| Summary: | The patch for a crash when "IRT" object is present | ||
|---|---|---|---|
| Product: | poppler | Reporter: | tlknv <tlknv> |
| Component: | general | Assignee: | poppler-bugs <poppler-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | medium | CC: | arun, dang |
| Version: | unspecified | ||
| Hardware: | x86 (IA32) | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: | The patch for a crash when "IRT" object is present | ||
|
Description
tlknv
2008-07-07 11:10:27 UTC
Can you please attach a pdf that triggers such a crash? Sorry. I can't attach that pdf. It's a private data. If you have any pdf that causes execution of the line
inReplyTo = obj1.getDict();
then you get a crash with pdftohtml for sure.
Anyway the logic is simple. Without inReplyTo->incRef() the nearest
obj1.free() destroys/frees the object pointed by inReplyTo. So inReplyTo points to freed memory. Just in case, I compiled it under MSVC 2005.
*** Bug 16762 has been marked as a duplicate of this bug. *** Fixed in a different way. Thanks for fixing this. About when can we expect the next release? I ask because that'll help us decide whether we should ship this fix now in Gentoo or just wait. My calendar says tomorrow 28/07 for poppler 0.8.5 but i've still some patches on the pipeline to review and apply, but anyway i'll be "soon" |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.