[Poppler-bugs] [Bug 101379] New: Very deep stack and long processing time in Catalog::getPage() (~30s)

Sun Jun 11 12:05:40 UTC 2017

https://bugs.freedesktop.org/show_bug.cgi?id=101379

            Bug ID: 101379
           Summary: Very deep stack and long processing time in
                    Catalog::getPage() (~30s)
           Product: poppler
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: poppler-bugs at lists.freedesktop.org
          Reporter: dudul04 at yahoo.fr

Created attachment 131873
  --> https://bugs.freedesktop.org/attachment.cgi?id=131873&action=edit
Corrupted PDF file

Stack trace on the attached corrupted PDF with :

LD_LIBRARY_PATH=poppler/.libs/ gdb --args ./utils/.libs/pdfinfo
~/oss-fuzz/build/out/gdal/./timeout-7799c4154a932bed4f4fb3b3dcf895f45acd979a

{{{
Program received signal SIGINT, Interrupt.
0x00007ffff72ec6e0 in __write_nocancel () at
../sysdeps/unix/syscall-template.S:84
84      ../sysdeps/unix/syscall-template.S: Aucun fichier ou dossier de ce
type.
(gdb) bt
#0  0x00007ffff72ec6e0 in __write_nocancel () at
../sysdeps/unix/syscall-template.S:84
#1  0x00007ffff726ebff in _IO_new_file_write (f=0x7ffff75ba540
<_IO_2_1_stderr_>, data=0x7ffffffdcf60, n=60) at fileops.c:1263
#2  0x00007ffff726f38a in new_do_write (to_do=60, data=0x7ffffffdcf60 "Syntax
Error (210515): Dictionary key must be a name object\n\377\177",
fp=0x7ffff75ba540 <_IO_2_1_stderr_>) at fileops.c:518
#3  _IO_new_file_xsputn (f=0x7ffff75ba540 <_IO_2_1_stderr_>, data=<optimized
out>, n=60) at fileops.c:1342
#4  0x00007ffff7245f94 in buffered_vfprintf (s=0x7ffff75ba540
<_IO_2_1_stderr_>, format=<optimized out>, args=<optimized out>) at
vfprintf.c:2341
#5  0x00007ffff724332d in _IO_vfprintf_internal (s=s at entry=0x7ffff75ba540
<_IO_2_1_stderr_>, format=format at entry=0x7ffff7b1d16a "%s (%lld): %s\n",
ap=ap at entry=0x7ffffffdf518) at vfprintf.c:1293
#6  0x00007ffff730bfd9 in ___fprintf_chk (fp=0x7ffff75ba540 <_IO_2_1_stderr_>,
flag=flag at entry=1, format=format at entry=0x7ffff7b1d16a "%s (%lld): %s\n") at
fprintf_chk.c:35
#7  0x00007ffff7a37f25 in fprintf (__fmt=0x7ffff7b1d16a "%s (%lld): %s\n",
__stream=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:98
#8  error (category=category at entry=errSyntaxError, pos=210515,
msg=msg at entry=0x7ffff7b2f3c0 "Dictionary key must be a name object") at
Error.cc:89
#9  0x00007ffff7a9eb12 in Parser::getObj (this=this at entry=0x6e5d70,
obj=obj at entry=0x7ffffffdf7d0, simpleOnly=simpleOnly at entry=false,
fileKey=fileKey at entry=0x0, encAlgorithm=encAlgorithm at entry=cryptNone, 
    keyLength=keyLength at entry=0, objNum=3, objGen=0, recursion=437,
strict=false) at Parser.cc:109
#10 0x00007ffff7a9ecad in Parser::getObj (this=this at entry=0x6e5d70,
obj=obj at entry=0x7ffffffdf870, simpleOnly=simpleOnly at entry=false,
fileKey=fileKey at entry=0x0, encAlgorithm=encAlgorithm at entry=cryptNone, 
    keyLength=keyLength at entry=0, objNum=3, objGen=0, recursion=436,
strict=false) at Parser.cc:95
#11 0x00007ffff7a9ed49 in Parser::getObj (this=this at entry=0x6e5d70,
obj=obj at entry=0x7ffffffdf9e0, simpleOnly=simpleOnly at entry=false, fileKey=0x0,
encAlgorithm=cryptNone, keyLength=0, objNum=3, objGen=0, 
    recursion=435, strict=false) at Parser.cc:121
#12 0x00007ffff7abb1ea in XRef::fetch (this=0x64c650, num=3, gen=0,
obj=obj at entry=0x7ffffffdf9e0, recursion=recursion at entry=435) at XRef.cc:1224
#13 0x00007ffff7a983c5 in Object::fetch (this=<optimized out>, xref=<optimized
out>, obj=obj at entry=0x7ffffffdf9e0, recursion=recursion at entry=435) at
Object.cc:122
#14 0x00007ffff7a371dd in Dict::lookup (this=<optimized out>,
key=key at entry=0x7ffff7b16918 "Length", obj=obj at entry=0x7ffffffdf9e0,
recursion=recursion at entry=435) at Dict.cc:261
#15 0x00007ffff7a9e55d in Object::dictLookup (key=0x7ffff7b16918 "Length",
this=0x7ffffffdfb20, this=0x7ffffffdfb20, recursion=435, obj=0x7ffffffdf9e0) at
Object.h:342
#16 Parser::makeStream (this=this at entry=0x6e4e10,
dict=dict at entry=0x7ffffffdfb20, fileKey=fileKey at entry=0x0,
encAlgorithm=encAlgorithm at entry=cryptNone, keyLength=keyLength at entry=0,
