<html> <head> <base href="https://bugs.freedesktop.org/" /> </head> <body> <div> <a class="bz_bug_link bz_status_NEEDINFO " title="NEEDINFO --- - Heap-buffer-overflow in TextPage::updateFont" href="https://bugs.freedesktop.org/show_bug.cgi?id=76442#c2">Comment # 2</a> on <a class="bz_bug_link bz_status_NEEDINFO " title="NEEDINFO --- - Heap-buffer-overflow in TextPage::updateFont" href="https://bugs.freedesktop.org/show_bug.cgi?id=76442">bug 76442</a> from <a class="email" href="mailto:a.husa@hushmail.com" title="Antti Husa <a.husa@hushmail.com>"> Antti Husa</a> <pre>Even with the exports I was unable to get ASAN to show line numbers it only showed the function names. However Valgrind did show line numbers with the same compiler debug options so here's Valgrind report: ==15458== Invalid read of size 1 ==15458== at 0xEEC0255: TextPage::updateFont(GfxState*) (TextOutputDev.cc:2199) ==15458== by 0xEB2CB93: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:624) ==15458== by 0xEE5A4BC: Gfx::opShowText(Object*, int) (Gfx.cc:3742) ==15458== by 0xEE52A88: Gfx::go(bool) (Gfx.cc:712) ==15458== by 0xEE52ECC: Gfx::display(Object*, bool) (Gfx.cc:678) ==15458== by 0xEE94054: Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) (Page.cc:584) ==15458== by 0xEB224F6: _poppler_page_render(_PopplerPage*, _cairo*, bool, PopplerPrintFlags) (poppler-page.cc:362) ==15458== by 0xE8FDCA4: pdf_page_render_cairo (pdf.c:809) ==15458== by 0x41DCE7: render_job (render.c:183) ==15458== by 0x627FEA5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) ==15458== by 0x627F4E4: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2) ==15458== by 0x694CF39: start_thread (pthread_create.c:308) ==15458== Address 0x115012f1 is 0 bytes after a block of size 1 alloc'd ==15458== at 0x4C2C71B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==15458== by 0xEE043AD: gmalloc (gmem.cc:110) ==15458== by 0xEE04971: copyString (gmem.cc:316) ==15458== by 0xEE5E5CD: Gfx8BitFont::Gfx8BitFont(XRef*, char const*, Ref, GooString*, GfxFontType, Ref, Dict*) (GfxFont.cc:1198) ==15458== by 0xEE6187B: GfxFont::makeFont(XRef*, char const*, Ref, Dict*) (GfxFont.cc:223) ==15458== by 0xEE619A2: GfxFontDict::GfxFontDict(XRef*, Ref*, Dict*) (GfxFont.cc:2497) ==15458== by 0xEE46EFE: GfxResources::GfxResources(XRef*, Dict*, GfxResources*) (Gfx.cc:341) ==15458== by 0xEE523D3: Gfx::Gfx(PDFDoc*, OutputDev*, int, Dict*, double, double, PDFRectangle*, PDFRectangle*, int, bool (*)(void*), void*, XRef*) (Gfx.cc:554) ==15458== by 0xEE93D85: Page::createGfx(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, XRef*) (Page.cc:544) ==15458== by 0xEE9401B: Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) (Page.cc:579) ==15458== by 0xEB224F6: _poppler_page_render(_PopplerPage*, _cairo*, bool, PopplerPrintFlags) (poppler-page.cc:362) ==15458== by 0xE8FDCA4: pdf_page_render_cairo (pdf.c:809) ==15458== ==15458== ==15458== HEAP SUMMARY: ==15458== in use at exit: 3,708,571 bytes in 19,892 blocks ==15458== total heap usage: 112,237 allocs, 92,345 frees, 18,910,558 bytes allocated ==15458== ==15458== LEAK SUMMARY: ==15458== definitely lost: 4,320 bytes in 9 blocks ==15458== indirectly lost: 17,319 bytes in 684 blocks ==15458== possibly lost: 28,608 bytes in 444 blocks ==15458== still reachable: 3,527,140 bytes in 18,138 blocks ==15458== suppressed: 0 bytes in 0 blocks ==15458== Rerun with --leak-check=full to see details of leaked memory</pre> </div> <hr> You are receiving this mail because: <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>