<html>
    <head>
      <base href="https://bugs.freedesktop.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Abort while parsing GfxFunctionShading"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=104581">104581</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Abort while parsing GfxFunctionShading
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>poppler
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>general
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>poppler-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>legarrec.vincent@gmail.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=136661" name="attach_136661" title="GfxFunctionShading.pdf">attachment 136661</a> <a href="attachment.cgi?id=136661&action=edit" title="GfxFunctionShading.pdf">[details]</a></span>
GfxFunctionShading.pdf

Abort similar with #104354

I think that with time, the fuzzer will find documents that crash on every call
of getNum, getBool, etc...

backtrace:
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6d5ecaf in __GI_abort () at abort.c:90
#2  0x00007ffff77f798c in Object::getNum (this=<optimized out>) at
/home/legarrec/info/programmation/poppler/poppler/Object.h:230
#3  GfxFunctionShading::parse (res=res@entry=0x5555557d64b0,
dict=dict@entry=0x5555557d99b0, out=out@entry=0x5555557d6670,
state=state@entry=0x5555557da510)
    at /home/legarrec/info/programmation/poppler/poppler/GfxState.cc:3763
#4  0x00007ffff78081f3 in GfxShading::parse (res=res@entry=0x5555557d64b0,
obj=obj@entry=0x7fffffffd0c0, out=out@entry=0x5555557d6670,
    state=state@entry=0x5555557da510) at
/home/legarrec/info/programmation/poppler/poppler/GfxState.cc:3576
#5  0x00007ffff772b3b5 in GfxResources::lookupShading (this=<optimized out>,
name=0x5555557da860 "Sh0", out=0x5555557d6670, state=0x5555557da510)
    at /home/legarrec/info/programmation/poppler/poppler/Gfx.cc:479
#6  0x00007ffff775210d in Gfx::opShFill (this=0x5555557d9740, args=<optimized
out>, numArgs=<optimized out>)
    at /home/legarrec/info/programmation/poppler/poppler/Gfx.cc:2400
#7  0x00007ffff774e8e1 in Gfx::go (this=this@entry=0x5555557d9740,
topLevel=topLevel@entry=true)
    at /home/legarrec/info/programmation/poppler/poppler/Gfx.cc:738
#8  0x00007ffff7750834 in Gfx::display (this=this@entry=0x5555557d9740,
obj=obj@entry=0x7fffffffd4d0, topLevel=topLevel@entry=true)
    at /home/legarrec/info/programmation/poppler/poppler/Gfx.cc:700
#9  0x00007ffff78a8281 in Page::displaySlice (this=0x5555557d9670,
out=0x5555557d6670, hDPI=108, vDPI=108, rotate=0, useMediaBox=<optimized out>,
    crop=<optimized out>, sliceX=sliceX@entry=-1, sliceY=-1, sliceW=-1,
sliceH=-1, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0,
    annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false)
at /home/legarrec/info/programmation/poppler/poppler/Page.cc:560
#10 0x00007ffff78a8aef in Page::display (this=<optimized out>, out=<optimized
out>, hDPI=<optimized out>, vDPI=<optimized out>, rotate=<optimized out>,
    useMediaBox=<optimized out>, crop=<optimized out>, printing=<optimized
out>, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0,
    annotDisplayDecideCbkData=0x0, copyXRef=false) at
/home/legarrec/info/programmation/poppler/poppler/Page.cc:481
#11 0x00007ffff78be705 in PDFDoc::displayPages (this=0x5555557d5700,
out=0x5555557d6670, firstPage=<optimized out>, lastPage=1, hDPI=108, vDPI=108,
rotate=0,
    useMediaBox=true, crop=false, printing=false, abortCheckCbk=0x0,
abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0,
annotDisplayDecideCbkData=0x0)
    at /home/legarrec/info/programmation/poppler/poppler/PDFDoc.cc:527
#12 0x00005555555612e8 in main (argc=<optimized out>, argv=<optimized out>) at
/home/legarrec/info/programmation/poppler/utils/pdftohtml.cc:392</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>