[poppler] A few vulnerabilitiess in libpoppler

Robert Święcki robert at swiecki.net
Fri Oct 22 16:36:01 PDT 2010


> <robert at swiecki.net> wrote:
>>I've put it here
>>
>>http://alt.swiecki.net/j/poppler_2010.10.22.tbz
>>
>>Tested with git cloned libpoppler (pdftoppm), 78 testacses, hopefully
>>unique (i.e. crashing with different instructions). Except segfaults
>>I've also attached some div-by-zero problems (usually SIGFPE*),
>>SIGBUS* (this one on linux amd64 is *usually* the same as SEGV, just
>>it tries to access memory which, albeit not mmaped, cannot be really
>>mapped on this architecture, cause amd64 arch has effective 48bit virt
>>space, anyway, it's just invalid memory access). Also there is
>>SIGABRT* usually caused by malloc() checker, or internal assert()s.
>
> Thanks! Now it's midnight in Japan (AM 03:30) and
> I'm going to sleep, sorry. I made my slow amd64
> machine execute your testing PDFs and log valgrind
> messages. I will post my progress tomorrow.

You're the most prolific bug hunter I've known. Kudos. Those bugs
existed for months or years, they can wait for another few days ;). If
you'd be stuck with any specific bug, let me know, and I'll employ my
gdb :)

-- 
Robert Święcki


More information about the poppler mailing list