Circular reference using in (stream) object's /Length attribute can cause poppler's PDF parser to enter an infinite loop (deep recursion), leading to program crash once all stack memory is exhausted. This can happen when object's /Length attribute refers to the same object, but the loop can also contain additional intermediate objects.
Created attachment 36558 [details] Minimal test case One object referring to itself.
Created attachment 36559 [details] Minimal test case with multiple objects /Length reference loop with 3 objects.
Should be fixed in master
(In reply to comment #3) > Should be fixed in master In http://cgit.freedesktop.org/poppler/poppler/commit/?id=b0555189a7 and http://cgit.freedesktop.org/poppler/poppler/commit/?id=3628837feb , it seems. Latest git version no longer crashes on the test files I have for this issue. I wonder if it might make sense to put some arbitrary sane limit on the maximum fetchOriginatorNums set size. For the /Length loop I reported, I suppose sets with more than a few members should be uncommon.
Personally i'll avoid adding an arbitrary limit since finding a sane value is too difficult
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.