[Poppler-bugs] [Bug 17976] New: Crash of pdftotext as result of freeing non-initialized member variable in OptionalContentGroup destructor

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Oct 8 07:37:20 PDT 2008 

http://bugs.freedesktop.org/show_bug.cgi?id=17976

           Summary: Crash of pdftotext as result of freeing non-initialized
                    member variable in OptionalContentGroup destructor
           Product: poppler
           Version: unspecified
          Platform: All
               URL: http://maniakkomputer.files.wordpress.com/2008/04/kunci_
                    jawaban_uan_sma_ipa_ips_2008.pdf
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: high
         Component: general
        AssignedTo: poppler-bugs at lists.freedesktop.org
        ReportedBy: mkaplan at finjan.com


The 0.9.3 poppler pdftotext utility crahses with the following stack trace:
Program terminated with signal 6, Aborted.
#0  0xb7b84947 in raise () from /lib/tls/libc.so.6
(gdb) bt
#0  0xb7b84947 in raise () from /lib/tls/libc.so.6
#1  0xb7b860c9 in abort () from /lib/tls/libc.so.6
#2  0xb7bb9fda in __fsetlocking () from /lib/tls/libc.so.6
#3  0xb7bc189f in mallopt () from /lib/tls/libc.so.6
#4  0xb7bc1942 in free () from /lib/tls/libc.so.6
#5  0xb7ed3c74 in ~GooString (this=0x0) at GooString.cc:237
#6  0xb7e98779 in ~OptionalContentGroup (this=0x0) at OptionalContent.cc:322
#7  0xb7e98834 in ~OCGs (this=0x805e4c0) at OptionalContent.cc:143
#8  0xb7e3e2ea in ~Catalog (this=0x805e008) at Catalog.cc:243
#9  0xb7e9f263 in ~PDFDoc (this=0x805db88) at PDFDoc.cc:256
#10 0x0804998e in main (argc=Cannot access memory at address 0x1
) at pdftotext.cc:312

This crash is a result of deleting in OptionalContentGroup destructor variable
m_name , which was not initialized (nor in constructor, not in other place).
Below please find proposed patch, which solves the problem.

--- poppler/OptionalContent.orig.cc     2008-10-08 14:26:37.000000000 +0000
+++ poppler/OptionalContent.cc  2008-10-08 14:28:22.000000000 +0000
@@ -284,7 +284,7 @@

 //------------------------------------------------------------------------

-OptionalContentGroup::OptionalContentGroup(Dict *ocgDict, XRef *xrefA)
+OptionalContentGroup::OptionalContentGroup(Dict *ocgDict, XRef *xrefA) :
m_name(NULL)
 {
   Object ocgName;
   ocgDict->lookupNF("Name", &ocgName);


-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Poppler-bugs mailing list