Bug 85273

Summary: [pdftoppm] Eternal loop writes infinite data to stderr
Product: poppler Reporter: MH <ravdune+bugzilla>
Component: utilsAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED NOTABUG QA Contact:
Severity: minor    
Priority: medium CC: fdo-bugs, henri+freedesktop
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: pdftoppm-eternalloop-stderr.pdf
Unfuzzed file

Description MH 2014-10-21 06:32:56 UTC
Created attachment 108147 [details]
pdftoppm-eternalloop-stderr.pdf

OS: Fedora 20 (running in virtualbox)
Dependencies installed with: yum-builddep poppler
Version: GIT Master
Command line for loop demonstration: master/utils/pdftoppm <attached.pdf> /dev/null

#############################################################################
GDB output:

Starting program: /home/foobar/poppler/utils/.libs/lt-pdftoppm eternalloop-stderr-909-pdftoppmfuzz-3.pdf /dev/null

Syntax Error: XObject 'x257' is wrong typeSyntax Error (59739): Bad 'Length' attribute in stream
Syntax Error (59826): Unknown operator '<16>33'
Syntax Error (59826): Too few (1) args to 'l' operator
Syntax Error (60476): Bad 'Length' attribute in stream
Syntax Error (60512): Unknown operator 'x<9c>+<e4>2P'
Syntax Error: Unterminated string

<<<
Syntax Error: Unknown operator '<c1>'
Syntax Error: Unknown operator 'w<05><fd>D<03><85><f4>b.<03>=<0b><85>r<a0><a8><17><10>gqE<c7>*<18><e8><19>'
Syntax Error: Leftover args in content stream
Syntax Error (60476): Bad 'Length' attribute in stream
Syntax Error (60512): Unknown operator 'x<9c>+<e4>2P'
Syntax Error: Unterminated string
>>> <-- repeats infinitely
Comment 1 Adrian Johnson 2014-10-21 11:01:16 UTC
It would help if you tells us exactly what has been fuzzed in the pdf. If I have to spend more than 15 minutes trying to figure out the cause I will give up and find something more interesting to work on.
Comment 2 MH 2014-10-21 11:40:44 UTC
I have no idea, I just run it through a mutational fuzzer and wait for a crash. Besides, if you mutate hard enough it becomes almost impossible to figure out what the parser interprets the mutation as anyway, or if the problem is in the parser or later. I try to minimize the file size with the bug, but honestly I don't even have any way of analyzing a PDF's contents anyway.

What do you use to get detailed information out of a PDF?
Comment 3 Adrian Johnson 2014-10-21 11:50:33 UTC
(In reply to MH from comment #2)
> but honestly I don't even have any way of analyzing a PDF's contents
> anyway.

If you attach the original I can figure out what changed,
 
> What do you use to get detailed information out of a PDF?

A text editor and a copy of the PDF Reference.
Comment 4 MH 2014-10-21 12:08:55 UTC
Created attachment 108166 [details]
Unfuzzed file

Ah! Of course! Do you want unfuzzed files to the other reports as well?

3767c3767
< << /Length 318 0 R
---
> << �/Length 318 0 R

Guessing it's this one, unknown operator etc.
Comment 5 Adrian Johnson 2014-10-21 12:17:01 UTC
(In reply to MH from comment #4)
> Do you want unfuzzed files to the other reports as well?

Yes
Comment 6 MH 2014-10-21 13:50:15 UTC
Done. Also changed a lot of MIME types to application/pdf, didn't even notice that was a thing, whoops :)
Comment 7 Albert Astals Cid 2016-10-09 20:57:11 UTC
Honestly i don't think it's eternal at all, it's just that there's a veeeeeeeeeeeeeeery big pattern fill (with 28954318 steps) and patterns are slow to draw, but if you give it enough time, i'm almost sure it'll finish.
Comment 8 Henri Salo 2017-09-04 06:58:11 UTC
File processed without issues in real 317m49.546s user 244m13.872s.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.