[Poppler-bugs] [Bug 84988] New: Segfault in TextOutputDev.cc:478

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Oct 14 04:30:05 PDT 2014 

https://bugs.freedesktop.org/show_bug.cgi?id=84988

            Bug ID: 84988
           Summary: Segfault in TextOutputDev.cc:478
           Product: poppler
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: poppler-bugs at lists.freedesktop.org
          Reporter: ravdune at gmail.com

Created attachment 107817
  --> https://bugs.freedesktop.org/attachment.cgi?id=107817&action=edit
Crash reproduction PDFs as described

All tests done in master. They all fail the same way, was not sure if they all
were the same bug or not, seems like a parser/lexer bug. Attached the following
files to TextOutputDev-478-crashes.zip

* 238-fuzz-10.pdf
* 257-fuzz-19.pdf
* 427-fuzz-11.pdf
* 476-fuzz-8.pdf
* 579-fuzz-6.pdf

#########################################

(gdb) run ~/238-fuzz-10.pdf /dev/null
Segmentation fault (core dumped)

gdb info:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7add4f1 in primaryCmp (word=0x1000000005, this=0x725ef0) at
TextOutputDev.cc:478
478         cmp = xMin - word->xMin;

#########################################

(gdb) run ~/257-fuzz-19.pdf /dev/null
... <snipped lot of errors>
Syntax Error (123860): Illegal character <74> in hex string
Syntax Error (123861): Illegal character <68> in hex string
Syntax Error (123862): Illegal character <6f> in hex string
Syntax Error (123863): Illegal character <72> in hex string
Syntax Error (6734): Illegal character ')'
Syntax Error (6738): Illegal character ')'
Syntax Error: Unterminated string
Syntax Error: End of file inside array
Syntax Error: Leftover args in content stream
Segmentation fault (core dumped)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7add4f1 in primaryCmp (word=0x63c363ab6394637c, this=0x697590) at
TextOutputDev.cc:478
478         cmp = xMin - word->xMin;

#########################################

(gdb) run ~/427-fuzz-11.pdf
... <snipped lot of errors>
Syntax Error (17835): Illegal character <2b> in hex string
Syntax Error (17836): Illegal character <4a> in hex string
Syntax Error (17837): Dictionary key must be a name object
Syntax Error (17839): Dictionary key must be a name object
Syntax Error (17862): Dictionary key must be a name object
Syntax Error (17875): Dictionary key must be a name object
Syntax Error (17875): Illegal character '}'
Syntax Error (17875): Dictionary key must be a name object
Syntax Error (17896): Dictionary key must be a name object
Syntax Error (17900): Dictionary key must be a name object
Syntax Error (17907): Dictionary key must be a name object
Syntax Error (17907): Illegal character '}'
Syntax Error (181): XObject 'Im1' is wrong type
Segmentation fault (core dumped)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7add4f1 in primaryCmp (word=0x9f000800170008, this=0x645b50) at
TextOutputDev.cc:478
478         cmp = xMin - word->xMin;

#########################################

(gdb) run ~/476-fuzz-8.pdf /dev/null
Syntax Error (3232): Dictionary key must be a name object
Syntax Error: font resource is not a dictionary
Syntax Error: font resource is not a dictionary

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7add4f1 in primaryCmp (word=0x5ddf5dcb5db65da2, this=0x655160) at
TextOutputDev.cc:478
478         cmp = xMin - word->xMin;

#########################################

(gdb) run ~/579-fuzz-6.pdf /dev/null
Syntax Error (384798): Illegal character ')'
Syntax Error: Couldn't find trailer dictionary
Syntax Error (15048): Illegal character ')'
Syntax Error (15057): Arg #0 to 'Tj' operator is wrong type (error)
Syntax Error (15062): Unknown operator ':ti0.02'
Syntax Error (15064): Unknown operator 'ii'
Syntax Error (15066): Too few (0) args to 'v' operator

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7add4f1 in primaryCmp (word=0xfa, this=0x667a80) at
TextOutputDev.cc:478
478         cmp = xMin - word->xMin;

#########################################

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/poppler-bugs/attachments/20141014/b405d071/attachment.html>

More information about the Poppler-bugs mailing list