[Poppler-bugs] [Bug 17688] New: pdftotext crashes in Goo library (GooString
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sun Sep 21 01:13:03 PDT 2008
http://bugs.freedesktop.org/show_bug.cgi?id=17688
Summary: pdftotext crashes in Goo library (GooString
Product: poppler
Version: unspecified
Platform: Other
OS/Version: All
Status: NEW
Severity: critical
Priority: high
Component: general
AssignedTo: poppler-bugs at lists.freedesktop.org
ReportedBy: mkaplan at finjan.com
Created an attachment (id=19049)
--> (http://bugs.freedesktop.org/attachment.cgi?id=19049)
crash.pdf
pdftotext generates SEGFAULT on the lot of files (one example is attached) as
result of the totally unsafe code of GooString class (goo/GooString.cc). This
calls methods never make sanity checks of their argument(s) value. As result,
passing a zero value pointer is followed by SEGFAULT.
Adding of simple sanity checks solve the problem.
Core was generated by `pdftotext /tmp/crash/Steve Reich-African
Polyrhythms.pdf'.
Program terminated with signal 11, Segmentation fault.
#0 0xb7efce05 in GooString (this=0x8084d30, str=0x0) at GooString.cc:183
183 Set(str->getCString(), str->length);
(gdb) bt
#0 0xb7efce05 in GooString (this=0x8084d30, str=0x0) at GooString.cc:183
#1 0xb7ebfa45 in Movie::parseAnnotMovie (this=0x80ab2a8, annot=0x8084c30) at
../goo/GooString.h:46
#2 0xb7e5bf55 in AnnotMovie (this=0x8084c30, xrefA=0x805c718, dict=0x807af00,
catalog=0x805c788, obj=0xbf9d5f94) at Annot.cc:3019
#3 0xb7e5f60f in Annots::createAnnot (this=0x80adf60, xref=0x805c718,
dict=0x807af00, catalog=0x805c788, obj=0xbf9d5f94)
at Annot.cc:3392
#4 0xb7e5f971 in Annots (this=0x80adf60, xref=0x805c718, catalog=0x805c788,
annotsObj=0xbf9d603c) at Annot.cc:3333
#5 0xb7ec54b6 in Page::displaySlice (this=0x805f378, out=0x805d5e8, hDPI=72,
vDPI=72, rotate=0, useMediaBox=1, crop=0, sliceX=-1,
sliceY=-1, sliceW=-1, sliceH=-1, printing=0, catalog=0x805c788,
abortCheckCbk=0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0,
annotDisplayDecideCbkData=0x0) at Page.cc:421
#6 0xb7ec5685 in Page::display (this=0x805f378, out=0x805d5e8, hDPI=72,
vDPI=72, rotate=0, useMediaBox=1, crop=0, printing=0,
catalog=0x805c788, abortCheckCbk=0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0, annotDisplayDecideCbkData=0x0) at Page.cc:344
#7 0xb7ec824e in PDFDoc::displayPage (this=0x805c438, out=0x805d5e8, page=9,
hDPI=72, vDPI=72, rotate=0, useMediaBox=1, crop=0,
printing=0, abortCheckCbk=0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0, annotDisplayDecideCbkData=0x0) at PDFDoc.cc:373
#8 0xb7ec82ea in PDFDoc::displayPages (this=0x805c438, out=0x805d5e8,
firstPage=1, lastPage=20, hDPI=72, vDPI=72, rotate=0,
useMediaBox=1, crop=0, printing=0, abortCheckCbk=0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0, annotDisplayDecideCbkData=0x0)
at PDFDoc.cc:388
#9 0x080497e7 in main (argc=Cannot access memory at address 0x1
) at pdftotext.cc:248
(gdb) bt full
#0 0xb7efce05 in GooString (this=0x8084d30, str=0x0) at GooString.cc:183
No locals.
#1 0xb7ebfa45 in Movie::parseAnnotMovie (this=0x80ab2a8, annot=0x8084c30) at
../goo/GooString.h:46
No locals.
