[Poppler-bugs] [Bug 101210] New: [pdfunite] crash due to a recursive call of two functions that exhausts the call stack

[bugzilla-daemon at freedesktop.org]

https://bugs.freedesktop.org/show_bug.cgi?id=101210

            Bug ID: 101210
           Summary: [pdfunite] crash due to a recursive call of two
                    functions that exhausts the call stack
           Product: poppler
           Version: unspecified
          Hardware: x86-64 (AMD64)
                OS: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: utils
          Assignee: poppler-bugs at lists.freedesktop.org
          Reporter: pengjiaqi at iie.ac.cn

Created attachment 131535
  --> https://bugs.freedesktop.org/attachment.cgi?id=131535&action=edit
analysis_and_PoC

## Summary
pdfunite util in poppler-0.55.0 will crash when parsing a crafted pdf file,
because the program fall into a recursive and interactive call of two functions
and eventually exhaust the stack space.


## Reproduce
pengjiaqi at ubuntu:~/Documents/crash/poppler-0.55.0ild-gcc/utils$ ./pdfunite
PoC.pdf 1.pdf
Segmentation fault


## Analysis
Due to the analysis is a little complex, I have uploaded it as an attachment,
along with a PoC. In order to avoid disclosing it before patch is released, I
have encrypted it. The developers can communicate with me to get the password.


## Author
name: Jiaqi Peng
email: pjqruc at gmail.com

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170527/10f84570/attachment-0001.html>