[Poppler-bugs] [Bug 106060] heap-buffer-overflow in Splash::fillGlyph2

Tue Apr 17 17:49:19 UTC 2018

https://bugs.freedesktop.org/show_bug.cgi?id=106060

pdknsk <pdknsk at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #3 from pdknsk <pdknsk at gmail.com> ---
I'm not passing any parameters, other than the page of course. I'm using code
similar to poppler-render. The missing puzzle piece for reproducing it with
poppler-render is the render hint.

--- a/cpp/tests/poppler-render.cpp
+++ b/cpp/tests/poppler-render.cpp
@@ -99,7 +99,6 @@ int main(int argc, char *argv[])

     poppler::page_renderer pr;
     pr.set_render_hint(poppler::page_renderer::antialiasing, true);
-    pr.set_render_hint(poppler::page_renderer::text_antialiasing, true);

     poppler::image img = pr.render_page(p.get());
     if (!img.is_valid()) {

$ cpp/tests/poppler-render poppler-106060.pdf -o tmp.png

==12125==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60300000e1b2 at pc 0x0000008af076 bp 0x7ffe4f363510 sp 0x7ffe4f363508
READ of size 1 at 0x60300000e1b2 thread T0
    #0 0x8af075 in Splash::fillGlyph2(int, int, SplashGlyphBitmap*, bool)
poppler/splash/Splash.cc:2889:59
...

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20180417/91b6779d/attachment.html>
