Bug 85273 - [pdftoppm] Eternal loop writes infinite data to stderr
Summary: [pdftoppm] Eternal loop writes infinite data to stderr
Status: RESOLVED NOTABUG
Alias: None
Product: poppler
Classification: Unclassified
Component: utils (show other bugs)
Version: unspecified
Hardware: All All
: medium minor
Assignee: poppler-bugs
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-21 06:32 UTC by MH
Modified: 2017-09-04 06:58 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:

Attachments
pdftoppm-eternalloop-stderr.pdf (83.35 KB, application/pdf)
2014-10-21 06:32 UTC, MH 		Details
Unfuzzed file (83.33 KB, application/pdf)
2014-10-21 12:08 UTC, MH 		Details
View All

Description MH 2014-10-21 06:32:56 UTC 
Created attachment 108147 [details]
pdftoppm-eternalloop-stderr.pdf

OS: Fedora 20 (running in virtualbox)
Dependencies installed with: yum-builddep poppler
Version: GIT Master
Command line for loop demonstration: master/utils/pdftoppm <attached.pdf> /dev/null

#############################################################################
GDB output:

Starting program: /home/foobar/poppler/utils/.libs/lt-pdftoppm eternalloop-stderr-909-pdftoppmfuzz-3.pdf /dev/null

Syntax Error: XObject 'x257' is wrong typeSyntax Error (59739): Bad 'Length' attribute in stream
Syntax Error (59826): Unknown operator '<16>33'
Syntax Error (59826): Too few (1) args to 'l' operator
Syntax Error (60476): Bad 'Length' attribute in stream
Syntax Error (60512): Unknown operator 'x<9c>+<e4>2P'
Syntax Error: Unterminated string

<<<
Syntax Error: Unknown operator '<c1>'
Syntax Error: Unknown operator 'w<05><fd>D<03><85><f4>b.<03>=<0b><85>r<a0><a8><17><10>gqE<c7>*<18><e8><19>'
Syntax Error: Leftover args in content stream
Syntax Error (60476): Bad 'Length' attribute in stream
Syntax Error (60512): Unknown operator 'x<9c>+<e4>2P'
Syntax Error: Unterminated string
>>> <-- repeats infinitely
Comment 1 Adrian Johnson 2014-10-21 11:01:16 UTC 
It would help if you tells us exactly what has been fuzzed in the pdf. If I have to spend more than 15 minutes trying to figure out the cause I will give up and find something more interesting to work on.
Comment 2 MH 2014-10-21 11:40:44 UTC 
I have no idea, I just run it through a mutational fuzzer and wait for a crash. Besides, if you mutate hard enough it becomes almost impossible to figure out what the parser interprets the mutation as anyway, or if the problem is in the parser or later. I try to minimize the file size with the bug, but honestly I don't even have any way of analyzing a PDF's contents anyway.

What do you use to get detailed information out of a PDF?
Comment 3 Adrian Johnson 2014-10-21 11:50:33 UTC 
(In reply to MH from comment #2)
> but honestly I don't even have any way of analyzing a PDF's contents
> anyway.

If you attach the original I can figure out what changed,
 
> What do you use to get detailed information out of a PDF?

A text editor and a copy of the PDF Reference.
Comment 4 MH 2014-10-21 12:08:55 UTC 
Created attachment 108166 [details]
Unfuzzed file

Ah! Of course! Do you want unfuzzed files to the other reports as well?

3767c3767
< << /Length 318 0 R
---
> << �/Length 318 0 R

Guessing it's this one, unknown operator etc.
Comment 5 Adrian Johnson 2014-10-21 12:17:01 UTC 
(In reply to MH from comment #4)
> Do you want unfuzzed files to the other reports as well?

Yes
Comment 6 MH 2014-10-21 13:50:15 UTC 
Done. Also changed a lot of MIME types to application/pdf, didn't even notice that was a thing, whoops :)
Comment 7 Albert Astals Cid 2016-10-09 20:57:11 UTC 
Honestly i don't think it's eternal at all, it's just that there's a veeeeeeeeeeeeeeery big pattern fill (with 28954318 steps) and patterns are slow to draw, but if you give it enough time, i'm almost sure it'll finish.
Comment 8 Henri Salo 2017-09-04 06:58:11 UTC 
File processed without issues in real 317m49.546s user 244m13.872s.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.