Created attachment 17564 [details] [review] The patch for a crash when "IRT" object is present This patch fixes a crash when "IRT" object is present. The patch is based on the latest stable poppler-0.8.4. I have the crash in pdftohtml but is should affect other components too.
Can you please attach a pdf that triggers such a crash?
Sorry. I can't attach that pdf. It's a private data. If you have any pdf that causes execution of the line inReplyTo = obj1.getDict(); then you get a crash with pdftohtml for sure. Anyway the logic is simple. Without inReplyTo->incRef() the nearest obj1.free() destroys/frees the object pointed by inReplyTo. So inReplyTo points to freed memory. Just in case, I compiled it under MSVC 2005.
*** Bug 16762 has been marked as a duplicate of this bug. ***
Fixed in a different way.
Thanks for fixing this. About when can we expect the next release? I ask because that'll help us decide whether we should ship this fix now in Gentoo or just wait.
My calendar says tomorrow 28/07 for poppler 0.8.5 but i've still some patches on the pipeline to review and apply, but anyway i'll be "soon"
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.