103582 – poppler-0.61: SIGABRT on broken range dictionary

Bug 103582 - poppler-0.61: SIGABRT on broken range dictionary

Summary: poppler-0.61: SIGABRT on broken range dictionary

Status:	RESOLVED FIXED

Alias:	None

Product:	poppler
Classification:	Unclassified
Component:	general (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	poppler-bugs
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-11-05 18:51 UTC by LE GARREC Vincent
Modified:	2017-11-12 23:38 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
wrong_range_dictionary.pdf (3.38 KB, application/pdf) 2017-11-05 18:51 UTC, LE GARREC Vincent	Details
View All

Description LE GARREC Vincent 2017-11-05 18:51:56 UTC

Created attachment 135248 [details]
wrong_range_dictionary.pdf

Hi,

Still playing with fuzzer, a wrong Range dictionary is making poppler (and evince) crash.

pdftohtml wrong_range_dictionary.pdf /tmp/

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff71b4c07 in __GI_abort () at abort.c:89
#2  0x00007ffff7a77ac2 in Object::getNum (this=<optimized out>) at /home/legarrec/info/programmation/poppler_bis/poppler/Object.h:222
#3  GfxLabColorSpace::parse (arr=<optimized out>, state=state@entry=0x661950) at /home/legarrec/info/programmation/poppler_bis/poppler/GfxState.cc:1588
#4  0x00007ffff7a7830e in GfxColorSpace::parse (res=0x6600e0, csObj=csObj@entry=0x7fffffffd0b0, out=0x65d6a0, state=0x661950, recursion=recursion@entry=0)
    at /home/legarrec/info/programmation/poppler_bis/poppler/GfxState.cc:393
#5  0x00007ffff7a4c48a in Gfx::opSetStrokeColorSpace (this=0x6607c0, args=0x7fffffffd1b0, numArgs=<optimized out>)
    at /home/legarrec/info/programmation/poppler_bis/poppler/Gfx.cc:1537
#6  0x00007ffff7a5664f in Gfx::go (this=this@entry=0x6607c0, topLevel=topLevel@entry=true) at /home/legarrec/info/programmation/poppler_bis/poppler/Gfx.cc:742
#7  0x00007ffff7a56a9b in Gfx::display (this=this@entry=0x6607c0, obj=obj@entry=0x7fffffffd4a0, topLevel=topLevel@entry=true)
    at /home/legarrec/info/programmation/poppler_bis/poppler/Gfx.cc:704
#8  0x00007ffff7aa2041 in Page::displaySlice (this=0x660600, out=0x65d6a0, hDPI=108, vDPI=108, rotate=0, useMediaBox=<optimized out>, crop=false, 
    sliceX=sliceX@entry=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, 
    annotDisplayDecideCbkData=0x0, copyXRef=false) at /home/legarrec/info/programmation/poppler_bis/poppler/Page.cc:560
#9  0x00007ffff7aa22b8 in Page::display (this=<optimized out>, out=<optimized out>, hDPI=<optimized out>, vDPI=<optimized out>, rotate=<optimized out>, 
    useMediaBox=<optimized out>, crop=<optimized out>, printing=<optimized out>, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, 
    annotDisplayDecideCbkData=0x0, copyXRef=false) at /home/legarrec/info/programmation/poppler_bis/poppler/Page.cc:481
#10 0x00007ffff7aa69c9 in PDFDoc::displayPages (this=this@entry=0x65b7f0, out=out@entry=0x65d6a0, firstPage=<optimized out>, lastPage=1, hDPI=108, vDPI=108, 
    rotate=rotate@entry=0, useMediaBox=useMediaBox@entry=true, crop=false, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, 
    annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0) at /home/legarrec/info/programmation/poppler_bis/poppler/PDFDoc.cc:503
#11 0x0000000000409b22 in main (argc=<optimized out>, argv=<optimized out>) at /home/legarrec/info/programmation/poppler_bis/utils/pdftohtml.cc:389

Comment 1 Albert Astals Cid 2017-11-12 23:38:00 UTC

Fix pushed

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.