[Poppler-bugs] [Bug 97598] New: segfault which is triggered by integer overflow optimizations

Mon Sep 5 09:59:20 UTC 2016

https://bugs.freedesktop.org/show_bug.cgi?id=97598

            Bug ID: 97598
           Summary: segfault which is triggered by integer overflow
                    optimizations
           Product: poppler
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: poppler-bugs at lists.freedesktop.org
          Reporter: hanno at hboeck.de

Created attachment 126217
  --> https://bugs.freedesktop.org/attachment.cgi?id=126217&action=edit
crash example (only with clang)

The attached file can segfault pdftops, but only when compiled with clang.

Test:
./configure CC=clang CXX=clang++; make; utils/pdftops [path_to_file]

This file triggers a signed integer overflow in FoFriTrueType.cc:
FoFiTrueType.cc:1362:26: runtime error: signed integer overflow: 1513436929 +
1846544308 cannot be represented in type 'int'

And also another bug earlier where a value too large for a certain type gets
assigned:
XRef.cc:1212:50: runtime error: load of value 3200171710, which is not a valid
value for type 'CryptAlgorithm'

(these two can be found by compiling with -fsanitize=undefined in
CFLAGS/CXXFLAGS/LDFLAGS - this also works with both clang/gcc)

This undefined behavior is very likely the reason for the different behaviors
of gcc and clang here. The compiler can optimize the code in a way that
"exploits" the fact that undefined behavior is not allowed to occur.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20160905/fa354d79/attachment.html>