Summary: |
Invalid memory read in Page::getCropBox() - Page.h:155 |
Product: |
poppler
|
Reporter: |
martino.sani <martino.sani> |
Component: |
general | Assignee: |
poppler-bugs <poppler-bugs> |
Status: |
RESOLVED
FIXED
|
QA Contact: |
|
Severity: |
normal
|
|
|
Priority: |
medium
|
|
|
Version: |
unspecified | |
|
Hardware: |
x86-64 (AMD64) | |
|
OS: |
Linux (All) | |
|
Whiteboard: |
|
i915 platform:
|
|
i915 features:
|
|
Attachments: |
testcase.pdf
|
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 131286 [details] testcase.pdf Attached testcase lead to an invalid memory read in Page::getCropBox() - Page.h:155. Steps to reproduce: 1) CC=clang CXX=clang++ CFLAGS="-O0 -g -ggdb" CXXFLAGS="-O0 -g -ggdb" LDFLAGS="-lpthread" ./configure --disable-poppler-qt4 --disable-poppler-qt5 --enable-xpdf-headers --enable-static --disable-shared ; make 2) cd cpp ; CC=clang CXX=clang++ CFLAGS="-O0 -g -ggdb" CXXFLAGS="-O0 -g -ggdb" make 3) ./cpp/tests/poppler-dump --show-pages testcase.pdf GDB info: Program received signal SIGSEGV, Segmentation fault. Page::getCropBox (this=0x0) at ../poppler/Page.h:155 155 PDFRectangle *getCropBox() { return attrs->getCropBox(); } (gdb) bt #0 Page::getCropBox (this=0x0) at ../poppler/Page.h:155 #1 0x0000000000418c01 in poppler::page::page_rect (this=0x83a5d0, box=poppler::crop_box) at poppler-page.cpp:132 #2 0x00000000004089a4 in print_page (p=0x83a5d0) at poppler-dump.cpp:303 #3 0x00000000004071f8 in main (argc=2, argv=0x7fffffffe428) at poppler-dump.cpp:380 (gdb) disas $rip Dump of assembler code for function Page::getCropBox(): 0x0000000000419660 <+0>: push rbp 0x0000000000419661 <+1>: mov rbp,rsp 0x0000000000419664 <+4>: sub rsp,0x10 0x0000000000419668 <+8>: mov QWORD PTR [rbp-0x8],rdi 0x000000000041966c <+12>: mov rdi,QWORD PTR [rbp-0x8] => 0x0000000000419670 <+16>: mov rdi,QWORD PTR [rdi+0x30] 0x0000000000419674 <+20>: call 0x419a90 <PageAttrs::getCropBox()> (gdb) print $rdi $1 = 0 Poppler version: poppler-0.54.0 Test platform: Linux 4.3.0-1-amd64 #1 SMP Debian 4.3.3-7 (2016-01-19) x86_64 GNU/Linux