[Poppler-bugs] [Bug 62905] New: Crash when setting dash pattern
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri Mar 29 06:34:48 PDT 2013
https://bugs.freedesktop.org/show_bug.cgi?id=62905
Priority: medium
Bug ID: 62905
Assignee: poppler-bugs at lists.freedesktop.org
Summary: Crash when setting dash pattern
Severity: normal
Classification: Unclassified
OS: All
Reporter: mkasik at redhat.com
Hardware: Other
Status: NEW
Version: unspecified
Component: cairo backend
Product: poppler
Created attachment 77209
--> https://bugs.freedesktop.org/attachment.cgi?id=77209&action=edit
pdf which crashes poppler
Attached PDF crashes poppler. It crashes because fillToStrokePathClip() tries
to to call cairo_set_dash() with non-zero "num_dashes" but with NULL "dashes".
The code of fillToStrokePathClip() relies on consistency of cairo's dash
pattern with the dash pattern stored in strokePathClip->dashes and length of
cairo's dash pattern with strokePathClip->dash_count.
But the attached PDF breaks this consistency, it makes poppler to call
fillToStrokePathClip() after change of cairo's dash pattern but without update
of strokePathClip->dashes.
There are 2 possible solutions for this:
1) don't update strokePathClip->dash_count just before cairo_set_dash() in
fillToStrokePathClip()
- honour what we already have in strokePathClip->dash*
2) don't set dash pattern by cairo_set_dash() in fillToStrokePathClip() at all
- honour what we already have in cairo
The PDF doesn't have correct xref and lengths of streams because it was edited
manually but this doesn't cause the crash.
This was originally reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=928231 (contains link to the
original PDF)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/poppler-bugs/attachments/20130329/fbb962e6/attachment.html>
More information about the Poppler-bugs
mailing list