[Poppler-bugs] [Bug 67296] New: evince crashed with SIGSEGV in TextPool::addWord
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Thu Jul 25 04:09:07 PDT 2013
https://bugs.freedesktop.org/show_bug.cgi?id=67296
Priority: medium
Bug ID: 67296
Assignee: poppler-bugs at lists.freedesktop.org
Summary: evince crashed with SIGSEGV in TextPool::addWord
Severity: normal
Classification: Unclassified
OS: Linux (All)
Reporter: hoffmeister.pierre at web.de
Hardware: x86 (IA32)
Status: NEW
Version: unspecified
Component: general
Product: poppler
Created attachment 82990
--> https://bugs.freedesktop.org/attachment.cgi?id=82990&action=edit
large mediabox pdf
evince crashes with attached pdf
there is a problem handling a mediabox with values larger than int range.
poppler/poppler/TextOutputDec.cc
void TextPool::addWord(TextWord *word){
...
wordBaseIdx = (int)(word->base / textPoolStep);
...
}
that cast to int makes wordBaseIdx = INT_MIN
a possible fix is:
wordBaseIdx = ((word->base / textPoolStep) > INT_MAX ? (INT_MAX - 129) : ((int)
(word->base / textPoolStep)) );
#0 0x00007fffded4f379 in primaryCmp (word=0xd048bbe420445220,
this=0x7fffd805da60) at TextOutputDev.cc:477
#1 TextPool::addWord (this=0x7fffd80542a0, word=0x7fffd805da60) at
TextOutputDev.cc:664
#2 0x00007fffded52766 in endWord (this=0x7fffd8054160) at
TextOutputDev.cc:2415
#3 TextPage::endWord (this=0x7fffd8054160) at TextOutputDev.cc:2405
#4 0x00007fffdf3d4265 in CairoOutputDev::endPage (this=0x7fffd8048150) at
CairoOutputDev.cc:262
#5 0x00007fffdecde40f in Gfx::~Gfx (this=0x7fffd8050600, __in_chrg=<optimized
out>) at Gfx.cc:648
#6 0x00007fffded227b0 in Page::displaySlice (this=0x7fffd804eba0,
out=out at entry=0x7fffd8048150, hDPI=hDPI at entry=72, vDPI=vDPI at entry=72,
rotate=rotate at entry=0, useMediaBox=useMediaBox at entry=false,
crop=crop at entry=true, sliceX=sliceX at entry=-1, sliceY=sliceY at entry=-1,
sliceW=sliceW at entry=-1, sliceH=sliceH at entry=-1, printing=printing at entry=false,
abortCheckCbk=abortCheckCbk at entry=0x0,
abortCheckCbkData=abortCheckCbkData at entry=0x0, annotDisplayDecideCbk=0x0,
annotDisplayDecideCbkData=annotDisplayDecideCbkData at entry=0x0,
copyXRef=copyXRef at entry=false) at Page.cc:607
#7 0x00007fffdf3c9a5b in _poppler_page_render (page=0xa09b80, cairo=0xa205a0,
printing=<optimized out>, print_flags=<optimized out>)at poppler-page.cc:362
#8 0x00007fffdf5f62c0 in pdf_page_render (page=page at entry=0xa09b80, width=569,
height=569, rc=rc at entry=0x7fffd8001240) at ev-poppler.cc:412
#9 0x00007fffdf5f63f7 in pdf_document_render (document=<optimized out>,
rc=0x7fffd8001240) at ev-poppler.cc:445
#10 0x00007ffff75536c8 in ev_job_render_run (job=0x7fffd8009e00) at
ev-jobs.c:634
#11 0x00007ffff75548f2 in ev_job_thread (job=0x7fffd8009e00) at
ev-job-scheduler.c:184
#12 ev_job_thread_proxy (data=<optimized out>) at ev-job-scheduler.c:217
#13 0x00007ffff57421f5 in g_thread_proxy (data=0x9ba230) at gthread.c:798
#14 0x00007ffff7322f8e in start_thread (arg=0x7fffdffff700) at
pthread_create.c:311
#15 0x00007ffff5101e1d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/poppler-bugs/attachments/20130725/9fb7577b/attachment-0001.html>
More information about the Poppler-bugs
mailing list