[Poppler-bugs] [Bug 17181] New: Crash in AnnotWidget::initialize (crashes in in Form:: findWidgetByRef)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sun Aug 17 23:00:23 PDT 2008 

http://bugs.freedesktop.org/show_bug.cgi?id=17181

           Summary: Crash in AnnotWidget::initialize (crashes in in
                    Form::findWidgetByRef)
           Product: poppler
           Version: unspecified
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
        AssignedTo: poppler-bugs at lists.freedesktop.org
        ReportedBy: ted at midg3t.net


poppler 0.8.5 (Debian package 0.8.5-1).

I found a crash due to NULL-pointer dereference in poppler/Annot.cc. This
happens when loading a particular PDF file, seemingly when the first page is
being rendered (in Evince) or when running `pdftohtml` as shown below.

Unfortunately I don't have permission to attach the file that causes the crash.
It loads and displays OK in KPDF 3.5.9.

> 1730 void AnnotWidget::initialize(XRef *xrefA, Catalog *catalog, Dict *dict) {
> 1731   Object obj1;
> 1732 
> 1733   form = catalog->getForm ();
> 1734   widget = form->findWidgetByRef (ref);

> (gdb) print catalog->getForm()
> $3 = (Form *) 0x0

Here is a full backtrace.

> Starting program: /usr/bin/pdftohtml /tmp/q.pdf
> [Thread debugging using libthread_db enabled]
> [New Thread 0x7f36a94486f0 (LWP 20478)]
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7f36a94486f0 (LWP 20478)]
> 0x00007f36a8ebeb0a in Form::findWidgetByRef (this=0x0, aref=
>       {num = 493, gen = 0}) at Form.cc:1231
> 1231	  for(int i=0; i<numFields; i++) {
> (gdb) bt full
> #0  0x00007f36a8ebeb0a in Form::findWidgetByRef (this=0x0, aref=
>       {num = 493, gen = 0}) at Form.cc:1231
> 	i = 0
> #1  0x00007f36a8eabb1f in AnnotWidget::initialize (this=0xfc9350, 
>     xrefA=0xf910f0, catalog=0xf91a70, dict=0xfbf940) at Annot.cc:1734
> 	obj1 = {type = objNone, {booln = 0, intg = 0, real = 0, string = 0x0, 
>     name = 0x0, array = 0x0, dict = 0x0, stream = 0x0, ref = {num = 0, 
>       gen = 0}, cmd = 0x0}}
> #2  0x00007f36a8ead02d in AnnotWidget (this=0xfc9350, xrefA=0xf910f0, 
>     dict=0xfbf940, catalog=0xf91a70, obj=0x7fffb146af10) at Annot.cc:1713
> No locals.
> #3  0x00007f36a8eb034d in Annots::createAnnot (this=0xf92b10, xref=0xf910f0, 
>     dict=0xfbf940, catalog=0xf91a70, obj=0x7fffb146af10) at Annot.cc:3393
> 	typeName = (GooString *) 0xf913f0
> 	annot = (Annot *) 0x7fffb146af10
> 	obj1 = {type = objName, {booln = 16346208, intg = 16346208, 
>     real = 8.076099812575351e-317, string = 0xf96c60, 
>     name = 0xf96c60 "Widget", array = 0xf96c60, dict = 0xf96c60, 
>     stream = 0xf96c60, ref = {num = 16346208, gen = 0}, 
>     cmd = 0xf96c60 "Widget"}}
> #4  0x00007f36a8eb07e0 in Annots (this=0xf92b10, xref=0xf910f0, 
>     catalog=0xf91a70, annotsObj=0x7fffb146b010) at Annot.cc:3332
> No locals.
> #5  0x00007f36a8f34542 in Page::displaySlice (this=0xf92c50, out=0xfb58b0, 
>     hDPI=72, vDPI=72, rotate=0, useMediaBox=1, crop=0, sliceX=-1, sliceY=-1, 
>     sliceW=-1, sliceH=-1, printing=0, catalog=0xf91a70, abortCheckCbk=0, 
>     abortCheckCbkData=0x0, annotDisplayDecideCbk=0, 
>     annotDisplayDecideCbkData=0x0) at Page.cc:421
> 	gfx = (Gfx *) 0xf917e0
> 	obj = {type = objArray, {booln = 16472192, intg = 16472192, 
>     real = 8.1383441789010146e-317, string = 0xfb5880, 
>     name = 0xfb5880 "�\020�", array = 0xfb5880, dict = 0xfb5880, 
>     stream = 0xfb5880, ref = {num = 16472192, gen = 0}, 
>     cmd = 0xfb5880 "�\020
> 	annotList = (Annots *) 0xfb58b0
> 	i = 0
> #6  0x00007f36a8f34768 in Page::display (this=0xf92c50, out=0xfb58b0, hDPI=72, 
>     vDPI=72, rotate=0, useMediaBox=1, crop=0, printing=0, catalog=0xf91a70, 
>     abortCheckCbk=0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0, 
>     annotDisplayDecideCbkData=0x0) at Page.cc:344
> No locals.
> #7  0x00007f36a8f39932 in PDFDoc::displayPage (this=0xf90cf0, out=0xfb58b0, 
>     page=1, hDPI=72, vDPI=72, rotate=0, useMediaBox=1, crop=0, printing=0, 
>     abortCheckCbk=0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0, 
>     annotDisplayDecideCbkData=0x0) at PDFDoc.cc:373
> No locals.
> #8  0x00007f36a8f399cf in PDFDoc::displayPages (this=0xf90cf0, out=0xfb58b0, 
>     firstPage=1, lastPage=28, hDPI=72, vDPI=72, rotate=0, useMediaBox=1, 
>     crop=0, printing=0, abortCheckCbk=0, abortCheckCbkData=0x0, 
>     annotDisplayDecideCbk=0, annotDisplayDecideCbkData=0x0) at PDFDoc.cc:388
> 	page = 1
> #9  0x0000000000406058 in main (argc=2, argv=0x7fffb146b5f8)
>     at pdftohtml.cc:304
> 	doc = (PDFDoc *) 0xf90cf0
> 	fileName = (GooString *) 0xf90c90
> 	docTitle = (GooString *) 0xfb5880
> 	author = (GooString *) 0x0
> 	keywords = (GooString *) 0x0
> 	subject = (GooString *) 0x0
> 	date = (GooString *) 0xfb5210
> 	htmlFileName = (GooString *) 0xf919b0
> 	psFileName = (GooString *) 0x0
> 	htmlOut = (class HtmlOutputDev *) 0xfb58b0
> 	psOut = (class PSOutputDev *) 0x0
> 	ok = 1
> 	p = 0xf90c96 ".pdf"
> 	extension = "png", '\0' <repeats 12 times>
> 	ownerPW = (GooString *) 0x0
> 	userPW = (GooString *) 0x0
> 	info = {type = objNone, {booln = 16472192, intg = 16472192, 
>     real = 8.1383441789010146e-317, string = 0xfb5880, 
>     name = 0xfb5880 "�\020�", array = 0xfb5880, dict = 0xfb5880, 
>     stream = 0xfb5880, ref = {num = 16472192, gen = 0}, 
>     cmd = 0xfb5880 "�\020
> 	extsList = {0x4129f3 "png", 0x4129f7 "jpeg", 0x4129fc "bmp", 
>   0x412a00 "pcx", 0x412a04 "tiff", 0x412a09 "pbm", 0x0}


-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Poppler-bugs mailing list