Summary: | poppler: missing readEmbFontFile return value checks | ||
---|---|---|---|
Product: | poppler | Reporter: | Tomas Hoger <thoger> |
Component: | general | Assignee: | poppler-bugs <poppler-bugs> |
Status: | RESOLVED FIXED | QA Contact: | |
Severity: | normal | ||
Priority: | medium | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
i915 platform: | i915 features: | ||
Attachments: |
Missing readEmbFontFile return value checks
reproducer |
Description
Tomas Hoger
2009-10-14 06:47:43 UTC
Do you have any file that hits those paths? Also i think we should add error() when that happens Created attachment 30562 [details]
reproducer
Here is a reproducer that I stripped the streams out of -- the originator of this PDF did not want it used in public, so I've done my best to remove anything identifying in it. I still see a NULL deref crash when running it under pdftops, so hopefully it's still useful.
I don't get any crash in pdftops from poppler 0.12.1 with that file :-/ Can you try checking the value of fontLen before / after call to readEmbFontFile? That variable is not initialized anywhere, if you happen to have it set to 0 (or <= 3), it will avoid crash for TrueType font: http://cgit.freedesktop.org/poppler/poppler/tree/fofi/FoFiBase.cc#n150 called from FoFiTrueType::parse(). So you may not see the crash on certain builds. Forcing fontLen to non-0 value prior to call to readEmbFontFile can help reproduce. Ok, i see the problem, i think doing *len = 0; in the error if of GfxFont::readEmbFontFile will fix the problem in a less code intrusive way, what do you think? I got that idea too, but wasn't sure if that's sufficient for FoFiType1C. After another look at FoFiType1C::parse (and FoFiTrueType::parse), it should actually be sufficient. Change commited, thanks for reporting :-) ty, np! for future reference: 4a9bdd30dc353865685e03eb1c1ac6093797695a |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.