[Poppler-bugs] [Bug 36693] New: poppler: crash on truncated JPEG/DCT stream
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri Apr 29 12:13:19 PDT 2011
https://bugs.freedesktop.org/show_bug.cgi?id=36693
Summary: poppler: crash on truncated JPEG/DCT stream
Product: poppler
Version: unspecified
Platform: Other
OS/Version: All
Status: NEW
Severity: minor
Priority: medium
Component: general
AssignedTo: poppler-bugs at lists.freedesktop.org
ReportedBy: thoger at redhat.com
Attached fuzzed PDF from Sauli Pahlman crashes poppler at or around
DCTStream::reset. The reason for the crash is that the file contains a
truncated JPEG image which does not contain full image header.
jpeg_read_header() called from DCTStream::reset returns JPEG_SUSPENDED and some
of the cinfo struct members are not properly set, causing a NULL pointer
dereference crash on this specific file.
This change avoids the crash on this file:
index 78cd59d..e96ec5a 100644
--- a/poppler/DCTStream.cc
+++ b/poppler/DCTStream.cc
@@ -141,8 +141,7 @@ void DCTStream::reset() {
}
}
- if (!setjmp(err.setjmp_buffer)) {
- jpeg_read_header(&cinfo, TRUE);
+ if (!setjmp(err.setjmp_buffer) && jpeg_read_header(&cinfo, TRUE) !=
JPEG_SUSPENDED) {
// figure out color transform
if (colorXform == -1 && !cinfo.saw_Adobe_marker) {
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Poppler-bugs
mailing list