objNum=objNum at entry=3, 
    objGen=0, recursion=435, strict=false) at Parser.cc:209
#17 0x00007ffff7a9ebac in Parser::getObj (this=this at entry=0x6e4e10,
obj=obj at entry=0x7ffffffdfb20, simpleOnly=simpleOnly at entry=false,
fileKey=fileKey at entry=0x0, encAlgorithm=encAlgorithm at entry=cryptNone, 
    keyLength=keyLength at entry=0, objNum=3, objGen=0, recursion=434,
strict=false) at Parser.cc:131
#18 0x00007ffff7a9ecad in Parser::getObj (this=this at entry=0x6e4e10,
obj=obj at entry=0x7ffffffdfbc0, simpleOnly=simpleOnly at entry=false,
fileKey=fileKey at entry=0x0, encAlgorithm=encAlgorithm at entry=cryptNone, 
    keyLength=keyLength at entry=0, objNum=3, objGen=0, recursion=433,
strict=false) at Parser.cc:95
#19 0x00007ffff7a9ed49 in Parser::getObj (this=this at entry=0x6e4e10,
obj=obj at entry=0x7ffffffdfd30, simpleOnly=simpleOnly at entry=false, fileKey=0x0,
encAlgorithm=cryptNone, keyLength=0, objNum=3, objGen=0, 
    recursion=432, strict=false) at Parser.cc:121
#20 0x00007ffff7abb1ea in XRef::fetch (this=0x64c650, num=3, gen=0,
obj=obj at entry=0x7ffffffdfd30, recursion=recursion at entry=432) at XRef.cc:1224
#21 0x00007ffff7a983c5 in Object::fetch (this=<optimized out>, xref=<optimized
out>, obj=obj at entry=0x7ffffffdfd30, recursion=recursion at entry=432) at
Object.cc:122
#22 0x00007ffff7a371dd in Dict::lookup (this=<optimized out>,
key=key at entry=0x7ffff7b16918 "Length", obj=obj at entry=0x7ffffffdfd30,
recursion=recursion at entry=432) at Dict.cc:261
#23 0x00007ffff7a9e55d in Object::dictLookup (key=0x7ffff7b16918 "Length",
this=0x7ffffffdfe70, this=0x7ffffffdfe70, recursion=432, obj=0x7ffffffdfd30) at
Object.h:342
#24 Parser::makeStream (this=this at entry=0x6e3eb0,
dict=dict at entry=0x7ffffffdfe70, fileKey=fileKey at entry=0x0,
encAlgorithm=encAlgorithm at entry=cryptNone, keyLength=keyLength at entry=0,
objNum=objNum at entry=3, 
    objGen=0, recursion=432, strict=false) at Parser.cc:209
#25 0x00007ffff7a9ebac in Parser::getObj (this=this at entry=0x6e3eb0,
obj=obj at entry=0x7ffffffdfe70, simpleOnly=simpleOnly at entry=false,
fileKey=fileKey at entry=0x0, encAlgorithm=encAlgorithm at entry=cryptNone, 
    keyLength=keyLength at entry=0, objNum=3, objGen=0, recursion=431,
strict=false) at Parser.cc:131
#26 0x00007ffff7a9ecad in Parser::getObj (this=this at entry=0x6e3eb0,
obj=obj at entry=0x7ffffffdff10, simpleOnly=simpleOnly at entry=false,
fileKey=fileKey at entry=0x0, encAlgorithm=encAlgorithm at entry=cryptNone, 
    keyLength=keyLength at entry=0, objNum=3, objGen=0, recursion=430,
strict=false) at Parser.cc:95
#27 0x00007ffff7a9ed49 in Parser::getObj (this=this at entry=0x6e3eb0,
obj=obj at entry=0x7ffffffe0080, simpleOnly=simpleOnly at entry=false, fileKey=0x0,
encAlgorithm=cryptNone, keyLength=0, objNum=3, objGen=0, 
    recursion=429, strict=false) at Parser.cc:121
#28 0x00007ffff7abb1ea in XRef::fetch (this=0x64c650, num=3, gen=0,
obj=obj at entry=0x7ffffffe0080, recursion=recursion at entry=429) at XRef.cc:1224
#29 0x00007ffff7a983c5 in Object::fetch (this=<optimized out>, xref=<optimized
out>, obj=obj at entry=0x7ffffffe0080, recursion=recursion at entry=429) at
Object.cc:122
#30 0x00007ffff7a371dd in Dict::lookup (this=<optimized out>,
key=key at entry=0x7ffff7b16918 "Length", obj=obj at entry=0x7ffffffe0080,
recursion=recursion at entry=429) at Dict.cc:261
[...]
#1177 0x00007ffff7a2c85a in Catalog::getPage (this=0x64c3a0, i=i at entry=1) at
Catalog.cc:241
#1178 0x00007ffff7aa51cf in PDFDoc::getPage (this=<optimized out>,
page=page at entry=1) at PDFDoc.cc:2090
#1179 0x00000000004045eb in JSInfo::scan (this=this at entry=0x7fffffffdb70,
nPages=1) at JSInfo.cc:168
#1180 0x0000000000404b31 in JSInfo::scanJS (this=this at entry=0x7fffffffdb70,
nPages=<optimized out>) at JSInfo.cc:90
#1181 0x00000000004036c5 in printInfo (doc=doc at entry=0x64bf00,
uMap=uMap at entry=0x64bc10, filesize=384218, multiPage=multiPage at entry=false) at
pdfinfo.cc:349
#1182 0x00000000004028de in main (argc=2, argv=<optimized out>) at
pdfinfo.cc:605

}}}

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170611/bfc1bc37/attachment.html>