[poppler] A few vulnerabilitiess in libpoppler
Hib Eris
hib at hiberis.nl
Mon Nov 22 05:13:48 PST 2010
Hi,
On Sun, Nov 21, 2010 at 11:21 PM, Albert Astals Cid <aacid at kde.org> wrote:
> A Dijous, 21 d'octubre de 2010, Robert Święcki va escriure:
>> Hi,
>>
>> I was recently fuzzing libpoppler and found lots of crashes in it.
>> Some of them are of lesser importance, some look more serious. The
>> archive is here:
>>
>> http://alt.swiecki.net/j/poppler_2010.10.20.tgz
>>
>> I tested it with Ubuntu's pdftoppm from poppler-utils_0.12.4-0ubuntu5
>> package on a 64bit system.
>>
>
> The master branch should have all of these files fixed that were poppler
> fault, there are still some jpeg2k crashes in openjpeg.
>
> There is one file that doesn't crash per se but exhausts the computer memory
> (and then crashes :D)
>
> Hib it is doing mad allocations in your new code in Hints.cc, could you have a
> look at it, it is
> SIGSEGV.PC.0x7ffff7af2936.CODE.1.ADDR.(nil).INSTR.mov_rax,_[rdi].pdf
>
> Albert
Here is a patch for this.
Cheers,
Hib
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Use-gmallocn_checkoverflow-when-parsing-Hints-table.patch
Type: text/x-patch
Size: 3354 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/poppler/attachments/20101122/865a062a/attachment.bin>
More information about the poppler
mailing list