Summary: | [pdftoppm] Loop tries to read 260335296 bytes | ||
---|---|---|---|
Product: | poppler | Reporter: | MH <ravdune+bugzilla> |
Component: | utils | Assignee: | poppler-bugs <poppler-bugs> |
Status: | RESOLVED NOTABUG | QA Contact: | |
Severity: | normal | ||
Priority: | medium | CC: | fdo-bugs, henri+freedesktop |
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
i915 platform: | i915 features: | ||
Attachments: |
pdftoppm-eternalloop.pdf
828-unfuzzed.pdf |
Created attachment 108184 [details]
828-unfuzzed.pdf
Attached unfuzzed file as per request.
I don't see how this is a bug. Using poppler 0.58.0 and openjpeg 2.2 with following configure output. Building poppler with support for: font configuration: fontconfig splash output: yes cairo output: yes qt4 wrapper: no qt5 wrapper: yes glib wrapper: yes introspection: no cpp wrapper: yes use gtk-doc: no use libjpeg: yes use libpng: yes use libtiff: yes use zlib compress: yes use zlib uncompress: no use nss: no use libcurl: no use libopenjpeg: yes with openjpeg2 use cms: yes with lcms2 command line utils: yes I am unable to reproduce denial of service issues with this sample. As there hasn't been any recent comments from upstream I'm closing this case. I also tested with ASan build. This sample file was processed in ~40 minutes in my test system. I'm curious why there is old cases not properly handled in the issue tracker. Is the issue tracker somewhere else? Developers busy with other projects/life? It's a bit worrying, because poppler is so widely used. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 108146 [details] pdftoppm-eternalloop.pdf OS: Fedora 20 (running in virtualbox) Dependencies installed with: yum-builddep poppler Version: GIT Master Command line for loop demonstration: master/utils/pdftoppm <attached.pdf> /dev/null Tries to read 260,335,296 bytes. ############################################################################# GDB output: Reading symbols from /home/foobar/poppler/utils/.libs/lt-pdftoppm...done. Starting program: /home/foobar/poppler/utils/.libs/lt-pdftoppm eternalloop-eternalread-828-pdftoppmfuzz-6.pdf /dev/null [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Corrupt JPEG data: 19 extraneous bytes before marker 0xc4 ^C Program received signal SIGINT, Interrupt. 0x00007ffff7ab6588 in ImageStream::getLine (this=0x649d80) at Stream.cc:518 518 for ( ; readChars < inputLineSize; readChars++) inputLine[readChars] = EOF; (gdb) print inputLineSize $1 = 260335296