[Poppler-bugs] [Bug 103582] New: poppler-0.61: SIGABRT on broken range dictionary
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sun Nov 5 18:51:56 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=103582
Bug ID: 103582
Summary: poppler-0.61: SIGABRT on broken range dictionary
Product: poppler
Version: unspecified
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: general
Assignee: poppler-bugs at lists.freedesktop.org
Reporter: legarrec.vincent at gmail.com
Created attachment 135248
--> https://bugs.freedesktop.org/attachment.cgi?id=135248&action=edit
wrong_range_dictionary.pdf
Hi,
Still playing with fuzzer, a wrong Range dictionary is making poppler (and
evince) crash.
pdftohtml wrong_range_dictionary.pdf /tmp/
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff71b4c07 in __GI_abort () at abort.c:89
#2 0x00007ffff7a77ac2 in Object::getNum (this=<optimized out>) at
/home/legarrec/info/programmation/poppler_bis/poppler/Object.h:222
#3 GfxLabColorSpace::parse (arr=<optimized out>, state=state at entry=0x661950)
at /home/legarrec/info/programmation/poppler_bis/poppler/GfxState.cc:1588
#4 0x00007ffff7a7830e in GfxColorSpace::parse (res=0x6600e0,
csObj=csObj at entry=0x7fffffffd0b0, out=0x65d6a0, state=0x661950,
recursion=recursion at entry=0)
at /home/legarrec/info/programmation/poppler_bis/poppler/GfxState.cc:393
#5 0x00007ffff7a4c48a in Gfx::opSetStrokeColorSpace (this=0x6607c0,
args=0x7fffffffd1b0, numArgs=<optimized out>)
at /home/legarrec/info/programmation/poppler_bis/poppler/Gfx.cc:1537
#6 0x00007ffff7a5664f in Gfx::go (this=this at entry=0x6607c0,
topLevel=topLevel at entry=true) at
/home/legarrec/info/programmation/poppler_bis/poppler/Gfx.cc:742
#7 0x00007ffff7a56a9b in Gfx::display (this=this at entry=0x6607c0,
obj=obj at entry=0x7fffffffd4a0, topLevel=topLevel at entry=true)
at /home/legarrec/info/programmation/poppler_bis/poppler/Gfx.cc:704
#8 0x00007ffff7aa2041 in Page::displaySlice (this=0x660600, out=0x65d6a0,
hDPI=108, vDPI=108, rotate=0, useMediaBox=<optimized out>, crop=false,
sliceX=sliceX at entry=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=false,
abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0,
annotDisplayDecideCbkData=0x0, copyXRef=false) at
/home/legarrec/info/programmation/poppler_bis/poppler/Page.cc:560
#9 0x00007ffff7aa22b8 in Page::display (this=<optimized out>, out=<optimized
out>, hDPI=<optimized out>, vDPI=<optimized out>, rotate=<optimized out>,
useMediaBox=<optimized out>, crop=<optimized out>, printing=<optimized
out>, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0,
annotDisplayDecideCbkData=0x0, copyXRef=false) at
/home/legarrec/info/programmation/poppler_bis/poppler/Page.cc:481
#10 0x00007ffff7aa69c9 in PDFDoc::displayPages (this=this at entry=0x65b7f0,
out=out at entry=0x65d6a0, firstPage=<optimized out>, lastPage=1, hDPI=108,
vDPI=108,
rotate=rotate at entry=0, useMediaBox=useMediaBox at entry=true, crop=false,
printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0) at
/home/legarrec/info/programmation/poppler_bis/poppler/PDFDoc.cc:503
#11 0x0000000000409b22 in main (argc=<optimized out>, argv=<optimized out>) at
/home/legarrec/info/programmation/poppler_bis/utils/pdftohtml.cc:389
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20171105/9df6eda5/attachment.html>
More information about the Poppler-bugs
mailing list