105970 – index -1 out of bounds in XRef::constructXRef

Bug 105970 - index -1 out of bounds in XRef::constructXRef

Summary: index -1 out of bounds in XRef::constructXRef

Status:	RESOLVED FIXED

Alias:	None

Product:	poppler
Classification:	Unclassified
Component:	general (show other bugs)
Version:	unspecified
Hardware:	x86-64 (AMD64) All

Importance:	medium normal
Assignee:	poppler-bugs
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-04-10 12:37 UTC by pdknsk
Modified:	2018-05-01 00:48 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments
PDF (10 bytes, application/pdf) 2018-04-10 12:38 UTC, pdknsk	Details
View All

Description pdknsk 2018-04-10 12:37:45 UTC

poppler/poppler/XRef.cc:943:21: runtime error: index -1 out of bounds for type 'char [256]'
    #0 0x5e62fd in XRef::constructXRef(bool*, bool) poppler/poppler/XRef.cc:943:21
    #1 0x5e502f in XRef::XRef(BaseStream*, long long, long long, bool*, bool) poppler/poppler/XRef.cc:324:18
    #2 0x595aec in PDFDoc::setup(GooString*, GooString*) poppler/poppler/PDFDoc.cc:282:14
    #3 0x5960f7 in PDFDoc::PDFDoc(BaseStream*, GooString*, GooString*, void*) poppler/poppler/PDFDoc.cc:251:8
    #4 0x4b0b1a in poppler::document_private::document_private(char const*, int, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) poppler/cpp/poppler-document.cpp:108:15
    #5 0x4b6306 in poppler::document::load_from_raw_data(char const*, int, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) poppler/cpp/poppler-document.cpp:1099:33

Comment 1 pdknsk 2018-04-10 12:38:31 UTC

Created attachment 138730 [details]
PDF

Comment 2 Albert Astals Cid 2018-04-10 22:55:49 UTC

Which sanitizer is that?

Comment 3 pdknsk 2018-04-11 13:05:06 UTC

UndefinedBehavior

Comment 4 Albert Astals Cid 2018-04-12 20:09:40 UTC

I can not reproduce that, can you reproduce it with any of our tools? 
i'm assuming you have some app you created yourself?
Also you really need to be more verbose, like what version are you using

Comment 5 pdknsk 2018-04-15 23:28:25 UTC

I'm using the latest code. I can also reproduce it with poppler-render.

$ cpp/tests/poppler-render poppler-105970.pdf -o tmp.png

poppler/poppler/XRef.cc:943:21: runtime error: index -1 out of bounds for type 'char [256]'
    #0 0x612e32 in XRef::constructXRef(bool*, bool) poppler/poppler/XRef.cc:943:21
    #1 0x61185d in XRef::XRef(BaseStream*, long long, long long, bool*, bool) poppler/poppler/XRef.cc:324:18
    #2 0x59fec6 in PDFDoc::setup(GooString*, GooString*) poppler/poppler/PDFDoc.cc:282:14
    #3 0x59fb0a in PDFDoc::PDFDoc(GooString*, GooString*, GooString*, void*) poppler/poppler/PDFDoc.cc:182:8
    #4 0x403dc1 in poppler::document_private::document_private(GooString*, std::string const&, std::string const&) poppler/cpp/poppler-document.cpp:77:15
    #5 0x409677 in poppler::document::load_from_file(std::string const&, std::string const&, std::string const&) poppler/cpp/poppler-document.cpp:1047:33
    #6 0x401a42 in main poppler/cpp/tests/poppler-render.cpp:84:44

Comment 6 Albert Astals Cid 2018-04-16 16:12:22 UTC

Interestingly only the undefined sanitizer of clang gives this error and not the gcc one.

Comment 7 Albert Astals Cid 2018-05-01 00:48:30 UTC

Fixed in master

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.