Bug 85281 - [pdfimages] Segfault in GfxState.cc:2928
Summary: [pdfimages] Segfault in GfxState.cc:2928
Status: RESOLVED FIXED
Alias: None
Product: poppler
Classification: Unclassified
Component: utils (show other bugs)
Version: unspecified
Hardware: All All
: medium normal
Assignee: poppler-bugs
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-21 08:48 UTC by MH
Modified: 2015-01-09 14:50 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
segfault-GfxState.cc:2928.pdf (59.28 KB, text/plain)
2014-10-21 08:48 UTC, MH 		Details
283-unfuzzed.pdf (59.33 KB, text/plain)
2014-10-21 13:39 UTC, MH 		Details
View All

Description MH 2014-10-21 08:48:00 UTC 
Created attachment 108164 [details]
segfault-GfxState.cc:2928.pdf

OS: Fedora 20 (running in virtualbox)
Dependencies installed with: yum-builddep poppler
Version: GIT Master
Command line for loop demonstration: master/utils/pdfimages <attached.pdf> /dev/null

#############################################################################
GDB output:

Reading symbols from /home/foobar/poppler/utils/.libs/lt-pdfimages...done.
Starting program: /home/foobar/poppler/utils/.libs/lt-pdfimages 283-pdfimagesfuzz-2.pdf /dev/null

Syntax Error: Couldn't find trailer dictionary
Syntax Error (9696): Dictionary key must be a name object
Syntax Error (9700): Dictionary key must be a name object
Syntax Error (9700): Dictionary key must be a name object
Syntax Error (9708): Dictionary key must be a name object
Syntax Warning: Couldn't link the profiles
Syntax Warning: Can't create transform
Syntax Warning: Couldn't link the profiles
Syntax Warning: Can't create transform
Syntax Warning: Couldn't link the profiles
Syntax Warning: Can't create transform
Syntax Warning: Couldn't link the profiles
Syntax Warning: Can't create transform
Syntax Error: Function's C0 array is wrong length

Program received signal SIGSEGV, Segmentation fault.
GfxDeviceNColorSpace::copy (this=0x66e5a0) at GfxState.cc:2928
2928        sepsCSA->append(((GfxSeparationColorSpace *) sepsCS->get(i))->copy());
Comment 1 MH 2014-10-21 13:39:48 UTC 
Created attachment 108173 [details]
283-unfuzzed.pdf

Attached unfuzzed file as per request
Comment 2 Albert Astals Cid 2015-01-08 18:52:11 UTC 
Thanks, fixed.
Comment 3 Vadim Rutkovsky 2015-01-09 14:07:06 UTC 
Fails to build here:

../../poppler/GfxState.cc: In member function 'virtual GfxColorSpace* GfxDeviceNColorSpace::copy()':
../../goo/GooLikely.h:15:48: error: invalid conversion from 'GfxSeparationColorSpace*' to 'long int' [-fpermissive]
 # define likely(x)      __builtin_expect((x), 1)
                                                ^
../../poppler/GfxState.cc:3053:9: note: in expansion of macro 'likely'
     if (likely(scs)) {
         ^
Comment 4 Albert Astals Cid 2015-01-09 14:50:28 UTC 
Weird, no idea how it compiled for me in the other folder :S

Fixed

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.