
No symbol table info available.
#7 0x00000000005d2040 in PyEval_EvalCode ()
No symbol table info available.
#8 0x00000000005fd91c in ?? ()
No symbol table info available.
#9 0x00000000005f7e70 in ?? ()
No symbol table info available.
#10 0x00000000005e6094 in ?? ()
No symbol table info available.
#11 0x00000000005e5e1c in ?? ()
No symbol table info available.
#12 0x00000000006229f8 in Py_RunMain ()
No symbol table info available.
#13 0x00000000005bc188 in Py_BytesMain ()
No symbol table info available.
#14 0x0000fffff7ce229c in ?? () from /lib/aarch64-linux-gnu/libc.so.6
No symbol table info available.
#15 0x0000fffff7ce237c in __libc_start_main () from /lib/aarch64-linux-gnu/libc.so.6
No symbol table info available.
#16 0x00000000005badb0 in _start ()
No symbol table info available.
A debugging session is active.

Inferior 1 [process 4068] will be killed.


Any idea what could be going on?

Thanks!

cheers, josch

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Processing control commands:

reassign -1 mupdf 1.25.1+ds1-5

Bug #1100748 [python3-pymupdf] segfault when using get_text() on arm64
Bug reassigned from package 'python3-pymupdf' to 'mupdf'.
No longer marked as found in versions pymupdf/1.25.0+ds1-2.
Ignoring request to alter fixed versions of bug #1100748 to the same values previously set
Bug #1100748 [mupdf] segfault when using get_text() on arm64
Marked as found in versions mupdf/1.25.1+ds1-5.

tag -1 + patch

Bug #1100748 [mupdf] segfault when using get_text() on arm64
Added tag(s) patch.

--
1100748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100748
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format...

Your message dated Tue, 22 Apr 2025 03:05:02 +0000
with message-id <E1u73wU-0060fa-5v@fasolo.debian.org>
and subject line Bug#1100748: fixed in mupdf 1.25.1+ds1-6
has caused the Debian Bug report #1100748,
regarding segfault when using get_text() on arm64
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


--
1100748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100748
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

Received: (at submit) by bugs.debian.org; 18 Mar 2025 06:05:53 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
(2021-04-09) on buxtehude.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-120.5 required=4.0 tests=BAYES_00,
BODY_INCLUDES_PACKAGE,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VALID_EF,FROMDEVELOPER,FVGT_m_MULTI_ODD,HAS_PACKAGE,
SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY,USER_IN_DKIM_WELCOMELIST,
USER_IN_DKIM_WHITELIST,XMAILER_REPORTBUG autolearn=ham
autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 46; hammy, 150; neutral, 121; spammy,
0. spammytokens:
hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin,
0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311,
0.000-+--H*RT:311, 0.000-+--H*RT:108
Return-path: <josch@debian.org>