[Poppler-bugs] [Bug 43279] New: Segmentation fault in poppler-0.18.1/poppler/Parser.cc:93

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sun Nov 27 11:26:41 PST 2011 

https://bugs.freedesktop.org/show_bug.cgi?id=43279

             Bug #: 43279
           Summary: Segmentation fault in
                    poppler-0.18.1/poppler/Parser.cc:93
    Classification: Unclassified
           Product: poppler
           Version: unspecified
          Platform: x86-64 (AMD64)
        OS/Version: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
        AssignedTo: poppler-bugs at lists.freedesktop.org
        ReportedBy: adf54877ac0d at d010e11bb9be.anonbox.net


Created attachment 53887
  --> https://bugs.freedesktop.org/attachment.cgi?id=53887
PDF that causes segfault

A PDF with a lot of "[" inside page description causing parser to crash with
segfault. Reproduce with attached PDF and xpdf or evince. 


GNU gdb (Gentoo 7.2 p1) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>...
Reading symbols from /usr/bin/xpdf...done.
(gdb) r  lzwbomb_91_1__xpdf_segfault.pdf
Starting program: /usr/bin/xpdf lzwbomb_91_1__xpdf_segfault.pdf

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff69d8696 in _int_malloc (av=0x7ffff6cc1e80, bytes=2) at malloc.c:4249
4249    malloc.c: No such file or directory.
        in malloc.c
(gdb) backtrace
#0  0x00007ffff69d8696 in _int_malloc (av=0x7ffff6cc1e80, bytes=2) at
malloc.c:4249
#1  0x00007ffff69db010 in __libc_malloc (bytes=2) at malloc.c:3660
#2  0x00007ffff79eeecb in gmalloc (size=2, checkoverflow=false)
    at
/var/tmp/portage/app-text/poppler-0.18.1/work/poppler-0.18.1/goo/gmem.cc:110
#3  0x00007ffff79eef38 in gmalloc (size=2) at
/var/tmp/portage/app-text/poppler-0.18.1/work/poppler-0.18.1/goo/gmem.cc:120
#4  0x00007ffff79ef394 in copyString (s=0x764e99 "[")
    at
/var/tmp/portage/app-text/poppler-0.18.1/work/poppler-0.18.1/goo/gmem.cc:316
#5  0x00007ffff7aa36cc in Object::initCmd (this=0x70dba8, cmdA=0x764e99 "[")
    at
/var/tmp/portage/app-text/poppler-0.18.1/work/poppler-0.18.1/poppler/Object.h:140
#6  0x00007ffff7aa311b in Lexer::getObj (this=0x764e70, obj=0x70dba8,
objNum=-1)
    at
/var/tmp/portage/app-text/poppler-0.18.1/work/poppler-0.18.1/poppler/Lexer.cc:464
#7  0x00007ffff7ab37ea in Parser::shift (this=0x70db80, objNum=-1)
    at
/var/tmp/portage/app-text/poppler-0.18.1/work/poppler-0.18.1/poppler/Parser.cc:277
#8  0x00007ffff7ab2cf4 in Parser::getObj (this=0x70db80, obj=0x7fffff7ff2a0,
fileKey=0x0, encAlgorithm=cryptRC4, keyLength=0,
    objNum=0, objGen=0, fetchOriginatorNums=0x7fffffffcfa0)
    at
/var/tmp/portage/app-text/poppler-0.18.1/work/poppler-0.18.1/poppler/Parser.cc:89
#9  0x00007ffff7ab2d4e in Parser::getObj (this=0x70db80, obj=0x7fffff7ff360,
fileKey=0x0, encAlgorithm=cryptRC4, keyLength=0,
    objNum=0, objGen=0, fetchOriginatorNums=0x7fffffffcfa0)
    at
/var/tmp/portage/app-text/poppler-0.18.1/work/poppler-0.18.1/poppler/Parser.cc:93
#10 0x00007ffff7ab2d4e in Parser::getObj (this=0x70db80, obj=0x7fffff7ff420,
fileKey=0x0, encAlgorithm=cryptRC4, keyLength=0,
    objNum=0, objGen=0, fetchOriginatorNums=0x7fffffffcfa0)
    at
/var/tmp/portage/app-text/poppler-0.18.1/work/poppler-0.18.1/poppler/Parser.cc:93
#11 0x00007ffff7ab2d4e in Parser::getObj (this=0x70db80, obj=0x7fffff7ff4e0,
fileKey=0x0, encAlgorithm=cryptRC4, keyLength=0,
    objNum=0, objGen=0, fetchOriginatorNums=0x7fffffffcfa0)
    at
/var/tmp/portage/app-text/poppler-0.18.1/work/poppler-0.18.1/poppler/Parser.cc:93
#12 0x00007ffff7ab2d4e in Parser::getObj (this=0x70db80, obj=0x7fffff7ff5a0,
fileKey=0x0, encAlgorithm=cryptRC4, keyLength=0,
    objNum=0, objGen=0, fetchOriginatorNums=0x7fffffffcfa0)
    at
/var/tmp/portage/app-text/poppler-0.18.1/work/poppler-0.18.1/poppler/Parser.cc:93
...
[thousands of recursions]

Maybe end of Stack is reached.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Poppler-bugs mailing list