#2 0xb7e5bf55 in AnnotMovie (this=0x8084c30, xrefA=0x805c718, dict=0x807af00,
catalog=0x805c788, obj=0xbf9d5f94) at Annot.cc:3019
No locals.
#3 0xb7e5f60f in Annots::createAnnot (this=0x80adf60, xref=0x805c718,
dict=0x807af00, catalog=0x805c788, obj=0xbf9d5f94)
at Annot.cc:3392
typeName = (GooString *) 0x8079740
annot = <value optimized out>
obj1 = {type = objName, {booln = 134604256, intg = 134604256, real =
195.23999406005805, string = 0x805e5e0,
name = 0x805e5e0 "Movie", array = 0x805e5e0, dict = 0x805e5e0, stream =
0x805e5e0, ref = {num = 134604256, gen = 1080584110},
cmd = 0x805e5e0 "Movie"}}
#4 0xb7e5f971 in Annots (this=0x80adf60, xref=0x805c718, catalog=0x805c788,
annotsObj=0xbf9d603c) at Annot.cc:3333
No locals.
#5 0xb7ec54b6 in Page::displaySlice (this=0x805f378, out=0x805d5e8, hDPI=72,
vDPI=72, rotate=0, useMediaBox=1, crop=0, sliceX=-1,
sliceY=-1, sliceW=-1, sliceH=-1, printing=0, catalog=0x805c788,
abortCheckCbk=0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0,
annotDisplayDecideCbkData=0x0) at Page.cc:421
gfx = (Gfx *) 0x805d190
obj = {type = objArray, {booln = 134719568, intg = 134719568, real =
3.4018492965815731e-313, string = 0x807a850,
name = 0x807a850 "\030?\005\b@\224\a\b\b", array = 0x807a850, dict =
0x807a850, stream = 0x807a850, ref = {num = 134719568,
gen = 16}, cmd = 0x807a850 "\030?\005\b@\224\a\b\b"}}
annotList = (Annots *) 0x80adf60
i = <value optimized out>
#6 0xb7ec5685 in Page::display (this=0x805f378, out=0x805d5e8, hDPI=72,
vDPI=72, rotate=0, useMediaBox=1, crop=0, printing=0,
catalog=0x805c788, abortCheckCbk=0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0, annotDisplayDecideCbkData=0x0) at Page.cc:344
No locals.
#7 0xb7ec824e in PDFDoc::displayPage (this=0x805c438, out=0x805d5e8, page=9,
hDPI=72, vDPI=72, rotate=0, useMediaBox=1, crop=0,
printing=0, abortCheckCbk=0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0, annotDisplayDecideCbkData=0x0) at PDFDoc.cc:373
No locals.
#8 0xb7ec82ea in PDFDoc::displayPages (this=0x805c438, out=0x805d5e8,
firstPage=1, lastPage=20, hDPI=72, vDPI=72, rotate=0,
useMediaBox=1, crop=0, printing=0, abortCheckCbk=0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0, annotDisplayDecideCbkData=0x0)
at PDFDoc.cc:388
page = 10
#9 0x080497e7 in main (argc=Cannot access memory at address 0x1
) at pdftotext.cc:248
doc = (PDFDoc *) 0x805c438
fileName = (GooString *) 0x804c008
textFileName = (GooString *) 0x80732e0
ownerPW = (GooString *) 0x0
userPW = <value optimized out>
textOut = (class TextOutputDev *) 0x805d5e8
f = <value optimized out>
uMap = (UnicodeMap *) 0x805c2b8
info = {type = objNone, {booln = 0, intg = 0, real =
-4.427991043389276e-39, string = 0x0, name = 0x0, array = 0x0, dict = 0x0,
stream = 0x0, ref = {num = 0, gen = -1208476744}, cmd = 0x0}}
ok = <value optimized out>
p = <value optimized out>
exitCode = <value optimized out>
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Poppler-bugs
mailing list