[Poppler-bugs] [Bug 96217] New: poppler-0.44.0: infinity loop: Syntax Error (448): Dictionary key must be a name object / Bad 'Length' attribute in stream
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed May 25 18:21:01 UTC 2016
https://bugs.freedesktop.org/show_bug.cgi?id=96217
Bug ID: 96217
Summary: poppler-0.44.0: infinity loop: Syntax Error (448):
Dictionary key must be a name object / Bad 'Length'
attribute in stream
Product: poppler
Version: unspecified
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: general
Assignee: poppler-bugs at lists.freedesktop.org
Reporter: legarrec.vincent at gmail.com
Dear,
Now that all crashes found by afl are solved (thanks :)), there's lots of pdf
that run into infinity (?) loop.
The infinity loop comes after that the recursion of Parser::makeStream have the
number 500.
output:
…
Syntax Error (482): Bad 'Filter' attribute in stream
Syntax Error (482): Bad 'Filter' attribute in stream
Syntax Error (482): Bad 'Filter' attribute in stream
Syntax Error (482): Bad 'Length' attribute in stream
Syntax Error (448): Dictionary key must be a name object
Syntax Error (448): Dictionary key must be a name object
Syntax Error (448): Dictionary key must be a name object
Syntax Error (448): Dictionary key must be a name object
Syntax Error (482): Bad 'Length' attribute in stream
Syntax Error (482): Bad 'Filter' attribute in stream
Syntax Error (482): Bad 'Length' attribute in stream
Syntax Error (448): Dictionary key must be a name object
Syntax Error (482): Bad 'Length' attribute in stream
Syntax Error (482): Bad 'Filter' attribute in stream
Syntax Error (482): Bad 'Filter' attribute in stream
Syntax Error (482): Bad 'Length' attribute in stream
Syntax Error (448): Dictionary key must be a name object
…
gdb output:
#0 0x00007ffff7a1f930 in __afl_maybe_log () from
/home/legarrec/info/programmation/tmp/poppler-0.44.0/poppler/.libs/libpoppler.so.61
#1 0x00007ffff7a16162 in GooString::append (this=0x74d980, c=108 'l') at
GooString.cc:275
#2 0x000000000000006c in ?? ()
#3 0x0000000000000002 in ?? ()
#4 0x000000000074d980 in ?? ()
#5 0x000000000074d980 in ?? ()
#6 0x00007ffffffbcce0 in ?? ()
#7 0x00007ffff7a15e2e in memcpy (__len=7, __src=0x7ffff7da9e20 <vtable for
FileStream+16>, __dest=<optimized out>) at /usr/include/bits/string3.h:53
#8 GooString::append (this=0x1e2, this at entry=0x74d980, str=0x7ffff7da9e20
<vtable for FileStream+16> "\300\207\214\367\377\177", str at entry=0x7ffffffbcb7c
"i", lengthA=7, lengthA at entry=1) at GooString.cc:288
#9 0x00007ffff7a16190 in GooString::append (this=this at entry=0x74d980, c=105
'i') at GooString.cc:276
#10 0x00007ffff76f4967 in error (category=category at entry=errSyntaxError,
pos=482, msg=msg at entry=0x7ffff7b2fd98 "Bad 'Filter' attribute in stream") at
Error.cc:80
#11 0x00007ffff78e9f69 in Stream::addFilters (this=this at entry=0x74e1e0,
dict=dict at entry=0x7ffffffbcf80, recursion=recursion at entry=499) at Stream.cc:207
#12 0x00007ffff789dbbe in Parser::makeStream (this=this at entry=0x74df10,
dict=dict at entry=0x7ffffffbcf80, fileKey=fileKey at entry=0x0,
encAlgorithm=encAlgorithm at entry=(cryptAES256 | unknown: 774974788),
keyLength=keyLength at entry=-1020982732, objNum=objNum at entry=6, objGen=0,
recursion=499, strict=false) at Parser.cc:277
#13 0x00007ffff789e8cc in Parser::getObj (this=this at entry=0x74df10,
obj=obj at entry=0x7ffffffbcf80, simpleOnly=simpleOnly at entry=false, fileKey=0x0,
encAlgorithm=(cryptAES256 | unknown: 774974788),
keyLength=keyLength at entry=-1020982732, objNum=6, objGen=0, recursion=498,
strict=false) at Parser.cc:131
#14 0x00007ffff7936bb1 in XRef::fetch (this=0x678140, num=<optimized out>,
gen=<optimized out>, obj=0x7ffffffbcf80, obj at entry=0x6,
recursion=recursion at entry=498) at XRef.cc:1210
#15 0x00007ffff7887344 in Object::fetch (this=<optimized out>, xref=<optimized
out>, obj=obj at entry=0x6, recursion=recursion at entry=498) at Object.cc:122
#16 0x00007ffff76f0ccd in Dict::lookup (this=<optimized out>,
key=key at entry=0x7ffff7b2ff67 "F", obj=0x6, obj at entry=0x7ffffffbcf80,
recursion=recursion at entry=498) at Dict.cc:261
#17 0x00007ffff78ea34d in Object::dictLookup (this=0x7ffffffbd250,
this=0x7ffffffbd250, recursion=498, obj=0x7ffffffbcf80, key=0x7ffff7b2ff67 "F")
at Object.h:330
#18 Stream::addFilters (this=this at entry=0x74da30,
dict=dict at entry=0x7ffffffbd250, recursion=recursion at entry=498) at Stream.cc:181
#19 0x00007ffff789dbbe in Parser::makeStream (this=this at entry=0x74d700,
dict=dict at entry=0x7ffffffbd250, fileKey=fileKey at entry=0x0,
encAlgorithm=encAlgorithm at entry=(cryptAES256 | unknown: 774974788),
keyLength=keyLength at entry=-1020982732, objNum=objNum at entry=6, objGen=0,
recursion=498, strict=false) at Parser.cc:277
#20 0x00007ffff789e8cc in Parser::getObj (this=this at entry=0x74d700,
obj=obj at entry=0x7ffffffbd250, simpleOnly=simpleOnly at entry=false, fileKey=0x0,
encAlgorithm=(cryptAES256 | unknown: 774974788),
keyLength=keyLength at entry=-1020982732, objNum=6, objGen=0, recursion=497,
strict=false) at Parser.cc:131
#21 0x00007ffff7936bb1 in XRef::fetch (this=0x678140, num=<optimized out>,
gen=<optimized out>, obj=0x7ffffffbd250, obj at entry=0x6,
recursion=recursion at entry=497) at XRef.cc:1210
#22 0x00007ffff7887344 in Object::fetch (this=<optimized out>, xref=<optimized
out>, obj=obj at entry=0x6, recursion=recursion at entry=497) at Object.cc:122
#23 0x00007ffff76f0ccd in Dict::lookup (this=<optimized out>,
key=key at entry=0x7ffff7b15f2d "Length", obj=0x6, obj at entry=0x7ffffffbd250,
recursion=recursion at entry=497) at Dict.cc:261
#24 0x00007ffff789d427 in Object::dictLookup (key=0x7ffff7b15f2d "Length",
this=0x7ffffffbd450, this=0x7ffffffbd450, recursion=497, obj=0x7ffffffbd250) at
Object.h:330
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20160525/7117e51c/attachment.html>
More information about the Poppler-bugs
mailing list