| Summary: | heap-buffer-overflow in Splash::fillGlyph2 | ||
|---|---|---|---|
| Product: | poppler | Reporter: | pdknsk <pdknsk> |
| Component: | splash backend | Assignee: | poppler-bugs <poppler-bugs> |
| Status: | RESOLVED MOVED | QA Contact: | |
| Severity: | normal | ||
| Priority: | medium | ||
| Version: | unspecified | ||
| Hardware: | x86 (IA32) | ||
| OS: | Linux (All) | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: | |||
Created attachment 138856 [details]
PDF
Can't reproduce it. Which program are you using? is it custom made? If so i'll need to know the parameters you pass to render_page I'm not passing any parameters, other than the page of course. I'm using code similar to poppler-render. The missing puzzle piece for reproducing it with poppler-render is the render hint.
--- a/cpp/tests/poppler-render.cpp
+++ b/cpp/tests/poppler-render.cpp
@@ -99,7 +99,6 @@ int main(int argc, char *argv[])
poppler::page_renderer pr;
pr.set_render_hint(poppler::page_renderer::antialiasing, true);
- pr.set_render_hint(poppler::page_renderer::text_antialiasing, true);
poppler::image img = pr.render_page(p.get());
if (!img.is_valid()) {
$ cpp/tests/poppler-render poppler-106060.pdf -o tmp.png
==12125==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000e1b2 at pc 0x0000008af076 bp 0x7ffe4f363510 sp 0x7ffe4f363508
READ of size 1 at 0x60300000e1b2 thread T0
#0 0x8af075 in Splash::fillGlyph2(int, int, SplashGlyphBitmap*, bool) poppler/splash/Splash.cc:2889:59
...
Are you sure it's with that file? With that file poppler_render doesn't get into fillGlyph2 for me Yes, I re-downloaded to verify. I'm thinking this might be related to installed fonts, but since the PDF has an embedded font, it seems unlikely. -- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/poppler/poppler/issues/107. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
==20495==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000c66214 at pc 0x000000a9e07c bp 0x7ffc90fe2e90 sp 0x7ffc90fe2e88 READ of size 1 at 0x602000c66214 thread T0 #0 0xa9e07b in Splash::fillGlyph2(int, int, SplashGlyphBitmap*, bool) poppler/splash/Splash.cc:2889:59 #1 0xa9787d in Splash::fillChar(double, double, int, SplashFont*) poppler/splash/Splash.cc:2753:5 #2 0xa37c96 in SplashOutputDev::drawChar(GfxState*, double, double, double, double, double, double, unsigned int, int, unsigned int*, int) poppler/poppler/SplashOutputDev.cc:2466:13 #3 0x8aa6c3 in Gfx::doShowText(GooString const*) poppler/poppler/Gfx.cc:4049:14 #4 0x86c687 in Gfx::opShowText(Object*, int) poppler/poppler/Gfx.cc:3776:3 #5 0x88b290 in Gfx::go(bool) poppler/poppler/Gfx.cc:747:7 #6 0x889f45 in Gfx::display(Object*, bool) poppler/poppler/Gfx.cc:709:3 #7 0x97adf0 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) poppler/poppler/Page.cc:560:10 #8 0x7a439f in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) poppler/poppler/PDFDoc.cc:550:20 #9 0xa28303 in poppler::page_renderer::render_page(poppler::page const*, double, double, int, int, int, int, poppler::rotation_enum) const poppler/cpp/poppler-page-renderer.cpp:180:13