[Poppler-bugs] [Bug 96027] New: poppler-0.44.0: stack overflow while rending with pdftohtml (3)
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Tue May 24 20:07:17 UTC 2016
https://bugs.freedesktop.org/show_bug.cgi?id=96027
Bug ID: 96027
Summary: poppler-0.44.0: stack overflow while rending with
pdftohtml (3)
Product: poppler
Version: unspecified
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: pdftohtml
Assignee: poppler-bugs at lists.freedesktop.org
Reporter: legarrec.vincent at gmail.com
Hi, while fuzzing, pdftohtml crashes with invalid pdf (file enclosed) with
poppler-0.43.0 and poppler-0.44.0.
Libpoppler runs into infinity loop. I don't know if it's stack overflow but the
stack looks broken so probably.
Output :
…
Syntax Error (1712): Illegal character <2f> in hex string
Syntax Error (1713): Illegal character <49> in hex string
Syntax Error (1714): Illegal character <6e> in hex string
Syntax Error (1716): Illegal character <6f> in hex string
Syntax Error (1723): Illegal character <52> in hex string
Syntax Error (1725): Illegal character <2f> in hex string
Syntax Error (1726): Illegal character <49> in hex string
Syntax Error (1729): Illegal character <5b> in hex string
Syntax Error (1731): Illegal character <3c> in hex string
Syntax Error (1734): Illegal character <54> in hex string
Syntax Error (1764): Missing 'endstream' or incorrect stream length
Syntax Error (957): Dictionary key must be a name object
Syntax Error (959): Dictionary key must be a name object
gdb output :
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7a20fcd in gfree (p=0xbd4c60) at gmem.cc:289
289 if (p) {
(gdb) bt
#0 0x00007ffff7a20fcd in gfree (p=0xbd4c60) at gmem.cc:289
#1 0x00007ffff78874d8 in Object::free (this=0xbd2068) at Object.cc:158
#2 0xffffffffffd58ad0 in ?? ()
#3 0x0000000000000007 in ?? ()
#4 0x0000000000000007 in ?? ()
#5 0x0000000000bd4c60 in ?? ()
#6 0x0000000000000002 in ?? ()
#7 0x0000000000000000 in ?? ()
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20160524/1ca98c3f/attachment.html>
More information about the Poppler-bugs
mailing list