<html>
<head>
<base href="https://bugs.freedesktop.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - poppler-0.61: SIGABRT on broken range dictionary"
href="https://bugs.freedesktop.org/show_bug.cgi?id=103582">103582</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>poppler-0.61: SIGABRT on broken range dictionary
</td>
</tr>
<tr>
<th>Product</th>
<td>poppler
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Other
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>medium
</td>
</tr>
<tr>
<th>Component</th>
<td>general
</td>
</tr>
<tr>
<th>Assignee</th>
<td>poppler-bugs@lists.freedesktop.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>legarrec.vincent@gmail.com
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=135248" name="attach_135248" title="wrong_range_dictionary.pdf">attachment 135248</a> <a href="attachment.cgi?id=135248&action=edit" title="wrong_range_dictionary.pdf">[details]</a></span>
wrong_range_dictionary.pdf
Hi,
Still playing with fuzzer, a wrong Range dictionary is making poppler (and
evince) crash.
pdftohtml wrong_range_dictionary.pdf /tmp/
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff71b4c07 in __GI_abort () at abort.c:89
#2 0x00007ffff7a77ac2 in Object::getNum (this=<optimized out>) at
/home/legarrec/info/programmation/poppler_bis/poppler/Object.h:222
#3 GfxLabColorSpace::parse (arr=<optimized out>, state=state@entry=0x661950)
at /home/legarrec/info/programmation/poppler_bis/poppler/GfxState.cc:1588
#4 0x00007ffff7a7830e in GfxColorSpace::parse (res=0x6600e0,
csObj=csObj@entry=0x7fffffffd0b0, out=0x65d6a0, state=0x661950,
recursion=recursion@entry=0)
at /home/legarrec/info/programmation/poppler_bis/poppler/GfxState.cc:393
#5 0x00007ffff7a4c48a in Gfx::opSetStrokeColorSpace (this=0x6607c0,
args=0x7fffffffd1b0, numArgs=<optimized out>)
at /home/legarrec/info/programmation/poppler_bis/poppler/Gfx.cc:1537
#6 0x00007ffff7a5664f in Gfx::go (this=this@entry=0x6607c0,
topLevel=topLevel@entry=true) at
/home/legarrec/info/programmation/poppler_bis/poppler/Gfx.cc:742
#7 0x00007ffff7a56a9b in Gfx::display (this=this@entry=0x6607c0,
obj=obj@entry=0x7fffffffd4a0, topLevel=topLevel@entry=true)
at /home/legarrec/info/programmation/poppler_bis/poppler/Gfx.cc:704
#8 0x00007ffff7aa2041 in Page::displaySlice (this=0x660600, out=0x65d6a0,
hDPI=108, vDPI=108, rotate=0, useMediaBox=<optimized out>, crop=false,
sliceX=sliceX@entry=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=false,
abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0,
annotDisplayDecideCbkData=0x0, copyXRef=false) at
/home/legarrec/info/programmation/poppler_bis/poppler/Page.cc:560
#9 0x00007ffff7aa22b8 in Page::display (this=<optimized out>, out=<optimized
out>, hDPI=<optimized out>, vDPI=<optimized out>, rotate=<optimized out>,
useMediaBox=<optimized out>, crop=<optimized out>, printing=<optimized
out>, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0,
annotDisplayDecideCbkData=0x0, copyXRef=false) at
/home/legarrec/info/programmation/poppler_bis/poppler/Page.cc:481
#10 0x00007ffff7aa69c9 in PDFDoc::displayPages (this=this@entry=0x65b7f0,
out=out@entry=0x65d6a0, firstPage=<optimized out>, lastPage=1, hDPI=108,
vDPI=108,
rotate=rotate@entry=0, useMediaBox=useMediaBox@entry=true, crop=false,
printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0) at
/home/legarrec/info/programmation/poppler_bis/poppler/PDFDoc.cc:503
#11 0x0000000000409b22 in main (argc=<optimized out>, argv=<optimized out>) at
/home/legarrec/info/programmation/poppler_bis/utils/pdftohtml.cc:389</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>