Created attachment 136661 [details] GfxFunctionShading.pdf Abort similar with #104354 I think that with time, the fuzzer will find documents that crash on every call of getNum, getBool, etc... backtrace: #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007ffff6d5ecaf in __GI_abort () at abort.c:90 #2 0x00007ffff77f798c in Object::getNum (this=<optimized out>) at /home/legarrec/info/programmation/poppler/poppler/Object.h:230 #3 GfxFunctionShading::parse (res=res@entry=0x5555557d64b0, dict=dict@entry=0x5555557d99b0, out=out@entry=0x5555557d6670, state=state@entry=0x5555557da510) at /home/legarrec/info/programmation/poppler/poppler/GfxState.cc:3763 #4 0x00007ffff78081f3 in GfxShading::parse (res=res@entry=0x5555557d64b0, obj=obj@entry=0x7fffffffd0c0, out=out@entry=0x5555557d6670, state=state@entry=0x5555557da510) at /home/legarrec/info/programmation/poppler/poppler/GfxState.cc:3576 #5 0x00007ffff772b3b5 in GfxResources::lookupShading (this=<optimized out>, name=0x5555557da860 "Sh0", out=0x5555557d6670, state=0x5555557da510) at /home/legarrec/info/programmation/poppler/poppler/Gfx.cc:479 #6 0x00007ffff775210d in Gfx::opShFill (this=0x5555557d9740, args=<optimized out>, numArgs=<optimized out>) at /home/legarrec/info/programmation/poppler/poppler/Gfx.cc:2400 #7 0x00007ffff774e8e1 in Gfx::go (this=this@entry=0x5555557d9740, topLevel=topLevel@entry=true) at /home/legarrec/info/programmation/poppler/poppler/Gfx.cc:738 #8 0x00007ffff7750834 in Gfx::display (this=this@entry=0x5555557d9740, obj=obj@entry=0x7fffffffd4d0, topLevel=topLevel@entry=true) at /home/legarrec/info/programmation/poppler/poppler/Gfx.cc:700 #9 0x00007ffff78a8281 in Page::displaySlice (this=0x5555557d9670, out=0x5555557d6670, hDPI=108, vDPI=108, rotate=0, useMediaBox=<optimized out>, crop=<optimized out>, sliceX=sliceX@entry=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at /home/legarrec/info/programmation/poppler/poppler/Page.cc:560 #10 0x00007ffff78a8aef in Page::display (this=<optimized out>, out=<optimized out>, hDPI=<optimized out>, vDPI=<optimized out>, rotate=<optimized out>, useMediaBox=<optimized out>, crop=<optimized out>, printing=<optimized out>, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at /home/legarrec/info/programmation/poppler/poppler/Page.cc:481 #11 0x00007ffff78be705 in PDFDoc::displayPages (this=0x5555557d5700, out=0x5555557d6670, firstPage=<optimized out>, lastPage=1, hDPI=108, vDPI=108, rotate=0, useMediaBox=true, crop=false, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0) at /home/legarrec/info/programmation/poppler/poppler/PDFDoc.cc:527 #12 0x00005555555612e8 in main (argc=<optimized out>, argv=<optimized out>) at /home/legarrec/info/programmation/poppler/utils/pdftohtml.cc:392
Console output: Syntax Warning: EOF while reading header (continuing anyway) Syntax Error: End of file inside dictionary Syntax Warning: No valid XRef size in trailer Syntax Error (202): Dictionary key must be a name object Syntax Error (208): Dictionary key must be a name object Syntax Error: End of file inside dictionary Syntax Error (202): Dictionary key must be a name object Syntax Error (208): Dictionary key must be a name object Syntax Error: End of file inside dictionary Syntax Error (180): Dictionary key must be a name object Syntax Error (181): Dictionary key must be a name object Syntax Error (188): Dictionary key must be a name object Syntax Error (202): Dictionary key must be a name object Syntax Error (208): Dictionary key must be a name object Syntax Error: End of file inside dictionary Syntax Error (202): Dictionary key must be a name object Syntax Error (208): Dictionary key must be a name object Syntax Error: End of file inside dictionary Syntax Error (202): Dictionary key must be a name object Syntax Error (208): Dictionary key must be a name object Syntax Error: End of file inside dictionary Syntax Error (180): Dictionary key must be a name object Syntax Error (181): Dictionary key must be a name object Syntax Error (188): Dictionary key must be a name object Syntax Error (202): Dictionary key must be a name object Syntax Error (208): Dictionary key must be a name object Syntax Error: End of file inside dictionary Syntax Error (202): Dictionary key must be a name object Syntax Error (208): Dictionary key must be a name object Syntax Error: End of file inside dictionary Syntax Error (38): Bad 'Length' attribute in stream Syntax Error: Invalid XRef entry Syntax Error (57): Missing 'endstream' or incorrect stream length Syntax Error (46): Unknown operator 't' Syntax Error (48): Unknown operator 't' Syntax Error (52): Unknown operator 't' Syntax Error (57): Unknown operator 'V' Syntax Error (57): Unexpected end of file in flate stream Internal Error (0): Call to Object where the object was type 10, not the expected type 1, 14 or 2
Well, it takes 2 seconds to fix, so you can continue doing this until you get bored :)
No problem ^^ I have to be honest, I'm using poppler to play with fuzzer and it work great. When I will get "bored", I think I will fill a bug to ask you if you will be okay (and happy of course) to subscribe poppler to OSS-Fuzz [1]. LibreOffice using it with all his parser and it looks to work well. But, we'll speak about it in time. [1] https://github.com/google/oss-fuzz
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.