85243 – [pdftops] Segfault in FoFiTrueType.cc:1248

Bug 85243 - [pdftops] Segfault in FoFiTrueType.cc:1248

Summary: [pdftops] Segfault in FoFiTrueType.cc:1248

Status:	RESOLVED FIXED

Alias:	None

Product:	poppler
Classification:	Unclassified
Component:	utils (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	medium normal
Assignee:	poppler-bugs
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-10-20 14:43 UTC by MH
Modified:	2015-02-07 21:22 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
segfault-FoFiTrueType.cc:1248.pdf (37.33 KB, text/plain) 2014-10-20 14:43 UTC, MH	Details
42-unfuzzed.pdf (35.92 KB, application/pdf) 2014-10-21 13:45 UTC, MH	Details
View All

Description MH 2014-10-20 14:43:08 UTC

Created attachment 108119 [details]
segfault-FoFiTrueType.cc:1248.pdf

OS: Fedora 20 (running in virtualbox)
Dependencies installed with: yum-builddep poppler
Version: GIT Master
Command line: master/utils/pdftops <attached.pdf> /dev/null

###############################################################################

GDB output:

Starting program: /home/foobar/poppler/utils/.libs/lt-pdftops segfault-fofitruetype.cc-1248-42-pdftopsfuzz-20.pdf /dev/null

Program received signal SIGSEGV, Segmentation fault.
FoFiTrueType::dumpString (this=<optimized out>, s=0x7fffffffd820 "", length=14394, outputFunc=0x7ffff7ac7f30 <outputToFile(void*, char const*, int)>,
    outputStream=0x642240) at FoFiTrueType.cc:1248
1248          buf = GooString::format("{0:02x}", s[i+j] & 0xff);

Comment 1 MH 2014-10-21 13:45:28 UTC

Created attachment 108181 [details]
42-unfuzzed.pdf

Attached unfuzzed file as per request.

Comment 2 Albert Astals Cid 2015-02-07 21:22:15 UTC

Fix pushed

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.