Bug 17976 - Crash of pdftotext as result of freeing non-initialized member variable in OptionalContentGroup destructor
Summary: Crash of pdftotext as result of freeing non-initialized member variable in Op...
Status: RESOLVED FIXED
Alias: None
Product: poppler
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: All All
: high critical
Assignee: poppler-bugs
QA Contact:
URL: http://maniakkomputer.files.wordpress...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-10-08 07:37 UTC by Mark Kaplan
Modified: 2008-10-08 13:30 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Mark Kaplan 2008-10-08 07:37:18 UTC 
The 0.9.3 poppler pdftotext utility crahses with the following stack trace:
Program terminated with signal 6, Aborted.
#0  0xb7b84947 in raise () from /lib/tls/libc.so.6
(gdb) bt
#0  0xb7b84947 in raise () from /lib/tls/libc.so.6
#1  0xb7b860c9 in abort () from /lib/tls/libc.so.6
#2  0xb7bb9fda in __fsetlocking () from /lib/tls/libc.so.6
#3  0xb7bc189f in mallopt () from /lib/tls/libc.so.6
#4  0xb7bc1942 in free () from /lib/tls/libc.so.6
#5  0xb7ed3c74 in ~GooString (this=0x0) at GooString.cc:237
#6  0xb7e98779 in ~OptionalContentGroup (this=0x0) at OptionalContent.cc:322
#7  0xb7e98834 in ~OCGs (this=0x805e4c0) at OptionalContent.cc:143
#8  0xb7e3e2ea in ~Catalog (this=0x805e008) at Catalog.cc:243
#9  0xb7e9f263 in ~PDFDoc (this=0x805db88) at PDFDoc.cc:256
#10 0x0804998e in main (argc=Cannot access memory at address 0x1
) at pdftotext.cc:312

This crash is a result of deleting in OptionalContentGroup destructor variable m_name , which was not initialized (nor in constructor, not in other place). Below please find proposed patch, which solves the problem.

--- poppler/OptionalContent.orig.cc     2008-10-08 14:26:37.000000000 +0000
+++ poppler/OptionalContent.cc  2008-10-08 14:28:22.000000000 +0000
@@ -284,7 +284,7 @@

 //------------------------------------------------------------------------

-OptionalContentGroup::OptionalContentGroup(Dict *ocgDict, XRef *xrefA)
+OptionalContentGroup::OptionalContentGroup(Dict *ocgDict, XRef *xrefA) : m_name(NULL)
 {
   Object ocgName;
   ocgDict->lookupNF("Name", &ocgName);
Comment 1 Albert Astals Cid 2008-10-08 13:30:20 UTC 
Patch added. Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.