Bug 85275

Summary: [pdftops] Segfault in Splash.cc:5825
Product: poppler Reporter: MH <ravdune+bugzilla>
Component: utilsAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: fdo-bugs
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: segfault-Splash.cc:5825.pdf
868-unfuzzed.pdf

Description MH 2014-10-21 06:37:50 UTC 
Created attachment 108149 [details]
segfault-Splash.cc:5825.pdf

OS: Fedora 20 (running in virtualbox)
Dependencies installed with: yum-builddep poppler
Version: GIT Master
Command line for loop demonstration: master/utils/pdftops <attached.pdf> /dev/null

#############################################################################
GDB output:

Starting program: /home/foobar/poppler/utils/.libs/lt-pdftops segfault-splash.cc-5825-868-pdftopsfuzz-15.pdf /dev/null

Syntax Error (1432): ExtGState 'GS0' is wrong type
Bogus memory allocation size

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7b109ab in Splash::blitTransparent (this=0x6528f0, src=0x6487b0, xSrc=xSrc@entry=0, ySrc=ySrc@entry=470, xDest=xDest@entry=0, yDest=yDest@entry=0,
    w=w@entry=1320, h=h@entry=2147483179) at Splash.cc:5825
5825            *p++ = *sp++;
Comment 1 MH 2014-10-21 13:48:35 UTC 
Created attachment 108186 [details]
868-unfuzzed.pdf

Attached unfuzzed file as per request.
Comment 2 Albert Astals Cid 2015-02-07 20:55:15 UTC 
Fix pushed.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.