[Poppler-bugs] [Bug 18364] New: OutlineItem:: readItemList blindly follows loops in outlines definitions

Mon Nov 3 18:57:14 PST 2008

http://bugs.freedesktop.org/show_bug.cgi?id=18364

           Summary: OutlineItem::readItemList blindly follows loops in
                    outlines definitions
           Product: poppler
           Version: unspecified
          Platform: x86-64 (AMD64)
        OS/Version: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
        AssignedTo: poppler-bugs at lists.freedesktop.org
        ReportedBy: nick.jones at network-box.com

Created an attachment (id=20027)
 --> (http://bugs.freedesktop.org/attachment.cgi?id=20027)
add hash check for outlines section numbers

If the definition of an outlines section in a document is broken and /Next
references contain a loop, libpoppler will follow this blindly and become stuck
in a loop of its own.

The broken documents I found had sections arranged like:
24 /First 25 ... /Type/Outlines
25 /Next 51 ...
27 /Next 28 ...
28 /Next 52 ...
29 /Next 27 ...
30 /Next 29 ...
...
50 /Next 49 ...
51 /Next 50 ...
52 /Next 51 ...

I assume that the same bug could be triggered with just two Outlines sections.

Attached is a patch that fixes this issue, but I have no experience with the
workflow and coding practises of the poppler project, so it may not suit the
authors.

This issue applies to v0.8.7 and earlier.  The patch is valid for this version
and also applies cleanly to 0.5.9

The patch works by adding a hash of outline section numbers visited.  If a
number appears again, the loop is exited.

-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.