85275 – [pdftops] Segfault in Splash.cc:5825

Bug 85275 - [pdftops] Segfault in Splash.cc:5825

Summary: [pdftops] Segfault in Splash.cc:5825

Status:	RESOLVED FIXED

Alias:	None

Product:	poppler
Classification:	Unclassified
Component:	utils (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	medium normal
Assignee:	poppler-bugs
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-10-21 06:37 UTC by MH
Modified:	2015-02-07 20:55 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
segfault-Splash.cc:5825.pdf (4.50 KB, application/pdf) 2014-10-21 06:37 UTC, MH	Details
868-unfuzzed.pdf (4.25 KB, application/pdf) 2014-10-21 13:48 UTC, MH	Details
View All

Description MH 2014-10-21 06:37:50 UTC

Created attachment 108149 [details]
segfault-Splash.cc:5825.pdf

OS: Fedora 20 (running in virtualbox)
Dependencies installed with: yum-builddep poppler
Version: GIT Master
Command line for loop demonstration: master/utils/pdftops <attached.pdf> /dev/null

#############################################################################
GDB output:

Starting program: /home/foobar/poppler/utils/.libs/lt-pdftops segfault-splash.cc-5825-868-pdftopsfuzz-15.pdf /dev/null

Syntax Error (1432): ExtGState 'GS0' is wrong type
Bogus memory allocation size

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7b109ab in Splash::blitTransparent (this=0x6528f0, src=0x6487b0, xSrc=xSrc@entry=0, ySrc=ySrc@entry=470, xDest=xDest@entry=0, yDest=yDest@entry=0,
    w=w@entry=1320, h=h@entry=2147483179) at Splash.cc:5825
5825            *p++ = *sp++;

Comment 1 MH 2014-10-21 13:48:35 UTC

Created attachment 108186 [details]
868-unfuzzed.pdf

Attached unfuzzed file as per request.

Comment 2 Albert Astals Cid 2015-02-07 20:55:15 UTC

Fix pushed.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.