| Summary: | [pdftotext] Segfault in TextOutputDev.cc:478 | ||
|---|---|---|---|
| Product: | poppler | Reporter: | MH <ravdune+bugzilla> |
| Component: | general | Assignee: | poppler-bugs <poppler-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | medium | CC: | fdo-bugs, hanno |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: |
Crash reproduction PDFs as described
238-unfuzzed |
||
I apologize, I forgot to mention that all tests done running pdftotext with following line: libtool --mode=execute gdb ./pdftotext GDB relevant lines: Reading symbols from /home/foobar/poppler/utils/.libs/lt-pdftotext...done. Starting program: /home/foobar/poppler/utils/.libs/lt-pdftotext ~/238-fuzz-10.pdf /dev/null Created attachment 108175 [details]
238-unfuzzed
Attached (one) unfuzzed file as per request.
Fix pushed. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 107817 [details] Crash reproduction PDFs as described All tests done in master. They all fail the same way, was not sure if they all were the same bug or not, seems like a parser/lexer bug. Attached the following files to TextOutputDev-478-crashes.zip * 238-fuzz-10.pdf * 257-fuzz-19.pdf * 427-fuzz-11.pdf * 476-fuzz-8.pdf * 579-fuzz-6.pdf ######################################### (gdb) run ~/238-fuzz-10.pdf /dev/null Segmentation fault (core dumped) gdb info: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7add4f1 in primaryCmp (word=0x1000000005, this=0x725ef0) at TextOutputDev.cc:478 478 cmp = xMin - word->xMin; ######################################### (gdb) run ~/257-fuzz-19.pdf /dev/null ... <snipped lot of errors> Syntax Error (123860): Illegal character <74> in hex string Syntax Error (123861): Illegal character <68> in hex string Syntax Error (123862): Illegal character <6f> in hex string Syntax Error (123863): Illegal character <72> in hex string Syntax Error (6734): Illegal character ')' Syntax Error (6738): Illegal character ')' Syntax Error: Unterminated string Syntax Error: End of file inside array Syntax Error: Leftover args in content stream Segmentation fault (core dumped) Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7add4f1 in primaryCmp (word=0x63c363ab6394637c, this=0x697590) at TextOutputDev.cc:478 478 cmp = xMin - word->xMin; ######################################### (gdb) run ~/427-fuzz-11.pdf ... <snipped lot of errors> Syntax Error (17835): Illegal character <2b> in hex string Syntax Error (17836): Illegal character <4a> in hex string Syntax Error (17837): Dictionary key must be a name object Syntax Error (17839): Dictionary key must be a name object Syntax Error (17862): Dictionary key must be a name object Syntax Error (17875): Dictionary key must be a name object Syntax Error (17875): Illegal character '}' Syntax Error (17875): Dictionary key must be a name object Syntax Error (17896): Dictionary key must be a name object Syntax Error (17900): Dictionary key must be a name object Syntax Error (17907): Dictionary key must be a name object Syntax Error (17907): Illegal character '}' Syntax Error (181): XObject 'Im1' is wrong type Segmentation fault (core dumped) Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7add4f1 in primaryCmp (word=0x9f000800170008, this=0x645b50) at TextOutputDev.cc:478 478 cmp = xMin - word->xMin; ######################################### (gdb) run ~/476-fuzz-8.pdf /dev/null Syntax Error (3232): Dictionary key must be a name object Syntax Error: font resource is not a dictionary Syntax Error: font resource is not a dictionary Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7add4f1 in primaryCmp (word=0x5ddf5dcb5db65da2, this=0x655160) at TextOutputDev.cc:478 478 cmp = xMin - word->xMin; ######################################### (gdb) run ~/579-fuzz-6.pdf /dev/null Syntax Error (384798): Illegal character ')' Syntax Error: Couldn't find trailer dictionary Syntax Error (15048): Illegal character ')' Syntax Error (15057): Arg #0 to 'Tj' operator is wrong type (error) Syntax Error (15062): Unknown operator ':ti0.02' Syntax Error (15064): Unknown operator 'ii' Syntax Error (15066): Too few (0) args to 'v' operator Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7add4f1 in primaryCmp (word=0xfa, this=0x667a80) at TextOutputDev.cc:478 478 cmp = xMin - word->xMin; #########################################