<html> <head> <base href="https://bugs.freedesktop.org/" /> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW - Infinity loop : Syntax Error (XXX): Illegal character <XX> in hex string" href="https://bugs.freedesktop.org/show_bug.cgi?id=91353">91353</a> </td> </tr> <tr> <th>Summary</th> <td>Infinity loop : Syntax Error (XXX): Illegal character <XX> in hex string </td> </tr> <tr> <th>Product</th> <td>poppler </td> </tr> <tr> <th>Version</th> <td>unspecified </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>pdftohtml </td> </tr> <tr> <th>Assignee</th> <td>poppler-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Reporter</th> <td>legarrec.vincent@gmail.com </td> </tr></table> <p> <div> <pre>Created <span class=""><a href="attachment.cgi?id=117146" name="attach_117146" title="poppler-hangs.pdf">attachment 117146</a> <a href="attachment.cgi?id=117146&action=edit" title="poppler-hangs.pdf">[details]</a></span> poppler-hangs.pdf Please find enclose a PDF found by fuzzing that make pdftohtml run into an infinity loop. When I terminate it, the stack is always the same : #0 0x00007ffff737a090 in __write_nocancel () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007ffff730e3b5 in _IO_new_file_write ( f=0x7ffff7634700 <_IO_2_1_stderr_>, data=0x7fffffffa470, n=57) at fileops.c:1302 #2 0x00007ffff730d9fc in new_do_write ( fp=fp@entry=0x7ffff7634700 <_IO_2_1_stderr_>, data=data@entry=0x7fffffffa470 "Syntax Error (291): Illegal character <69> in hex string\n\331\060\367\377\177", to_do=to_do@entry=57) at fileops.c:537 #3 0x00007ffff730ea46 in _IO_new_file_xsputn ( f=0x7ffff7634700 <_IO_2_1_stderr_>, data=<optimized out>, n=57) at fileops.c:1384 #4 0x00007ffff72e3770 in buffered_vfprintf ( s=0x7ffff7634700 <_IO_2_1_stderr_>, format=<optimized out>, args=<optimized out>) at vfprintf.c:2369 #5 0x00007ffff72de115 in _IO_vfprintf_internal ( s=s@entry=0x7ffff7634700 <_IO_2_1_stderr_>, format=0x7ffff7b2230a "%s (%lld): %s\n", ap=ap@entry=0x7fffffffca88) at vfprintf.c:1296 #6 0x00007ffff7395b1c in ___fprintf_chk ( fp=0x7ffff7634700 <_IO_2_1_stderr_>, flag=1, format=<optimized out>) at fprintf_chk.c:35 #7 0x00007ffff7a44e0d in fprintf (__fmt=0x7ffff7b2230a "%s (%lld): %s\n", __stream=<optimized out>) at /usr/include/bits/stdio2.h:98 #8 error (category=category@entry=errSyntaxError, pos=291, msg=msg@entry=0x7ffff7b32a40 "Illegal character <{0:02x}> in hex string") at /home/legarrec/info/programmation/tmp/poppler/poppler/Error.cc:89 #9 0x00007ffff7a9f6af in Lexer::getObj (this=0x64b740, obj=obj@entry=0x64c878, objNum=objNum@entry=-1) at /home/legarrec/info/programmation/tmp/poppler/poppler/Lexer.cc:506 #10 0x00007ffff7aaa0a5 in Parser::shift (this=this@entry=0x64c850, objNum=objNum@entry=-1) at /home/legarrec/info/programmation/tmp/poppler/poppler/Parser.cc:300 #11 0x00007ffff7aaa9e0 in Parser::getObj (this=this@entry=0x64c850, obj=obj@entry=0x7fffffffceb0, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=cryptRC4, keyLength=1146103040, objNum=5, objGen=0, recursion=0, strict=false) at /home/legarrec/info/programmation/tmp/poppler/poppler/Parser.cc:111 #12 0x00007ffff7ac49b9 in XRef::fetch (this=0x64b040, num=5, gen=<optimized out>, obj=0x7fffffffceb0, recursion=0) at /home/legarrec/info/programmation/tmp/poppler/poppler/XRef.cc:1199 #13 0x00007ffff7aa41c5 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=<optimized out>, recursion=<optimized out>) at /home/legarrec/info/programmation/tmp/poppler/poppler/Object.cc:122 #14 0x00007ffff7a350b9 in Array::get (this=<optimized out>, i=i@entry=0, obj=obj@entry=0x7fffffffceb0, recursion=recursion@entry=0) at /home/legarrec/info/programmation/tmp/poppler/poppler/Array.cc:125 #15 0x00007ffff7a39652 in arrayGet (recursion=0, this=0x7fffffffce90, this=0x7fffffffce90, obj=0x7fffffffceb0, i=0) at /home/legarrec/info/programmation/tmp/poppler/poppler/Object.h:293 #16 Catalog::cachePageTree (this=this@entry=0x64b130, page=page@entry=3715) at /home/legarrec/info/programmation/tmp/poppler/poppler/Catalog.cc:385 #17 0x00007ffff7a39f0a in Catalog::getPage (this=0x64b130, i=i@entry=3715) at /home/legarrec/info/programmation/tmp/poppler/poppler/Catalog.cc:239 #18 0x00007ffff7ab0850 in PDFDoc::getPage (this=this@entry=0x64adb0, page=page@entry=3715) at /home/legarrec/info/programmation/tmp/poppler/poppler/PDFDoc.cc:1938 #19 0x00007ffff7ab0922 in PDFDoc::displayPage (this=this@entry=0x64adb0, out=out@entry=0x64bc40, page=page@entry=3715, hDPI=hDPI@entry=108, vDPI=vDPI@entry=108, rotate=rotate@entry=0, useMediaBox=useMediaBox@entry=true, crop=crop@entry=false, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at /home/legarrec/info/programmation/tmp/poppler/poppler/PDFDoc.cc:466 #20 0x00007ffff7ab0a89 in PDFDoc::displayPages (this=this@entry=0x64adb0, out=out@entry=0x64bc40, firstPage=<optimized out>, lastPage=14600000, hDPI=108, vDPI=108, rotate=rotate@entry=0, useMediaBox=useMediaBox@entry=true, crop=false, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0) at /home/legarrec/info/programmation/tmp/poppler/poppler/PDFDoc.cc:486 #21 0x0000000000409974 in main (argc=2, argv=<optimized out>) at /home/legarrec/info/programmation/tmp/poppler/utils/pdftohtml.cc:392</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>