<html> <head> <base href="https://bugs.freedesktop.org/" /> </head> <body><span class="vcard"><a class="email" href="mailto:henri+freedesktop@nerv.fi" title="Henri Salo <henri+freedesktop@nerv.fi>"> <span class="fn">Henri Salo</span></a> </span> changed <a class="bz_bug_link bz_status_NEW " title="NEW - SIGABRT in getString at Object.h:202" href="https://bugs.freedesktop.org/show_bug.cgi?id=89422">bug 89422</a> <br> <table border="1" cellspacing="0" cellpadding="8"> <tr> <th>What</th> <th>Removed</th> <th>Added</th> </tr> <tr> <td style="text-align:right;">CC</td> <td> </td> <td>henri+freedesktop@nerv.fi </td> </tr></table> <p> <div> <b><a class="bz_bug_link bz_status_NEW " title="NEW - SIGABRT in getString at Object.h:202" href="https://bugs.freedesktop.org/show_bug.cgi?id=89422#c1">Comment # 1</a> on <a class="bz_bug_link bz_status_NEW " title="NEW - SIGABRT in getString at Object.h:202" href="https://bugs.freedesktop.org/show_bug.cgi?id=89422">bug 89422</a> from <span class="vcard"><a class="email" href="mailto:henri+freedesktop@nerv.fi" title="Henri Salo <henri+freedesktop@nerv.fi>"> <span class="fn">Henri Salo</span></a> </span></b> <pre>Attached sample file crashes e.g. pdfinfo. Sample file is fuzzed with AFL <a href="http://lcamtuf.coredump.cx/afl/">http://lcamtuf.coredump.cx/afl/</a> (gdb) bt #0 0x00007ffff60d0165 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007ffff60d33e0 in *__GI_abort () at abort.c:92 #2 0x00000000006c8d62 in getString (this=<optimized out>) at Object.h:202 #3 StandardSecurityHandler::StandardSecurityHandler (this=0xac33e0, docA=<optimized out>, encryptDictA=<optimized out>) at SecurityHandler.cc:292 #4 0x00000000006c9ee3 in SecurityHandler::make (docA=0xac2ea0, encryptDictA=0x7fffffffe160) at SecurityHandler.cc:56 #5 0x0000000000609afd in PDFDoc::checkEncryption (this=this@entry=0xac2ea0, ownerPassword=ownerPassword@entry=0x0, userPassword=userPassword@entry=0x0) at PDFDoc.cc:425 #6 0x0000000000617016 in PDFDoc::setup (this=this@entry=0xac2ea0, ownerPassword=ownerPassword@entry=0x0, userPassword=userPassword@entry=0x0) at PDFDoc.cc:276 #7 0x00000000006177c0 in PDFDoc::PDFDoc (this=0xac2ea0, fileNameA=<optimized out>, ownerPassword=0x0, userPassword=0x0, guiDataA=<optimized out>) at PDFDoc.cc:166 #8 0x00000000007e2a89 in LocalPDFDocBuilder::buildPDFDoc (this=<optimized out>, uri=..., ownerPassword=0x0, userPassword=0x0, guiDataA=0x0) at LocalPDFDocBuilder.cc:31 #9 0x0000000000409476 in main (argc=2, argv=0x7fffffffe588) at pdfinfo.cc:185 #10 0x00007ffff60bcead in __libc_start_main (main=<optimized out>, argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe578) at libc-start.c:244 #11 0x000000000040bcc5 in _start () frame 2 (gdb) list 197 198 // Note: integers larger than 2^53 can not be exactly represented by a double. 199 // Where the exact value of integers up to 2^63 is required, use isInt64()/getInt64(). 200 double getNum() { OBJECT_3TYPES_CHECK(objInt, objInt64, objReal); 201 return type == objInt ? (double)intg : type == objInt64 ? (double)int64g : real; } 202 GooString *getString() { OBJECT_TYPE_CHECK(objString); return string; } 203 // After takeString() the only method that should be called for the object is free() 204 // because the object it's not expected to have a NULL string. 205 GooString *takeString() { 206 OBJECT_TYPE_CHECK(objString); GooString *s = string; string = NULL; return s; }</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>