Created attachment 107817 [details] Crash reproduction PDFs as described All tests done in master. They all fail the same way, was not sure if they all were the same bug or not, seems like a parser/lexer bug. Attached the following files to TextOutputDev-478-crashes.zip * 238-fuzz-10.pdf * 257-fuzz-19.pdf * 427-fuzz-11.pdf * 476-fuzz-8.pdf * 579-fuzz-6.pdf ######################################### (gdb) run ~/238-fuzz-10.pdf /dev/null Segmentation fault (core dumped) gdb info: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7add4f1 in primaryCmp (word=0x1000000005, this=0x725ef0) at TextOutputDev.cc:478 478 cmp = xMin - word->xMin; ######################################### (gdb) run ~/257-fuzz-19.pdf /dev/null ... <snipped lot of errors> Syntax Error (123860): Illegal character <74> in hex string Syntax Error (123861): Illegal character <68> in hex string Syntax Error (123862): Illegal character <6f> in hex string Syntax Error (123863): Illegal character <72> in hex string Syntax Error (6734): Illegal character ')' Syntax Error (6738): Illegal character ')' Syntax Error: Unterminated string Syntax Error: End of file inside array Syntax Error: Leftover args in content stream Segmentation fault (core dumped) Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7add4f1 in primaryCmp (word=0x63c363ab6394637c, this=0x697590) at TextOutputDev.cc:478 478 cmp = xMin - word->xMin; ######################################### (gdb) run ~/427-fuzz-11.pdf ... <snipped lot of errors> Syntax Error (17835): Illegal character <2b> in hex string Syntax Error (17836): Illegal character <4a> in hex string Syntax Error (17837): Dictionary key must be a name object Syntax Error (17839): Dictionary key must be a name object Syntax Error (17862): Dictionary key must be a name object Syntax Error (17875): Dictionary key must be a name object Syntax Error (17875): Illegal character '}' Syntax Error (17875): Dictionary key must be a name object Syntax Error (17896): Dictionary key must be a name object Syntax Error (17900): Dictionary key must be a name object Syntax Error (17907): Dictionary key must be a name object Syntax Error (17907): Illegal character '}' Syntax Error (181): XObject 'Im1' is wrong type Segmentation fault (core dumped) Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7add4f1 in primaryCmp (word=0x9f000800170008, this=0x645b50) at TextOutputDev.cc:478 478 cmp = xMin - word->xMin; ######################################### (gdb) run ~/476-fuzz-8.pdf /dev/null Syntax Error (3232): Dictionary key must be a name object Syntax Error: font resource is not a dictionary Syntax Error: font resource is not a dictionary Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7add4f1 in primaryCmp (word=0x5ddf5dcb5db65da2, this=0x655160) at TextOutputDev.cc:478 478 cmp = xMin - word->xMin; ######################################### (gdb) run ~/579-fuzz-6.pdf /dev/null Syntax Error (384798): Illegal character ')' Syntax Error: Couldn't find trailer dictionary Syntax Error (15048): Illegal character ')' Syntax Error (15057): Arg #0 to 'Tj' operator is wrong type (error) Syntax Error (15062): Unknown operator ':ti0.02' Syntax Error (15064): Unknown operator 'ii' Syntax Error (15066): Too few (0) args to 'v' operator Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7add4f1 in primaryCmp (word=0xfa, this=0x667a80) at TextOutputDev.cc:478 478 cmp = xMin - word->xMin; #########################################
I apologize, I forgot to mention that all tests done running pdftotext with following line: libtool --mode=execute gdb ./pdftotext GDB relevant lines: Reading symbols from /home/foobar/poppler/utils/.libs/lt-pdftotext...done. Starting program: /home/foobar/poppler/utils/.libs/lt-pdftotext ~/238-fuzz-10.pdf /dev/null
Created attachment 108175 [details] 238-unfuzzed Attached (one) unfuzzed file as per request.
Fix pushed.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.