<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body> <div> <a class="bz_bug_link bz_status_RESOLVED bz_closed" title="RESOLVED FIXED - poppler-0.44.0: stack overflow while rending with pdftohtml" href="https://bugs.freedesktop.org/show_bug.cgi?id=95567#c3">Comment # 3</a> on <a class="bz_bug_link bz_status_RESOLVED bz_closed" title="RESOLVED FIXED - poppler-0.44.0: stack overflow while rending with pdftohtml" href="https://bugs.freedesktop.org/show_bug.cgi?id=95567">bug 95567</a> from <a class="email" href="mailto:legarrec.vincent@gmail.com" title="LE GARREC Vincent <legarrec.vincent@gmail.com>"> LE GARREC Vincent</a> <pre>Created <a href="attachment.cgi?id=124012" name="attach_124012" title="stackoverflow-2.pdf">attachment 124012</a> <a href="attachment.cgi?id=124012&action=edit" title="stackoverflow-2.pdf">[details]</a> stackoverflow-2.pdf Thanks. I just run again afl with all PDF that make poppler crashes. It finds another case where there's no crash but a huge stack (size around 3000). Suddenly the stack stops growing and poppler runs into infinity loop. Should I one file a new bug or reopen this one ? And another thing: do you think that the line: Stream.cc:5533 dict->dictLookup("DP", &params); should be dict->dictLookup("DP", &params, recursion); like all others calls ? Thanks for your work. … Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (448): Dictionary key must be a name object Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (448): Dictionary key must be a name object Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (448): Dictionary key must be a name object Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (448): Dictionary key must be a name object … gdb (I used CTRL+Z) #0 0x00007ffff6a01dc3 in __pread_nocancel () at ../sysdeps/unix/syscall-template.S:84 #1 0x00007ffff7a0dcd6 in pread64 (__offset=<optimized out>, __nbytes=<optimized out>, __buf=__buf@entry=0x74f269, __fd=<optimized out>) at /usr/include/bits/unistd.h:117 #2 GooFile::read (this=<optimized out>, buf=buf@entry=0x74f269 "6 0 obj\n<</Type/XObject/Subtype/Image/WidthB1/Height 1/BitsPerComponent 8/Length 6 0 R\n/F 6 0 R\n>>\nstream\nx\234c``", n=<optimized out>, offset=<optimized out>) at gfile.cc:648 #3 0x00007ffff78cdb13 in FileStream::fillBuf (this=0x74f200) at Stream.cc:827 #4 0x00007ffff78efe05 in FileStream::getChar (this=0x74f200) at Stream.h:458 #5 0x00007ffff786f8c2 in Object::streamGetChar (this=<optimized out>, this=<optimized out>) at Object.h:363 #6 Lexer::getChar (this=0x74ee30, comesFromLook=false) at Lexer.cc:127 #7 0x00007ffff786fc72 in Lexer::getObj (this=0x74ee30, obj=obj@entry=0x74ef08, objNum=objNum@entry=-1) at Lexer.cc:171 #8 0x00007ffff789cbec in Parser::Parser (this=0x74eef0, xrefA=<optimized out>, lexerA=<optimized out>, allowStreamsA=<optimized out>) at Parser.cc:53 #9 0x00007ffff79360c2 in XRef::fetch (this=0x678140, num=6, gen=0, obj=0x7ffffffbc880, obj@entry=0x0, recursion=recursion@entry=500) at XRef.cc:1172 #10 0x00007ffff7887344 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x0, recursion=recursion@entry=500) at Object.cc:122 #11 0x00007ffff76f0ccd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b2ff67 "F", obj=0x0, obj@entry=0x7ffffffbc880, recursion=recursion@entry=500) at Dict.cc:261 #12 0x00007ffff78ea34d in Object::dictLookup (this=0x7ffffffbcb40, this=0x7ffffffbcb40, recursion=500, obj=0x7ffffffbc880, key=0x7ffff7b2ff67 "F") at Object.h:330 #13 Stream::addFilters (this=this@entry=0x74f060, dict=dict@entry=0x7ffffffbcb40, recursion=recursion@entry=500) at Stream.cc:181 #14 0x00007ffff789dbbe in Parser::makeStream (this=this@entry=0x74e880, dict=dict@entry=0x7ffffffbcb40, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=objNum@entry=6, objGen=0, recursion=500, strict=false) at Parser.cc:277 #15 0x00007ffff789e8cc in Parser::getObj (this=this@entry=0x74e880, obj=obj@entry=0x7ffffffbcb40, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=6, objGen=0, recursion=499, strict=false) at Parser.cc:131 #16 0x00007ffff7936bb1 in XRef::fetch (this=0x678140, num=<optimized out>, gen=<optimized out>, obj=0x7ffffffbcb40, obj@entry=0x6, recursion=recursion@entry=499) at XRef.cc:1210 #17 0x00007ffff7887344 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x6, recursion=recursion@entry=499) at Object.cc:122 #18 0x00007ffff76f0ccd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b2ff67 "F", obj=0x6, obj@entry=0x7ffffffbcb40, recursion=recursion@entry=499) at Dict.cc:261 #19 0x00007ffff78ea34d in Object::dictLookup (this=0x7ffffffbce00, this=0x7ffffffbce00, recursion=499, obj=0x7ffffffbcb40, key=0x7ffff7b2ff67 "F") at Object.h:330 #20 Stream::addFilters (this=this@entry=0x74ec90, dict=dict@entry=0x7ffffffbce00, recursion=recursion@entry=499) at Stream.cc:181 #21 0x00007ffff789dbbe in Parser::makeStream (this=this@entry=0x74e2e0, dict=dict@entry=0x7ffffffbce00, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=objNum@entry=6, objGen=0, recursion=499, strict=false) at Parser.cc:277 #22 0x00007ffff789e8cc in Parser::getObj (this=this@entry=0x74e2e0, obj=obj@entry=0x7ffffffbce00, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=6, objGen=0, recursion=498, strict=false) at Parser.cc:131 #23 0x00007ffff7936bb1 in XRef::fetch (this=0x678140, num=<optimized out>, gen=<optimized out>, obj=0x7ffffffbce00, obj@entry=0x6, recursion=recursion@entry=498) at XRef.cc:1210 #24 0x00007ffff7887344 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x6, recursion=recursion@entry=498) at Object.cc:122 #25 0x00007ffff76f0ccd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b2ff67 "F", obj=0x6, obj@entry=0x7ffffffbce00, recursion=recursion@entry=498) at Dict.cc:261 #26 0x00007ffff78ea34d in Object::dictLookup (this=0x7ffffffbd0c0, this=0x7ffffffbd0c0, recursion=498, obj=0x7ffffffbce00, key=0x7ffff7b2ff67 "F") at Object.h:330 #27 Stream::addFilters (this=this@entry=0x74de50, dict=dict@entry=0x7ffffffbd0c0, recursion=recursion@entry=498) at Stream.cc:181 #28 0x00007ffff789dbbe in Parser::makeStream (this=this@entry=0x74db30, dict=dict@entry=0x7ffffffbd0c0, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=objNum@entry=6, objGen=0, recursion=498, strict=false) at Parser.cc:277 #29 0x00007ffff789e8cc in Parser::getObj (this=this@entry=0x74db30, obj=obj@entry=0x7ffffffbd0c0, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=6, objGen=0, recursion=497, strict=false) at Parser.cc:131 #30 0x00007ffff7936bb1 in XRef::fetch (this=0x678140, num=<optimized out>, gen=<optimized out>, obj=0x7ffffffbd0c0, obj@entry=0x6, recursion=recursion@entry=497) at XRef.cc:1210 #31 0x00007ffff7887344 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x6, recursion=recursion@entry=497) at Object.cc:122 #32 0x00007ffff76f0ccd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b2ff67 "F", obj=0x6, obj@entry=0x7ffffffbd0c0, recursion=recursion@entry=497) at Dict.cc:261 #33 0x00007ffff78ea34d in Object::dictLookup (this=0x7ffffffbd390, this=0x7ffffffbd390, recursion=497, obj=0x7ffffffbd0c0, key=0x7ffff7b2ff67 "F") at Object.h:330 … #3008 0x00007ffff789d427 in Object::dictLookup (key=0x7ffff7b15f2d "Length", this=0x7fffffffd550, this=0x7fffffffd550, recursion=3, obj=0x7fffffffd340) at Object.h:330 #3009 Parser::makeStream (this=this@entry=0x67c7d0, dict=dict@entry=0x7fffffffd550, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=objNum@entry=6, objGen=0, recursion=3, strict=false) at Parser.cc:209 #3010 0x00007ffff789e8cc in Parser::getObj (this=this@entry=0x67c7d0, obj=obj@entry=0x7fffffffd550, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=6, objGen=0, recursion=2, strict=false) at