91344 – Crash: Internal Error (0): Call to Object where the object was type 7, not the expected type 9

Bug 91344 - Crash: Internal Error (0): Call to Object where the object was type 7, not the expected type 9

Summary: Crash: Internal Error (0): Call to Object where the object was type 7, not th...

Status:	RESOLVED FIXED

Alias:	None

Product:	poppler
Classification:	Unclassified
Component:	pdftohtml (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	poppler-bugs
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-07-15 04:34 UTC by LE GARREC Vincent
Modified:	2015-07-15 21:59 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments
crash.pdf (818 bytes, text/plain) 2015-07-15 04:34 UTC, LE GARREC Vincent	Details
View All

Description LE GARREC Vincent 2015-07-15 04:34:55 UTC

Created attachment 117131 [details]
crash.pdf

Dear,

I was playing with AFL (American Fuzzy Lop) and after some time, it found a testcase where pdftohtml crashes.

Syntax Error: End of file inside dictionary
Syntax Error: End of file inside dictionary
Syntax Error: Pages top-level is a single Page. The document is mal-formet, trying to recover...
Internal Error (0): Call to Object where the object was type 7, not the expected type 9
Abandon (core dumped)
Program received signal SIGABRT, Aborted.
#0  0x00007ffff6efad9b in __GI_raise (sig=sig@entry=6)
    at ../sysdeps/unix/sysv/linux/raise.c:55
#1  0x00007ffff6efc261 in __GI_abort () at abort.c:89
#2  0x00007ffff76f3fce in getRef (this=<optimized out>, this=<optimized out>)
    at /home/legarrec/info/programmation/tmp/afl/poppler/poppler/Object.h:211
#3  Catalog::getNumPages (this=0x6714f0)
    at /home/legarrec/info/programmation/tmp/afl/poppler/poppler/Catalog.cc:831
#4  0x00007ffff78f6296 in PDFDoc::getNumPages (this=this@entry=0x670e10)
    at /home/legarrec/info/programmation/tmp/afl/poppler/poppler/PDFDoc.cc:1878
#5  0x000000000040a680 in main (argc=2, argv=<optimized out>)
    at /home/legarrec/info/programmation/tmp/afl/poppler/utils/pdftohtml.cc:329

I worked with poppler from git.

I also find a testcase where a 863 bytes file run into infinity loop. Should I also send another bug report ?
Regards,

Comment 1 Albert Astals Cid 2015-07-15 11:08:51 UTC

> I also find a testcase where a 863 bytes file run into infinity loop. Should I also send another bug report ?

Yes

Comment 2 Albert Astals Cid 2015-07-15 21:59:35 UTC

Fixed, thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.