<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW - Endless recursion on XRef::getCatalog(Object*)" href="https://bugs.freedesktop.org/show_bug.cgi?id=101364">101364</a> </td> </tr> <tr> <th>Summary</th> <td>Endless recursion on XRef::getCatalog(Object*) </td> </tr> <tr> <th>Product</th> <td>poppler </td> </tr> <tr> <th>Version</th> <td>unspecified </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>general </td> </tr> <tr> <th>Assignee</th> <td>poppler-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Reporter</th> <td>dudul04@yahoo.fr </td> </tr></table> <p> <div> <pre>Created <span class=""><a href="attachment.cgi?id=131833" name="attach_131833" title="faulty PDF">attachment 131833</a> <a href="attachment.cgi?id=131833&action=edit" title="faulty PDF">[details]</a></span> faulty PDF Reproducible with at least poppler 0.41 and poppler-git. The opening of the attached PDF (generated by OSS Fuzz) ends up in an apparently endless recursion of calls {{{ [snip} #86 0x00007ffff7abb1ea in XRef::fetch (this=0x64e540, num=7, gen=0, obj=obj@entry=0x7ffffffde4e0, recursion=recursion@entry=459) at XRef.cc:1224 #87 0x00007ffff7a983c5 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x7ffffffde4e0, recursion=recursion@entry=459) at Object.cc:122 #88 0x00007ffff7a371dd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b16918 "Length", obj=obj@entry=0x7ffffffde4e0, recursion=recursion@entry=459) at Dict.cc:261 #89 0x00007ffff7a9e55d in Object::dictLookup (key=0x7ffff7b16918 "Length", this=0x7ffffffde620, this=0x7ffffffde620, recursion=459, obj=0x7ffffffde4e0) at Object.h:342 #90 Parser::makeStream (this=this@entry=0x161a9d0, dict=dict@entry=0x7ffffffde620, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=cryptNone, keyLength=keyLength@entry=6607408, objNum=objNum@entry=7, objGen=0, recursion=459, strict=false) at Parser.cc:209 #91 0x00007ffff7a9ebac in Parser::getObj (this=this@entry=0x161a9d0, obj=obj@entry=0x7ffffffde620, simpleOnly=simpleOnly@entry=false, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=cryptNone, keyLength=keyLength@entry=6607408, objNum=7, objGen=0, recursion=458, strict=false) at Parser.cc:131 #92 0x00007ffff7a9ecad in Parser::getObj (this=this@entry=0x161a9d0, obj=obj@entry=0x7ffffffde6c0, simpleOnly=simpleOnly@entry=false, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=cryptNone, keyLength=keyLength@entry=6607408, objNum=7, objGen=0, recursion=457, strict=false) at Parser.cc:95 #93 0x00007ffff7a9ed49 in Parser::getObj (this=this@entry=0x161a9d0, obj=obj@entry=0x7ffffffde830, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=cryptNone, keyLength=6607408, objNum=7, objGen=0, recursion=456, strict=false) at Parser.cc:121 #94 0x00007ffff7abb1ea in XRef::fetch (this=0x64e540, num=7, gen=0, obj=obj@entry=0x7ffffffde830, recursion=recursion@entry=456) at XRef.cc:1224 #95 0x00007ffff7a983c5 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x7ffffffde830, recursion=recursion@entry=456) at Object.cc:122 #96 0x00007ffff7a371dd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b16918 "Length", obj=obj@entry=0x7ffffffde830, recursion=recursion@entry=456) at Dict.cc:261 #97 0x00007ffff7a9e55d in Object::dictLookup (key=0x7ffff7b16918 "Length", this=0x7ffffffde970, this=0x7ffffffde970, recursion=456, obj=0x7ffffffde830) at Object.h:342 #98 Parser::makeStream (this=this@entry=0x15ff8c0, dict=dict@entry=0x7ffffffde970, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=cryptNone, keyLength=keyLength@entry=6607408, objNum=objNum@entry=7, objGen=0, recursion=456, strict=false) at Parser.cc:209 #99 0x00007ffff7a9ebac in Parser::getObj (this=this@entry=0x15ff8c0, obj=obj@entry=0x7ffffffde970, simpleOnly=simpleOnly@entry=false, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=cryptNone, keyLength=keyLength@entry=6607408, objNum=7, objGen=0, recursion=455, strict=false) at Parser.cc:131 #100 0x00007ffff7a9ecad in Parser::getObj (this=this@entry=0x15ff8c0, obj=obj@entry=0x7ffffffdea10, simpleOnly=simpleOnly@entry=false, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=cryptNone, keyLength=keyLength@entry=6607408, objNum=7, objGen=0, recursion=454, strict=false) at Parser.cc:95 #101 0x00007ffff7a9ed49 in Parser::getObj (this=this@entry=0x15ff8c0, obj=obj@entry=0x7ffffffdeb80, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=cryptNone, keyLength=6607408, objNum=7, objGen=0, recursion=453, strict=false) at Parser.cc:121 #102 0x00007ffff7abb1ea in XRef::fetch (this=0x64e540, num=7, gen=0, obj=obj@entry=0x7ffffffdeb80, recursion=recursion@entry=453) at XRef.cc:1224 #103 0x00007ffff7a983c5 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x7ffffffdeb80, recursion=recursion@entry=453) at Object.cc:122 #104 0x00007ffff7a371dd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b16918 "Length", obj=obj@entry=0x7ffffffdeb80, recursion=recursion@entry=453) at Dict.cc:261 #105 0x00007ffff7a9e55d in Object::dictLookup (key=0x7ffff7b16918 "Length", this=0x7ffffffdecc0, this=0x7ffffffdecc0, recursion=453, obj=0x7ffffffdeb80) at Object.h:342 #106 Parser::makeStream (this=this@entry=0x15e47b0, dict=dict@entry=0x7ffffffdecc0, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=cryptNone, keyLength=keyLength@entry=6607408, objNum=objNum@entry=7, objGen=0, recursion=453, strict=false) at Parser.cc:209 #107 0x00007ffff7a9ebac in Parser::getObj (this=this@entry=0x15e47b0, obj=obj@entry=0x7ffffffdecc0, simpleOnly=simpleOnly@entry=false, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=cryptNone, keyLength=keyLength@entry=6607408, objNum=7, objGen=0, recursion=452, strict=false) at Parser.cc:131 #108 0x00007ffff7a9ecad in Parser::getObj (this=this@entry=0x15e47b0, obj=obj@entry=0x7ffffffded60, simpleOnly=simpleOnly@entry=false, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=cryptNone, keyLength=keyLength@entry=6607408, objNum=7, objGen=0, recursion=451, strict=false) at Parser.cc:95 #109 0x00007ffff7a9ed49 in Parser::getObj (this=this@entry=0x15e47b0, obj=obj@entry=0x7ffffffdeed0, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=cryptNone, keyLength=6607408, objNum=7, objGen=0, recursion=450, strict=false) at Parser.cc:121 #110 0x00007ffff7abb1ea in XRef::fetch (this=0x64e540, num=7, gen=0, obj=obj@entry=0x7ffffffdeed0, recursion=recursion@entry=450) at XRef.cc:1224 #111 0x00007ffff7a983c5 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x7ffffffdeed0, recursion=recursion@entry=450) at Object.cc:122 #112 0x00007ffff7a371dd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b16918 "Length", obj=obj@entry=0x7ffffffdeed0, recursion=recursion@entry=450) at Dict.cc:261 #113 0x00007ffff7a9e55d in Object::dictLookup (key=0x7ffff7b16918 "Length", this=0x7ffffffdf010, this=0x7ffffffdf010, recursion=450, obj=0x7ffffffdeed0) at Object.h:342 [snip] }}}</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>