Created attachment 108146 [details] pdftoppm-eternalloop.pdf OS: Fedora 20 (running in virtualbox) Dependencies installed with: yum-builddep poppler Version: GIT Master Command line for loop demonstration: master/utils/pdftoppm <attached.pdf> /dev/null Tries to read 260,335,296 bytes. ############################################################################# GDB output: Reading symbols from /home/foobar/poppler/utils/.libs/lt-pdftoppm...done. Starting program: /home/foobar/poppler/utils/.libs/lt-pdftoppm eternalloop-eternalread-828-pdftoppmfuzz-6.pdf /dev/null [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Corrupt JPEG data: 19 extraneous bytes before marker 0xc4 ^C Program received signal SIGINT, Interrupt. 0x00007ffff7ab6588 in ImageStream::getLine (this=0x649d80) at Stream.cc:518 518 for ( ; readChars < inputLineSize; readChars++) inputLine[readChars] = EOF; (gdb) print inputLineSize $1 = 260335296
Created attachment 108184 [details] 828-unfuzzed.pdf Attached unfuzzed file as per request.
I don't see how this is a bug.
Using poppler 0.58.0 and openjpeg 2.2 with following configure output. Building poppler with support for: font configuration: fontconfig splash output: yes cairo output: yes qt4 wrapper: no qt5 wrapper: yes glib wrapper: yes introspection: no cpp wrapper: yes use gtk-doc: no use libjpeg: yes use libpng: yes use libtiff: yes use zlib compress: yes use zlib uncompress: no use nss: no use libcurl: no use libopenjpeg: yes with openjpeg2 use cms: yes with lcms2 command line utils: yes I am unable to reproduce denial of service issues with this sample. As there hasn't been any recent comments from upstream I'm closing this case. I also tested with ASan build. This sample file was processed in ~40 minutes in my test system. I'm curious why there is old cases not properly handled in the issue tracker. Is the issue tracker somewhere else? Developers busy with other projects/life? It's a bit worrying, because poppler is so widely used.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.