Bug 85234 - [pdfseparate] Segfault in XRef.cc:1609
Summary: [pdfseparate] Segfault in XRef.cc:1609
Status: RESOLVED FIXED
Alias: None
Product: poppler
Classification: Unclassified
Component: utils (show other bugs)
Version: unspecified
Hardware: All All
: medium normal
Assignee: poppler-bugs
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-20 11:27 UTC by MH
Modified: 2014-11-03 18:12 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
segfault-XRef.cc:1609.pdf (38.04 KB, application/pdf)
2014-10-20 11:27 UTC, MH 		Details
fix crash (1.34 KB, patch)
2014-10-20 12:16 UTC, Adrian Johnson 		Details | Splinter Review
View All

Description MH 2014-10-20 11:27:00 UTC 
Created attachment 108109 [details]
segfault-XRef.cc:1609.pdf

OS: Fedora 20 (running in virtualbox)
Dependencies installed with: yum-builddep poppler
Version: GIT Master
Command line: master/utils/pdfseparate <attached.pdf> /dev/null

###############################################################################
GDB output:

Reading symbols from /home/foobar/poppler/utils/.libs/lt-pdfseparate...done.
Starting program: /home/foobar/poppler/utils/.libs/lt-pdfseparate segfault-xref.cc-1609-1-pdfseparatefuzz-12.pdf /dev/null

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7ac60a1 in XRef::getEntry (this=0x635ff0, i=2147483647, complainIfMissing=complainIfMissing@entry=true) at XRef.cc:1609
1609      if (entries[i].type == xrefEntryNone) {
Comment 1 Adrian Johnson 2014-10-20 12:16:27 UTC 
Created attachment 108115 [details] [review]
fix crash

Not sure if this is the best fix.
Comment 2 Albert Astals Cid 2014-11-03 10:44:07 UTC 
I can't reproduce the crash at all.

Adrian can you?

tsdgeos@inspiron:~/poppler$ valgrind ./build-new/utils/pdfseparate ~/pdf/attachment.cgi\?id\=108109 /dev/null 
==9468== Memcheck, a memory error detector
==9468== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==9468== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==9468== Command: ./build-new/utils/pdfseparate /home/tsdgeos/pdf/attachment.cgi?id=108109 /dev/null
==9468== 
Syntax Error: Bad object number
Syntax Error: Bad object number
Syntax Error: Couldn't read xref table
Syntax Error: Could not extract page(s) from damaged file ('/home/tsdgeos/pdf/attachment.cgi?id=108109')
==9468== 
==9468== HEAP SUMMARY:
==9468==     in use at exit: 34,125 bytes in 21 blocks
==9468==   total heap usage: 5,365 allocs, 5,344 frees, 567,630 bytes allocated
==9468== 
==9468== LEAK SUMMARY:
==9468==    definitely lost: 96 bytes in 1 blocks
==9468==    indirectly lost: 33,972 bytes in 11 blocks
==9468==      possibly lost: 0 bytes in 0 blocks
==9468==    still reachable: 57 bytes in 9 blocks
==9468==         suppressed: 0 bytes in 0 blocks
==9468== Rerun with --leak-check=full to see details of leaked memory
==9468== 
==9468== For counts of detected and suppressed errors, rerun with: -v
==9468== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Comment 3 Adrian Johnson 2014-11-03 12:07:11 UTC 
(In reply to Albert Astals Cid from comment #2)
> I can't reproduce the crash at all.
> 
> Adrian can you?

Yes. I'm using gcc 4.9.1 on Debian testing. I can reproduce with either -O2 or -O0.
Comment 4 Albert Astals Cid 2014-11-03 12:16:00 UTC 
Ha! i segfaults in 64bit but not in 32 bit :D
Comment 5 Albert Astals Cid 2014-11-03 18:12:13 UTC 
Seems sane and fixes the crash so i've pushed it.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.