Bug 3344

Summary: Segfault on startup
Product: poppler Reporter: Corrin Lakeland <lakeland>
Component: generalAssignee: Kristian Høgsberg <krh>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: high CC: aacid
Version: unspecified   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: this is the pdf that crashes it

Description Corrin Lakeland 2005-05-19 17:13:44 UTC 
Hi, I just upgraded from kpdf from kde3.4 to kpdf from subversion yesterday and  
installed poppler-0.3.2 in the process.  Since then things have generally been 
working well, but on one pdf I get segfaults (it also segfaults an older xpdf, 
but not gv).
Comment 1 Corrin Lakeland 2005-05-19 17:14:51 UTC 
Created attachment 2711 [details]
this is the pdf that crashes it
Comment 2 Kristian Høgsberg 2005-05-20 12:00:16 UTC 
kpdf doesn't use poppler yet, as far as I know...  I did however reproduce the
crash, so I'll take a look.
Comment 3 Albert Astals Cid 2005-07-26 21:24:48 UTC 
The problem is that our type 1 font parser is not robust enough to handle  
erroneus Encoding tables like   
  
/Encoding 256 array  
0 1 255 {1 index exch /.notdef put} for  
dup 33 /arrowright put  
dup 50 /element put  
dup 54 /negationslash put  
dup 63 /perpendicular put  
dup 70 /F put  
dup 72 /H put  
dup 76 /L put  
dup 88 /X put  
dup 91 /union put  
dup 92 /intersection put  
dup 94 /logicaland put  
dup 102 /braceleft put  
dup 103 /braceright put  
dup 106 /bar put  
dup 161 /minus put  
dup 183 /lessequal put  
dup 184 /greaterequal put  
dup dup 161 10 getinterval 0 exch putinterval dup dup 173 23 getinterval 10  
exch putinterval dup dup 127 exch 196 get put readonly def  
  
I'm still trying to find if the last line (that is what our parser does not 
understand) is supposed to mean anything or we can just skip it. For example 
http://partners.adobe.com/public/developer/en/font/T1_SPEC.PDF seems to imply 
it is completely incorrect
Comment 4 Kristian Høgsberg 2005-07-27 03:06:57 UTC 
Created attachment 3154 [details] [review]
the patch

Here's a patch that fixes the problem.	The issue is that the type1 parser only
looks for the termination of the Encoding array in lines that don't begin with
'dup' and then only if the line is 'def' 'readonly ...' or '... def'.

The patch terminates the encoding array simply if a line begins with 'def' or
contain ' def'.  This is to avoid a char name like /somedef terminating the
encoding array prematurely.
Comment 5 Kristian Høgsberg 2005-07-27 06:34:34 UTC 
Committed to CVS.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.