[Poppler-bugs] [Bug 29189] New: Fails to parse PDF with damaged internal structure

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Jul 21 04:50:57 PDT 2010 

https://bugs.freedesktop.org/show_bug.cgi?id=29189

           Summary: Fails to parse PDF with damaged internal structure
           Product: poppler
           Version: unspecified
          Platform: Other
        OS/Version: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
        AssignedTo: poppler-bugs at lists.freedesktop.org
        ReportedBy: igorenbein at finjan.com


Created an attachment (id=37264)
 --> (https://bugs.freedesktop.org/attachment.cgi?id=37264)
patch

Hello,

I using poppler version 0.12.4. Recently I investigated a malicious PDF file
(this is the reason why I can't supply a sample). One of the problems I
encountered was failure to open a PDF by poppler. The PDF file contained a
static (old style) xref table. At PDFDoc::setup (poppler/PDFDoc.cc file)
function we have:

 xref = new XRef(str);
 ...
 catalog = new Catalog(xref);

At XRef constructor we have two flows:
1). Read static xref table
2). If something failed at 1), run dynamic build of XRef. (more expensive
procedure)

If the XRef was build OK by flow #1 (statically read from xref) the code will
continue to create the Catalog. At Catalog constructor we have two "failure"
flows:

1). If Catalog dictionary was not fetched properly
2). If Pages dictionary was not fetched properly (this is the reason why my
file failed to open)

Both could happen after the XRef was constructed, which could be problematic.

For example: xref table was build staticaly. If objects, in PDF file, are not
enumerated properly and "Pages" dictionary is expected at object 3 (3 0), but
object 2 (2 0) is missing (condition obj1.getInt() == num at poppler/XRef.cc
XRef::fetch(...) function will fail).

For this reason I added a fallback functionality patch.
According to the patch we, only once, will try to reconstruct XRef dynamically
iff Catalog construction fails and XRef was constructed statically.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Poppler-bugs mailing list