Bug 99357

Summary: Fix segfault/assert if LinkDestination is constructed with invalid input string
Product: poppler Reporter: Christoph Cullmann <cullmann>
Component: qt frontendAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Patch to fix it

Description Christoph Cullmann 2017-01-11 09:03:25 UTC
Created attachment 128883 [details] [review]
Patch to fix it

Fix segfault/assert if LinkDestination is constructed with invalid input string.

.at(...) will fail if we have not enough components, fix: create invalid default destination if not enough elements there.
Comment 1 Albert Astals Cid 2017-01-11 22:22:19 UTC
Are you feeding a string directly to this?
Comment 2 Christoph Cullmann 2017-01-12 06:01:01 UTC
In my case yes, but in any case invalid data should not crash it, or?
Comment 3 Albert Astals Cid 2017-01-12 22:14:22 UTC
You're not supposed to do that, it's marked internal for a reason, actually it should be private with friend access. Why are you feeding strings directly to it?
Comment 4 Christoph Cullmann 2017-01-12 22:36:57 UTC
I do that e.g. to handle table of contents, just like okular does it in generator_pdf.cpp, too:

     if (!e.attribute(QStringLiteral("Destination")).isNull())
        {
            Okular::DocumentViewport vp;
            fillViewportFromLinkDestination( vp, Poppler::LinkDestination(e.attribute(QStringLiteral("Destination"))) );
            item.setAttribute( QStringLiteral("Viewport"), vp.toString() );
        }

=> if you have any broken entry there, that will segfault, which IMHO is not nice.

Now you can argue that the toc QDomDocument should contain only wellformed things, still I see no real point in not avoiding the doom in the constructor as that check is really cheap.
Comment 5 Christoph Cullmann 2017-01-12 22:38:09 UTC
Actually my code is here:

https://github.com/AbsInt/FirstAid/blob/master/src/tocdock.cpp
Comment 6 Albert Astals Cid 2017-01-12 22:45:48 UTC
it only contains nice things because it's created by poppler-qt itself so yes, it's only nice things.
Comment 7 Albert Astals Cid 2017-01-12 22:46:47 UTC
If you're going to care about people passing stupidly wrong strings to that function, at least add a warning saying "your string is wrong you fool" and don't silently fail.
Comment 8 Christoph Cullmann 2017-01-12 22:52:02 UTC
It doesn't fail, you will just get a default constructed invalid destination which you can nicely check afterwards e.g. for page not > 0.

It is just the same as if you pass any other garbage string that has enough separators, there you get ATM silently converted garbage values, but no segfault.
Comment 9 Albert Astals Cid 2017-01-12 23:04:16 UTC
Applied, evne if your patch didn't properly apply because the tabs/spaces were messed up
Comment 10 Christoph Cullmann 2017-01-13 06:14:59 UTC
Thanks

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.