Bug 91344

Summary: Crash: Internal Error (0): Call to Object where the object was type 7, not the expected type 9
Product: poppler Reporter: LE GARREC Vincent <freedesktop>
Component: pdftohtmlAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: crash.pdf

Description LE GARREC Vincent 2015-07-15 04:34:55 UTC
Created attachment 117131 [details]
crash.pdf

Dear,

I was playing with AFL (American Fuzzy Lop) and after some time, it found a testcase where pdftohtml crashes.

Syntax Error: End of file inside dictionary
Syntax Error: End of file inside dictionary
Syntax Error: Pages top-level is a single Page. The document is mal-formet, trying to recover...
Internal Error (0): Call to Object where the object was type 7, not the expected type 9
Abandon (core dumped)
Program received signal SIGABRT, Aborted.
#0  0x00007ffff6efad9b in __GI_raise (sig=sig@entry=6)
    at ../sysdeps/unix/sysv/linux/raise.c:55
#1  0x00007ffff6efc261 in __GI_abort () at abort.c:89
#2  0x00007ffff76f3fce in getRef (this=<optimized out>, this=<optimized out>)
    at /home/legarrec/info/programmation/tmp/afl/poppler/poppler/Object.h:211
#3  Catalog::getNumPages (this=0x6714f0)
    at /home/legarrec/info/programmation/tmp/afl/poppler/poppler/Catalog.cc:831
#4  0x00007ffff78f6296 in PDFDoc::getNumPages (this=this@entry=0x670e10)
    at /home/legarrec/info/programmation/tmp/afl/poppler/poppler/PDFDoc.cc:1878
#5  0x000000000040a680 in main (argc=2, argv=<optimized out>)
    at /home/legarrec/info/programmation/tmp/afl/poppler/utils/pdftohtml.cc:329

I worked with poppler from git.

I also find a testcase where a 863 bytes file run into infinity loop. Should I also send another bug report ?
Regards,
Comment 1 Albert Astals Cid 2015-07-15 11:08:51 UTC
> I also find a testcase where a 863 bytes file run into infinity loop. Should I also send another bug report ?

Yes
Comment 2 Albert Astals Cid 2015-07-15 21:59:35 UTC
Fixed, thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.