[poppler] Heap corruption caused by wrong JPXStream import
Albert Astals Cid
aacid at kde.org
Tue Jun 30 11:35:26 PDT 2015
El Dimarts, 16 de juny de 2015, a les 02:34:49, Peter Waller va escriure:
> Hi,
>
> I was getting a large number of crashes in our PDF corpus on master.
> With valgrind, I tracked it down to the `new JPXStream` in Stream.cc.
>
> Valgrind showed that the constructor of JPXStream was writing off the
> end of the block allocated for it. Mysteriously, sizeof(JPXStream)
> reported 72, while that was obviously not the case inspecting
> JPXStream.h (it's more like 350).
>
> Eventually, I realised that there are two definitions of JPXStream
> classes, and either can be conditionally be included here:
>
> http://cgit.freedesktop.org/poppler/poppler/tree/poppler/Stream.cc?id=popple
> r-0.33.0#n76
>
> The patch below fixes it for me, though since it uses conditions
> depending on how your build system is configured I haven't tested it
> in all of the possible setups and I don't fully understand the intent
> here.
Which build system are you using?
Which openjpeg are you using?
Cheers,
Albert
>
> Regards,
>
> - Peter
>
> Author: Peter Waller <p at pwaller.net>
> Date: Tue Jun 16 01:40:41 2015 +0100
>
> Fix includes for the JPXStream class
>
> An incompatible JPXStream class definition was being included versus
> what was being linked.
>
> diff --git a/poppler/Stream.cc b/poppler/Stream.cc
> index d2dd761..58b5929 100644
> --- a/poppler/Stream.cc
> +++ b/poppler/Stream.cc
> @@ -73,9 +73,9 @@
> #include "FlateStream.h"
> #endif
>
> -#ifdef ENABLE_LIBOPENJPEG
> +#ifdef USE_OPENJPEG2
> #include "JPEG2000Stream.h"
> -#else
> +#elif ENABLE_LIBOPENJPEG
> #include "JPXStream.h"
> #endif
> _______________________________________________
> poppler mailing list
> poppler at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/poppler
More information about the poppler
mailing list