Bug 85281

Summary: [pdfimages] Segfault in GfxState.cc:2928
Product: poppler Reporter: MH <ravdune+bugzilla>
Component: utilsAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: segfault-GfxState.cc:2928.pdf
283-unfuzzed.pdf

Description MH 2014-10-21 08:48:00 UTC 
Created attachment 108164 [details]
segfault-GfxState.cc:2928.pdf

OS: Fedora 20 (running in virtualbox)
Dependencies installed with: yum-builddep poppler
Version: GIT Master
Command line for loop demonstration: master/utils/pdfimages <attached.pdf> /dev/null

#############################################################################
GDB output:

Reading symbols from /home/foobar/poppler/utils/.libs/lt-pdfimages...done.
Starting program: /home/foobar/poppler/utils/.libs/lt-pdfimages 283-pdfimagesfuzz-2.pdf /dev/null

Syntax Error: Couldn't find trailer dictionary
Syntax Error (9696): Dictionary key must be a name object
Syntax Error (9700): Dictionary key must be a name object
Syntax Error (9700): Dictionary key must be a name object
Syntax Error (9708): Dictionary key must be a name object
Syntax Warning: Couldn't link the profiles
Syntax Warning: Can't create transform
Syntax Warning: Couldn't link the profiles
Syntax Warning: Can't create transform
Syntax Warning: Couldn't link the profiles
Syntax Warning: Can't create transform
Syntax Warning: Couldn't link the profiles
Syntax Warning: Can't create transform
Syntax Error: Function's C0 array is wrong length

Program received signal SIGSEGV, Segmentation fault.
GfxDeviceNColorSpace::copy (this=0x66e5a0) at GfxState.cc:2928
2928        sepsCSA->append(((GfxSeparationColorSpace *) sepsCS->get(i))->copy());
Comment 1 MH 2014-10-21 13:39:48 UTC 
Created attachment 108173 [details]
283-unfuzzed.pdf

Attached unfuzzed file as per request
Comment 2 Albert Astals Cid 2015-01-08 18:52:11 UTC 
Thanks, fixed.
Comment 3 Vadim Rutkovsky 2015-01-09 14:07:06 UTC 
Fails to build here:

../../poppler/GfxState.cc: In member function 'virtual GfxColorSpace* GfxDeviceNColorSpace::copy()':
../../goo/GooLikely.h:15:48: error: invalid conversion from 'GfxSeparationColorSpace*' to 'long int' [-fpermissive]
 # define likely(x)      __builtin_expect((x), 1)
                                                ^
../../poppler/GfxState.cc:3053:9: note: in expansion of macro 'likely'
     if (likely(scs)) {
         ^
Comment 4 Albert Astals Cid 2015-01-09 14:50:28 UTC 
Weird, no idea how it compiled for me in the other folder :S

Fixed

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.