[Poppler-bugs] [Bug 96027] New: poppler-0.44.0: stack overflow while rending with pdftohtml (3)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue May 24 20:07:17 UTC 2016 

https://bugs.freedesktop.org/show_bug.cgi?id=96027

            Bug ID: 96027
           Summary: poppler-0.44.0: stack overflow while rending with
                    pdftohtml (3)
           Product: poppler
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: pdftohtml
          Assignee: poppler-bugs at lists.freedesktop.org
          Reporter: legarrec.vincent at gmail.com

Hi, while fuzzing, pdftohtml crashes with invalid pdf (file enclosed) with
poppler-0.43.0 and poppler-0.44.0. 
Libpoppler runs into infinity loop. I don't know if it's stack overflow but the
stack looks broken so probably.


Output :
…
Syntax Error (1712): Illegal character <2f> in hex string
Syntax Error (1713): Illegal character <49> in hex string
Syntax Error (1714): Illegal character <6e> in hex string
Syntax Error (1716): Illegal character <6f> in hex string
Syntax Error (1723): Illegal character <52> in hex string
Syntax Error (1725): Illegal character <2f> in hex string
Syntax Error (1726): Illegal character <49> in hex string
Syntax Error (1729): Illegal character <5b> in hex string
Syntax Error (1731): Illegal character <3c> in hex string
Syntax Error (1734): Illegal character <54> in hex string
Syntax Error (1764): Missing 'endstream' or incorrect stream length
Syntax Error (957): Dictionary key must be a name object
Syntax Error (959): Dictionary key must be a name object

gdb output :
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7a20fcd in gfree (p=0xbd4c60) at gmem.cc:289
289       if (p) {
(gdb) bt
#0  0x00007ffff7a20fcd in gfree (p=0xbd4c60) at gmem.cc:289
#1  0x00007ffff78874d8 in Object::free (this=0xbd2068) at Object.cc:158
#2  0xffffffffffd58ad0 in ?? ()
#3  0x0000000000000007 in ?? ()
#4  0x0000000000000007 in ?? ()
#5  0x0000000000bd4c60 in ?? ()
#6  0x0000000000000002 in ?? ()
#7  0x0000000000000000 in ?? ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20160524/1ca98c3f/attachment.html>

More information about the Poppler-bugs mailing list