[poppler] [PATCH] Fix crash on invalid image

Even Rouault even.rouault at mines-paris.org
Sat Mar 3 11:28:19 PST 2012 

Hi,

The attached patch fixes a SIGFPE when rendering the attached image (generated 
by a fuzzer)

$ valgrind ~/poppler-git/install/bin/pdftoppm gdal-131/session-665/byte.pdf 
out
==31362== Memcheck, a memory error detector
==31362== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==31362== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==31362== Command: /home/even/poppler-git/install/bin/pdftoppm 
gdal-131/session-665/byte.pdf out
==31362==
Syntax Error (1148): Unknown filter 'FnateDecode'
==31362==
==31362== Process terminating with default action of signal 8 (SIGFPE)
==31362==  Integer divide by zero at address 0x40325AF63
==31362==    at 0x4FE5201: ImageStream::ImageStream(Stream*, int, int, int) 
(Stream.cc:420)
==31362==    by 0x4F0F5E5: SplashOutputDev::drawImage(GfxState*, Object*, 
Stream*, int, int, GfxImageColorMap*, bool, int*, bool) 
(SplashOutputDev.cc:2999)
==31362==    by 0x4F7E591: Gfx::doImage(Object*, Stream*, bool) (Gfx.cc:4585)
==31362==    by 0x4F7CA3A: Gfx::opXObject(Object*, int) (Gfx.cc:4145)
==31362==    by 0x4F6BAE0: Gfx::execOp(Object*, Object*, int) (Gfx.cc:855)
==31362==    by 0x4F6B3E8: Gfx::go(bool) (Gfx.cc:714)
==31362==    by 0x4F6B201: Gfx::display(Object*, bool) (Gfx.cc:680)
==31362==    by 0x4FD6B71: Page::displaySlice(OutputDev*, double, double, int, 
bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, 
void*), void*) (Page.cc:485)
==31362==    by 0x4FDAACC: PDFDoc::displayPageSlice(OutputDev*, int, double, 
double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, 
bool (*)(Annot*, void*), void*) (PDFDoc.cc:500)
==31362==    by 0x40172E: savePageSlice(PDFDoc*, SplashOutputDev*, int, int, 
int, int, int, double, double, char*) (pdftoppm.cc:196)
==31362==    by 0x401F73: main (pdftoppm.cc:415)

Best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix_crash_with_bits_0.patch
Type: text/x-patch
Size: 411 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/poppler/attachments/20120303/332565cf/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: byte_0_bits.pdf
Type: application/pdf
Size: 1989 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/poppler/attachments/20120303/332565cf/attachment.pdf>

More information about the poppler mailing list