[poppler] Heap corruption caused by wrong JPXStream import
Peter Waller
peter at scraperwiki.com
Mon Jun 15 18:34:49 PDT 2015
Hi,
I was getting a large number of crashes in our PDF corpus on master.
With valgrind, I tracked it down to the `new JPXStream` in Stream.cc.
Valgrind showed that the constructor of JPXStream was writing off the
end of the block allocated for it. Mysteriously, sizeof(JPXStream)
reported 72, while that was obviously not the case inspecting
JPXStream.h (it's more like 350).
Eventually, I realised that there are two definitions of JPXStream
classes, and either can be conditionally be included here:
http://cgit.freedesktop.org/poppler/poppler/tree/poppler/Stream.cc?id=poppler-0.33.0#n76
The patch below fixes it for me, though since it uses conditions
depending on how your build system is configured I haven't tested it
in all of the possible setups and I don't fully understand the intent
here.
Regards,
- Peter
Author: Peter Waller <p at pwaller.net>
Date: Tue Jun 16 01:40:41 2015 +0100
Fix includes for the JPXStream class
An incompatible JPXStream class definition was being included versus
what was being linked.
diff --git a/poppler/Stream.cc b/poppler/Stream.cc
index d2dd761..58b5929 100644
--- a/poppler/Stream.cc
+++ b/poppler/Stream.cc
@@ -73,9 +73,9 @@
#include "FlateStream.h"
#endif
-#ifdef ENABLE_LIBOPENJPEG
+#ifdef USE_OPENJPEG2
#include "JPEG2000Stream.h"
-#else
+#elif ENABLE_LIBOPENJPEG
#include "JPXStream.h"
#endif
More information about the poppler
mailing list