Bug 59561

Summary: Poppler 0.22: Segmentation fault in TextPage::beginWord(GfxState*) [Test Case]
Product: poppler Reporter: Thomas <fischer>
Component: generalAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: medium    
Version: unspecified   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: patch fix

Description Thomas 2013-01-18 13:23:35 UTC 
I found a PDF file online, which makes Okular and my own program using poppler-qt4 crash.
The file itself is 11MB large, so I won't attach it, but you can fetch it at https://msb.se/RibData/Filer/pdf/24918.pdf

Unfortunately, I have no debug build of poppler-0.22 available, but the backtrace of my own program in gdb looks like this:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5489af4 in TextPage::beginWord(GfxState*) () from /usr/lib/libpoppler.so.34
(gdb) bt
#0  0x00007ffff5489af4 in TextPage::beginWord(GfxState*) () from /usr/lib/libpoppler.so.34
#1  0x00007ffff548a3b9 in TextPage::addChar(GfxState*, double, double, double, double, unsigned int, int, unsigned int*, int) () from /usr/lib/libpoppler.so.34
#2  0x00007ffff549143e in ActualText::end(GfxState*) () from /usr/lib/libpoppler.so.34
#3  0x00007ffff5418ef1 in Gfx::opEndMarkedContent(Object*, int) () from /usr/lib/libpoppler.so.34
#4  0x00007ffff541a6c4 in Gfx::go(bool) () from /usr/lib/libpoppler.so.34
#5  0x00007ffff541ab30 in Gfx::display(Object*, bool) () from /usr/lib/libpoppler.so.34
#6  0x00007ffff545c20c in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*) ()
   from /usr/lib/libpoppler.so.34
#7  0x00007ffff7ba6dbb in Poppler::Page::text(QRectF const&, Poppler::Page::TextLayout) const () from /usr/lib/libpoppler-qt4.so.4
#8  0x00007ffff7ba6ebb in Poppler::Page::text(QRectF const&) const () from /usr/lib/libpoppler-qt4.so.4
#9  0x0000000000427f03 in FileAnalyzerPDF::plainText(Poppler::Document*) ()

FileAnalyzerPDF is my own class that uses poppler.

The crash occurs in Okular when flipping from page 4 to page 5, i.e. the first four pages can be viewed without problems.

The test file can be processed with Ghostscript without warnings. Acrobat Reader 10.1.13 under Windows can handle this file, too.

I am using an up-to-date ArchLinux, Okular 0.15.5, KDE 4.9.5, poppler(-qt) 0.22.0-1.
Comment 1 Jose Aliste 2013-01-18 14:25:21 UTC 
Created attachment 73247 [details] [review]
patch fix

We are calling ->getWmode() on a null pointer. Add a null check for that fixes the problem.
Comment 2 Albert Astals Cid 2013-01-19 16:15:35 UTC 
Fixed, thanks!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.