<html>
    <head>
      <base href="https://bugs.freedesktop.org/">
    </head>
    <body><span class="vcard"><a class="email" href="mailto:luanjunchao@163.com" title="junchao luan <luanjunchao@163.com>"> <span class="fn">junchao luan</span></a>
</span> changed
          <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - stack overflow in FoFiType1C::cvtGlyph, poppler 0.59.0"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=102900">bug 102900</a>
          <br>
             <table border="1" cellspacing="0" cellpadding="8">
          <tr>
            <th>What</th>
            <th>Removed</th>
            <th>Added</th>
          </tr>

         <tr>
           <td style="text-align:right;">Status</td>
           <td>NEEDINFO
           </td>
           <td>NEW
           </td>
         </tr>

         <tr>
           <td style="text-align:right;">Summary</td>
           <td>0.59
           </td>
           <td>stack overflow in FoFiType1C::cvtGlyph, poppler 0.59.0
           </td>
         </tr></table>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - stack overflow in FoFiType1C::cvtGlyph, poppler 0.59.0"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=102900#c1">Comment # 1</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - stack overflow in FoFiType1C::cvtGlyph, poppler 0.59.0"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=102900">bug 102900</a>
              from <span class="vcard"><a class="email" href="mailto:luanjunchao@163.com" title="junchao luan <luanjunchao@163.com>"> <span class="fn">junchao luan</span></a>
</span></b>
        <pre>When I run pdftops with a specific pdf file, it shows
#./utils/pdftops crash.pdf a
ASAN:DEADLYSIGNAL
=================================================================
==5527==ERROR: AddressSanitizer: stack-overflow on address 0x7fff4ec5ef78 (pc
0x560dfe39a582 bp 0x7fff4ec5f0b0 sp 0x7fff4ec5ef60 T0)
    #0 0x560dfe39a581 in FoFiType1C::getOp(int, bool, bool*)
/root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:2548
    #1 0x560dfe386a07 in FoFiType1C::cvtGlyph(int, int, GooString*,
Type1CIndex*, Type1CPrivateDict*, bool)
/root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1215
    #2 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*,
Type1CIndex*, Type1CPrivateDict*, bool)
/root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592
    #3 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*,
Type1CIndex*, Type1CPrivateDict*, bool)
/root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592
    #4 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*,
Type1CIndex*, Type1CPrivateDict*, bool)
/root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592
    #5 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*,
Type1CIndex*, Type1CPrivateDict*, bool)
/root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592
    #6 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*,
Type1CIndex*, Type1CPrivateDict*, bool)
/root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592
....

And here is the backtrace of gdb:

(gdb) bt -18
#24935 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280,
offset=15028, nBytes=4, charBuf=0x603000014650, 
    subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=false) at
FoFiType1C.cc:1592
#24936 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280,
offset=15028, nBytes=4, charBuf=0x603000014650, 
    subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=false) at
FoFiType1C.cc:1592
#24937 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280,
offset=10866, nBytes=6, charBuf=0x603000014650, 
    subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=false) at
FoFiType1C.cc:1592
#24938 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280,
offset=392146, nBytes=6458, charBuf=0x603000014650, 
    subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=true) at
FoFiType1C.cc:1592
#24939 0x0000555555735678 in FoFiType1C::eexecCvtGlyph (this=0x61a00001f280,
eb=0x7fffffffce20, glyphName=0x603000014680 "c36", 
    offset=392146, nBytes=6458, subrIdx=0x7fffffffcde0, pDict=0x61600000f080)
at FoFiType1C.cc:1178
#24940 0x0000555555734eab in FoFiType1C::convertToType0 (this=0x61a00001f280,
psName=0x603000018bb0 "Arial", codeMap=0x0, nCodes=0, 
    outputFunc=0x5555556cc8a8 <outputToFile(void*, char const*, int)>,
outputStream=0x61600000f380) at FoFiType1C.cc:1109
#24941 0x000055555571d785 in FoFiTrueType::convertToType0 (this=0x60b00000af90,
psName=0x603000018bb0 "Arial", cidMap=0x0, nCIDs=0, 
    outputFunc=0x5555556cc8a8 <outputToFile(void*, char const*, int)>,
outputStream=0x61600000f380) at FoFiTrueType.cc:856
#24942 0x00005555556db416 in PSOutputDev::setupEmbeddedOpenTypeCFFFont
(this=0x61800000fc80, font=0x61200000bbc0, id=0x60400000b658, 
    psName=0x603000018bb0) at PSOutputDev.cc:2758
#24943 0x00005555556d4655 in PSOutputDev::setupFont (this=0x61800000fc80,
font=0x61200000bbc0, parentResDict=0x60700000d610)
    at PSOutputDev.cc:1963
#24944 0x00005555556d3ae7 in PSOutputDev::setupFonts (this=0x61800000fc80,
resDict=0x60700000d610) at PSOutputDev.cc:1885
#24945 0x00005555556d3214 in PSOutputDev::setupResources (this=0x61800000fc80,
resDict=0x60700000d610) at PSOutputDev.cc:1798
#24946 0x00005555556d246c in PSOutputDev::writeDocSetup (this=0x61800000fc80,
doc=0x60f00000ef50, catalog=0x61300000de80, 
    pages=std::vector of length 1, capacity 1 = {...}, duplexA=false) at
PSOutputDev.cc:1696
#24947 0x00005555556d0078 in PSOutputDev::postInit (this=0x61800000fc80) at
PSOutputDev.cc:1455
#24948 0x00005555556deff1 in PSOutputDev::checkPageSlice (this=0x61800000fc80,
page=0x611000009c80, rotateA=0, useMediaBox=false, crop=true, 
    sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=true,
abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, 
    annotDisplayDecideCbkData=0x0) at PSOutputDev.cc:3246
#24949 0x0000555555888737 in Page::displaySlice (this=0x611000009c80,
out=0x61800000fc80, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, 
    crop=true, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=true,
abortCheckCbk=0x0, abortCheckCbkData=0x0, 
    annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false)
at Page.cc:539
#24950 0x0000555555887e72 in Page::display (this=0x611000009c80,
out=0x61800000fc80, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, 
    crop=true, printing=true, abortCheckCbk=0x0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, 
    copyXRef=false) at Page.cc:483
#24951 0x0000555555684675 in PDFDoc::displayPage (this=0x60f00000ef50,
out=0x61800000fc80, page=1, hDPI=72, vDPI=72, rotate=0, 
    useMediaBox=false, crop=true, printing=true, abortCheckCbk=0x0,
abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, 
    annotDisplayDecideCbkData=0x0, copyXRef=false) at PDFDoc.cc:488
#24952 0x00005555556733ce in main (argc=3, argv=0x7fffffffe0e8) at
pdftops.cc:423

We can see clearly that there is an infinite loop in FoFiType1C::cvtGlyph.</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>