[poppler] A few vulnerabilitiess in libpoppler

Robert Święcki robert at swiecki.net
Fri Oct 22 10:50:52 PDT 2010


>>>>I uploaded all log files (stdout, stderr, valgrind log) with
>>>>tested binary at:
>>>>
>>>>http://home.hiroshima-u.ac.jp/~mpsuzuki/test-def_mps20101022a.tar.rz
>>>
>>> I'm sorry, the valgrind log files include so many
>>> warnings caused by glibc-incompatible valgrind
>>> (valgrind was too old than glibc). Now I updated
>>> valgrind and retry testing.
>>
>>Maybe it'll be easier if I simply compile the newest libpoppler, and
>>send you the results. It should make your testing much quicker I
>>presume. I'll do it today.
>
> Thank you! Now my test with newer valgrind has just finished,
> again, 16 PDFs caused SIGSEGV. Now I'm checking the debug
> binary (built with "-g3 -ggdb -O0 -fkeep-inline-functions"),
> 53/64 are being finished (12 SEGV is found). I'm interested
> in how many PDFs will cause SEGV on your environment.
> I'm sorry for my very slow amd64 machine.

I've put it here

http://alt.swiecki.net/j/poppler_2010.10.22.tbz

Tested with git cloned libpoppler (pdftoppm), 78 testacses, hopefully
unique (i.e. crashing with different instructions). Except segfaults
I've also attached some div-by-zero problems (usually SIGFPE*),
SIGBUS* (this one on linux amd64 is *usually* the same as SEGV, just
it tries to access memory which, albeit not mmaped, cannot be really
mapped on this architecture, cause amd64 arch has effective 48bit virt
space, anyway, it's just invalid memory access). Also there is
SIGABRT* usually caused by malloc() checker, or internal assert()s.

-- 
Robert Święcki


More information about the poppler mailing list