Parser.cc:131 #3011 0x00007ffff7936bb1 in XRef::fetch (this=0x678140, num=<optimized out>, gen=<optimized out>, obj=0x7fffffffd550, obj@entry=0x6, recursion=recursion@entry=2) at XRef.cc:1210 #3012 0x00007ffff7887344 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x6, recursion=recursion@entry=2) at Object.cc:122 ---Type <return> to continue, or q <return> to quit--- #3013 0x00007ffff76f0ccd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b15f2d "Length", obj=0x6, obj@entry=0x7fffffffd550, recursion=recursion@entry=2) at Dict.cc:261 #3014 0x00007ffff789d427 in Object::dictLookup (key=0x7ffff7b15f2d "Length", this=0x7fffffffd760, this=0x7fffffffd760, recursion=2, obj=0x7fffffffd550) at Object.h:330 #3015 Parser::makeStream (this=this@entry=0x67c1e0, dict=dict@entry=0x7fffffffd760, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=objNum@entry=6, objGen=0, recursion=2, strict=false) at Parser.cc:209 #3016 0x00007ffff789e8cc in Parser::getObj (this=this@entry=0x67c1e0, obj=obj@entry=0x7fffffffd760, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=6, objGen=0, recursion=1, strict=false) at Parser.cc:131 #3017 0x00007ffff7936bb1 in XRef::fetch (this=0x678140, num=<optimized out>, gen=<optimized out>, obj=0x7fffffffd760, obj@entry=0x6, recursion=recursion@entry=1) at XRef.cc:1210 #3018 0x00007ffff7887344 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x6, recursion=recursion@entry=1) at Object.cc:122 #3019 0x00007ffff76f0ccd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b15f2d "Length", obj=0x6, obj@entry=0x7fffffffd760, recursion=recursion@entry=1) at Dict.cc:261 #3020 0x00007ffff789d427 in Object::dictLookup (key=0x7ffff7b15f2d "Length", this=0x7fffffffd9a0, this=0x7fffffffd9a0, recursion=1, obj=0x7fffffffd760) at Object.h:330 #3021 Parser::makeStream (this=this@entry=0x67b5d0, dict=dict@entry=0x7fffffffd9a0, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=objNum@entry=6, objGen=0, recursion=1, strict=false) at Parser.cc:209 #3022 0x00007ffff789e8cc in Parser::getObj (this=this@entry=0x67b5d0, obj=obj@entry=0x7fffffffd9a0, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=6, objGen=0, recursion=0, strict=false) at Parser.cc:131 #3023 0x00007ffff7936bb1 in XRef::fetch (this=0x678140, num=<optimized out>, gen=<optimized out>, obj=0x7fffffffd9a0, recursion=0) at XRef.cc:1210 #3024 0x00007ffff7887344 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=<optimized out>, recursion=<optimized out>) at Object.cc:122 #3025 0x00007ffff76a6661 in Array::get (this=<optimized out>, i=i@entry=0, obj=obj@entry=0x7fffffffd9a0, recursion=recursion@entry=0) at Array.cc:125 #3026 0x00007ffff76b9342 in Object::arrayGet (recursion=0, this=0x7fffffffd980, this=0x7fffffffd980, obj=0x7fffffffd9a0, i=0) at Object.h:303 #3027 Catalog::cachePageTree (this=this@entry=0x678450, page=page@entry=1) at Catalog.cc:392 #3028 0x00007ffff76bb23a in Catalog::getPage (this=0x678450, i=i@entry=1) at Catalog.cc:240 #3029 0x00007ffff78b1c3d in PDFDoc::getPage (this=this@entry=0x677eb0, page=page@entry=1) at PDFDoc.cc:2024 #3030 0x00007ffff78b1fd2 in PDFDoc::displayPage (this=this@entry=0x677eb0, out=out@entry=0x678ec0, page=page@entry=1, hDPI=hDPI@entry=108, vDPI=vDPI@entry=108, rotate=rotate@entry=0, useMediaBox=useMediaBox@entry=true, crop=crop@entry=false, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at PDFDoc.cc:489 #3031 0x00007ffff78b2287 in PDFDoc::displayPages (this=this@entry=0x677eb0, out=out@entry=0x678ec0, firstPage=1, lastPage=17, hDPI=108, vDPI=108, rotate=rotate@entry=0, useMediaBox=useMediaBox@entry=true, crop=false, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0) at PDFDoc.cc:509</pre> </div> <hr> You are receiving this mail because: <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>