[Poppler-bugs] [Bug 43306] New: crash in loadFromData with invalid pdf

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Nov 28 06:55:14 PST 2011 

https://bugs.freedesktop.org/show_bug.cgi?id=43306

             Bug #: 43306
           Summary: crash in loadFromData with invalid pdf
    Classification: Unclassified
           Product: poppler
           Version: unspecified
          Platform: x86-64 (AMD64)
        OS/Version: Linux (All)
            Status: NEW
          Severity: critical
          Priority: medium
         Component: general
        AssignedTo: poppler-bugs at lists.freedesktop.org
        ReportedBy: benito at benibela.de


Created attachment 53903
  --> https://bugs.freedesktop.org/attachment.cgi?id=53903
crashing pdfs

Poppler 0.16 crashes in Document::loadFromData, if the pdf is truncated,
although Document::load works fine.


See the pdfs in the attached file for examples.

Backtraces:

"/tmp/test13725.pdf" 

#0  0x00007ffff4b7924f in MemStream::getChar() () from
/usr/lib/libpoppler.so.13
#1  0x00007ffff4b62ccf in Lexer::getChar(bool) () from
/usr/lib/libpoppler.so.13
#2  0x00007ffff4b62daa in Lexer::getObj(Object*, int) () from
/usr/lib/libpoppler.so.13
#3  0x00007ffff4b6ca14 in Parser::Parser(XRef*, Lexer*, bool) () from
/usr/lib/libpoppler.so.13
#4  0x00007ffff4b7c3bd in XRef::readXRef(unsigned int*, std::vector<unsigned
int, std::allocator<unsigned int> >*) () from /usr/lib/libpoppler.so.13
#5  0x00007ffff4b7c73c in XRef::XRef(BaseStream*, unsigned int, unsigned int,
bool*, bool) () from /usr/lib/libpoppler.so.13
#6  0x00007ffff4b6f692 in PDFDoc::setup(GooString*, GooString*) () from
/usr/lib/libpoppler.so.13
#7  0x00007ffff4b6f8a9 in PDFDoc::PDFDoc(BaseStream*, GooString*, GooString*,
void*) () from /usr/lib/libpoppler.so.13
#8  0x00007ffff79896fc in Poppler::Document::loadFromData(QByteArray const&,
QByteArray const&, QByteArray const&) () from /usr/lib/libpoppler-qt4.so.3
#9  0x00000000006318b1 in PDFDocument::PDFDocument (this=0x1a82280,
pdfConfig=0xe3cde0) at PDFDocument.cpp:1864


"/tmp/test13725.pdf" 

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4b7924f in MemStream::getChar() () from /usr/lib/libpoppler.so.13
(gdb) bt
#0  0x00007ffff4b7924f in MemStream::getChar() () from
/usr/lib/libpoppler.so.13
#1  0x00007ffff4b62ccf in Lexer::getChar(bool) () from
/usr/lib/libpoppler.so.13
#2  0x00007ffff4b62daa in Lexer::getObj(Object*, int) () from
/usr/lib/libpoppler.so.13
#3  0x00007ffff4b6ca14 in Parser::Parser(XRef*, Lexer*, bool) () from
/usr/lib/libpoppler.so.13
#4  0x00007ffff4b7c3bd in XRef::readXRef(unsigned int*, std::vector<unsigned
int, std::allocator<unsigned int> >*) () from /usr/lib/libpoppler.so.13
#5  0x00007ffff4b7c73c in XRef::XRef(BaseStream*, unsigned int, unsigned int,
bool*, bool) () from /usr/lib/libpoppler.so.13
#6  0x00007ffff4b6f692 in PDFDoc::setup(GooString*, GooString*) () from
/usr/lib/libpoppler.so.13
#7  0x00007ffff4b6f8a9 in PDFDoc::PDFDoc(BaseStream*, GooString*, GooString*,
void*) () from /usr/lib/libpoppler.so.13
#8  0x00007ffff79896fc in Poppler::Document::loadFromData(QByteArray const&,
QByteArray const&, QByteArray const&) () from /usr/lib/libpoppler-qt4.so.3
#9  0x00000000006318b1 in PDFDocument::PDFDocument (this=0x1a53fb0,
pdfConfig=0xe3cde0) at PDFDocument.cpp:1864
#10 0x000000000048ca13 in Texmaker::newPdfPreviewer (this=0xe2d090) at
texmaker.cpp:4242





...



"/tmp/test13759.pdf" 

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4b7924f in MemStream::getChar() () from /usr/lib/libpoppler.so.13
(gdb) bt
#0  0x00007ffff4b7924f in MemStream::getChar() () from
/usr/lib/libpoppler.so.13
#1  0x00007ffff4b62ccf in Lexer::getChar(bool) () from
/usr/lib/libpoppler.so.13
#2  0x00007ffff4b62daa in Lexer::getObj(Object*, int) () from
/usr/lib/libpoppler.so.13
#3  0x00007ffff4b6ca14 in Parser::Parser(XRef*, Lexer*, bool) () from
/usr/lib/libpoppler.so.13
#4  0x00007ffff4b7c3bd in XRef::readXRef(unsigned int*, std::vector<unsigned
int, std::allocator<unsigned int> >*) () from /usr/lib/libpoppler.so.13
#5  0x00007ffff4b7c73c in XRef::XRef(BaseStream*, unsigned int, unsigned int,
bool*, bool) () from /usr/lib/libpoppler.so.13
#6  0x00007ffff4b6f692 in PDFDoc::setup(GooString*, GooString*) () from
/usr/lib/libpoppler.so.13
#7  0x00007ffff4b6f8a9 in PDFDoc::PDFDoc(BaseStream*, GooString*, GooString*,
void*) () from /usr/lib/libpoppler.so.13
#8  0x00007ffff79896fc in Poppler::Document::loadFromData(QByteArray const&,
QByteArray const&, QByteArray const&) () from /usr/lib/libpoppler-qt4.so.3
#9  0x00000000006318b1 in PDFDocument::PDFDocument (this=0x1a546d0,
pdfConfig=0xe3cde0) at PDFDocument.cpp:1864




Program to load them:
 QFile f("/tmp/test"+QString::number(i)+".pdf");
 if (!f.open(QFile::ReadOnly)) qDebug() << "file open failed";        
 Poppler::Document* doc = Poppler::Document::loadFromData(f.readAll());

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Poppler-bugs mailing list