[Poppler-bugs] [Bug 28406] poppler crashes under certain pdf file
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Jun 7 23:32:56 PDT 2010
https://bugs.freedesktop.org/show_bug.cgi?id=28406
--- Comment #9 from Ilya Gorenbein <igorenbein at finjan.com> 2010-06-07 23:32:56 PDT ---
I would not start the debates about the gcc version 4.2.3. I just like to show
you the problematic flow of the code.
According to your results we have:
if (70000128 >= 67108864) {
error(-1, "Invalid 'obj' parameters.");
return gFalse;
}
So, if newSize is less than 67108864 we continue to the:
entries = (XRefEntry *)greallocn(entries, newSize, sizeof(XRefEntry));
Number 70000000 was readen from the file. You can manually update it to
60000000. In this case newSize = 60000256 and sizeof(XRefEntry) = 32.
Which leads to allocation of 60000256 * 32 = 1920008192 bytes of memory ~1.8Gb.
This or less amount of memory is not neccessary available. So, we will have an
"Out of memory" message with possible exit(1) (if checkoverflow=false).
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Poppler-bugs
mailing list