[Poppler-bugs] [Bug 89422] SIGABRT in getString at Object.h:202
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Mar 4 02:45:38 PST 2015
https://bugs.freedesktop.org/show_bug.cgi?id=89422
Henri Salo <henri+freedesktop at nerv.fi> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |henri+freedesktop at nerv.fi
--- Comment #1 from Henri Salo <henri+freedesktop at nerv.fi> ---
Attached sample file crashes e.g. pdfinfo. Sample file is fuzzed with AFL
http://lcamtuf.coredump.cx/afl/
(gdb) bt
#0 0x00007ffff60d0165 in *__GI_raise (sig=<optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007ffff60d33e0 in *__GI_abort () at abort.c:92
#2 0x00000000006c8d62 in getString (this=<optimized out>) at Object.h:202
#3 StandardSecurityHandler::StandardSecurityHandler (this=0xac33e0,
docA=<optimized out>, encryptDictA=<optimized out>) at SecurityHandler.cc:292
#4 0x00000000006c9ee3 in SecurityHandler::make (docA=0xac2ea0,
encryptDictA=0x7fffffffe160) at SecurityHandler.cc:56
#5 0x0000000000609afd in PDFDoc::checkEncryption (this=this at entry=0xac2ea0,
ownerPassword=ownerPassword at entry=0x0, userPassword=userPassword at entry=0x0) at
PDFDoc.cc:425
#6 0x0000000000617016 in PDFDoc::setup (this=this at entry=0xac2ea0,
ownerPassword=ownerPassword at entry=0x0, userPassword=userPassword at entry=0x0) at
PDFDoc.cc:276
#7 0x00000000006177c0 in PDFDoc::PDFDoc (this=0xac2ea0, fileNameA=<optimized
out>, ownerPassword=0x0, userPassword=0x0, guiDataA=<optimized out>) at
PDFDoc.cc:166
#8 0x00000000007e2a89 in LocalPDFDocBuilder::buildPDFDoc (this=<optimized
out>, uri=..., ownerPassword=0x0, userPassword=0x0, guiDataA=0x0) at
LocalPDFDocBuilder.cc:31
#9 0x0000000000409476 in main (argc=2, argv=0x7fffffffe588) at pdfinfo.cc:185
#10 0x00007ffff60bcead in __libc_start_main (main=<optimized out>,
argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>,
fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe578) at
libc-start.c:244
#11 0x000000000040bcc5 in _start ()
frame 2
(gdb) list
197
198 // Note: integers larger than 2^53 can not be exactly represented by
a double.
199 // Where the exact value of integers up to 2^63 is required, use
isInt64()/getInt64().
200 double getNum() { OBJECT_3TYPES_CHECK(objInt, objInt64, objReal);
201 return type == objInt ? (double)intg : type == objInt64 ?
(double)int64g : real; }
202 GooString *getString() { OBJECT_TYPE_CHECK(objString); return string;
}
203 // After takeString() the only method that should be called for the
object is free()
204 // because the object it's not expected to have a NULL string.
205 GooString *takeString() {
206 OBJECT_TYPE_CHECK(objString); GooString *s = string; string = NULL;
return s; }
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/poppler-bugs/attachments/20150304/0ee7927f/attachment-0001.html>
More information about the Poppler-bugs
mailing list