[Poppler-bugs] [Bug 97149] New: pdfsig: Segfault in ~SignatureHandler / double-free

Sat Jul 30 17:17:39 UTC 2016

https://bugs.freedesktop.org/show_bug.cgi?id=97149

            Bug ID: 97149
           Summary: pdfsig: Segfault in ~SignatureHandler / double-free
           Product: poppler
           Version: unspecified
          Hardware: x86-64 (AMD64)
                OS: Linux (All)
            Status: NEW
          Severity: minor
          Priority: medium
         Component: utils
          Assignee: poppler-bugs at lists.freedesktop.org
          Reporter: freedesktop at michael-joost.de

pdfsig (from poppler-0.45) results in a segfault on any signed PDF document
(e.g. the BUDGET-2015-BUD.pdf from gpo.gov).
Reason is a double-destroy of a certificate in the destructor of
SignatureHandler.

The segfault only comes to effect if nspr(-4.12) is compiled for DEBUG, which,
sadly, is its default setting. The debug version of nspr causes freed memory to
be filled with a 0xDA pattern, and the second destroy's acccess to this in
nss(-3.25) fails. The release version, without the pattern, is somehow able to
recover from the double-destroy.

Switching between release/debug configs of a component, or any of its
dependencies, should only impact non-functional aspects (such as performance),
but never the functional behavior.

See also:

https://lists.freedesktop.org/archives/poppler/2016-July/011913.html
(and thread)

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/NSPR_build_instructions

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20160730/34579d47/attachment.html>