[poppler] Stack buffer overflow on test utf conversion

Adrian Johnson ajohnson at redneon.com
Sat Dec 2 09:43:09 UTC 2017


On 02/12/17 20:05, Albert Astals Cid wrote:
> El dissabte, 2 de desembre de 2017, a les 14:31:55 CET, Adrian Johnson va 
> escriure:
>> On 02/12/17 10:14, Albert Astals Cid wrote:
>>> Adrian, can you have a look at https://paste.kde.org/pe6yweh7u ?
>>>
>>> It seems we have somehow a bug in that code? Is it something you
>>> introduced or was it buggy already but just not exercised and now your
>>> test reveals the problem?
>>
>> The buffer in the test is not large enough. The attached patch increases
>> the buffer size and adds an assert to check the buffer size.
>>
>> I did test it with valgrind when I wrote the test but interestingly it
>> doesn't pick up the problem. The second attached patch updates the
>> INSTALL file to document the use of the address sanitizer.
> 
> Pushed both.
> 
> Is the "buffer not large enough" something could have caught in the "code 
> side" and returned an error/nullptr/something instead of crashing? Or is it 
> not possible/worth it for our use case?

The code side has functions for both allocating and converting as well
as converting into a supplied buffer. In most cases you would use the
allocate and convert version which avoids the problem. If you use the
convert into a specified buffer version you would normally check and
allocate the correct size. The test was being lazy and using a fixed
size buffer.

> 
> Cheers,
>   Albert
> 



More information about the poppler mailing list