Bug 100981

Summary: Invalid memory read in Page::getCropBox() - Page.h:155
Product: poppler Reporter: martino.sani <martino.sani>
Component: generalAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: testcase.pdf

Description martino.sani@gmail.com 2017-05-09 21:43:06 UTC
Created attachment 131286 [details]
testcase.pdf

Attached testcase lead to an invalid memory read in Page::getCropBox() - Page.h:155.

Steps to reproduce:

1) CC=clang CXX=clang++ CFLAGS="-O0 -g -ggdb" CXXFLAGS="-O0 -g -ggdb" LDFLAGS="-lpthread" ./configure --disable-poppler-qt4 --disable-poppler-qt5  --enable-xpdf-headers  --enable-static --disable-shared ; make
2) cd cpp ; CC=clang CXX=clang++ CFLAGS="-O0 -g -ggdb" CXXFLAGS="-O0 -g -ggdb" make
3) ./cpp/tests/poppler-dump --show-pages testcase.pdf

GDB info:

Program received signal SIGSEGV, Segmentation fault.
Page::getCropBox (this=0x0) at ../poppler/Page.h:155
155       PDFRectangle *getCropBox() { return attrs->getCropBox(); }

(gdb) bt
#0  Page::getCropBox (this=0x0) at ../poppler/Page.h:155
#1  0x0000000000418c01 in poppler::page::page_rect (this=0x83a5d0, box=poppler::crop_box) at poppler-page.cpp:132
#2  0x00000000004089a4 in print_page (p=0x83a5d0) at poppler-dump.cpp:303
#3  0x00000000004071f8 in main (argc=2, argv=0x7fffffffe428) at poppler-dump.cpp:380

(gdb) disas $rip
Dump of assembler code for function Page::getCropBox():
   0x0000000000419660 <+0>:     push   rbp
   0x0000000000419661 <+1>:     mov    rbp,rsp
   0x0000000000419664 <+4>:     sub    rsp,0x10
   0x0000000000419668 <+8>:     mov    QWORD PTR [rbp-0x8],rdi
   0x000000000041966c <+12>:    mov    rdi,QWORD PTR [rbp-0x8]
=> 0x0000000000419670 <+16>:    mov    rdi,QWORD PTR [rdi+0x30]
   0x0000000000419674 <+20>:    call   0x419a90 <PageAttrs::getCropBox()>

(gdb) print $rdi
$1 = 0

Poppler version:
poppler-0.54.0

Test platform:
Linux 4.3.0-1-amd64 #1 SMP Debian 4.3.3-7 (2016-01-19) x86_64 GNU/Linux
Comment 1 Albert Astals Cid 2017-05-10 09:22:19 UTC
Fixed, thanks for the report.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.