Bug 91353 - Infinity loop : Syntax Error (XXX): Illegal character <XX> in hex string
Summary: Infinity loop : Syntax Error (XXX): Illegal character <XX> in hex string
Status: RESOLVED FIXED
Alias: None
Product: poppler
Classification: Unclassified
Component: pdftohtml (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: poppler-bugs
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-15 19:09 UTC by LE GARREC Vincent
Modified: 2015-09-24 22:05 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
poppler-hangs.pdf (863 bytes, text/plain)
2015-07-15 19:09 UTC, LE GARREC Vincent 		Details
View All

Description LE GARREC Vincent 2015-07-15 19:09:51 UTC 
Created attachment 117146 [details]
poppler-hangs.pdf

Please find enclose a PDF found by fuzzing that make pdftohtml run into an infinity loop.

When I terminate it, the stack is always the same :
#0  0x00007ffff737a090 in __write_nocancel ()
    at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffff730e3b5 in _IO_new_file_write (
    f=0x7ffff7634700 <_IO_2_1_stderr_>, data=0x7fffffffa470, n=57)
    at fileops.c:1302
#2  0x00007ffff730d9fc in new_do_write (
    fp=fp@entry=0x7ffff7634700 <_IO_2_1_stderr_>, 
    data=data@entry=0x7fffffffa470 "Syntax Error (291): Illegal character <69> in hex string\n\331\060\367\377\177", to_do=to_do@entry=57) at fileops.c:537
#3  0x00007ffff730ea46 in _IO_new_file_xsputn (
    f=0x7ffff7634700 <_IO_2_1_stderr_>, data=<optimized out>, n=57)
    at fileops.c:1384
#4  0x00007ffff72e3770 in buffered_vfprintf (
    s=0x7ffff7634700 <_IO_2_1_stderr_>, format=<optimized out>, 
    args=<optimized out>) at vfprintf.c:2369
#5  0x00007ffff72de115 in _IO_vfprintf_internal (
    s=s@entry=0x7ffff7634700 <_IO_2_1_stderr_>, 
    format=0x7ffff7b2230a "%s (%lld): %s\n", ap=ap@entry=0x7fffffffca88)
    at vfprintf.c:1296
#6  0x00007ffff7395b1c in ___fprintf_chk (
    fp=0x7ffff7634700 <_IO_2_1_stderr_>, flag=1, format=<optimized out>)
    at fprintf_chk.c:35
#7  0x00007ffff7a44e0d in fprintf (__fmt=0x7ffff7b2230a "%s (%lld): %s\n", 
    __stream=<optimized out>) at /usr/include/bits/stdio2.h:98
#8  error (category=category@entry=errSyntaxError, pos=291, 
    msg=msg@entry=0x7ffff7b32a40 "Illegal character <{0:02x}> in hex string")
    at /home/legarrec/info/programmation/tmp/poppler/poppler/Error.cc:89
#9  0x00007ffff7a9f6af in Lexer::getObj (this=0x64b740, 
    obj=obj@entry=0x64c878, objNum=objNum@entry=-1)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/Lexer.cc:506
#10 0x00007ffff7aaa0a5 in Parser::shift (this=this@entry=0x64c850, 
    objNum=objNum@entry=-1)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/Parser.cc:300
#11 0x00007ffff7aaa9e0 in Parser::getObj (this=this@entry=0x64c850, 
    obj=obj@entry=0x7fffffffceb0, simpleOnly=simpleOnly@entry=false, 
    fileKey=0x0, encAlgorithm=cryptRC4, keyLength=1146103040, objNum=5, 
    objGen=0, recursion=0, strict=false)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/Parser.cc:111
#12 0x00007ffff7ac49b9 in XRef::fetch (this=0x64b040, num=5, 
    gen=<optimized out>, obj=0x7fffffffceb0, recursion=0)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/XRef.cc:1199
#13 0x00007ffff7aa41c5 in Object::fetch (this=<optimized out>, 
    xref=<optimized out>, obj=<optimized out>, recursion=<optimized out>)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/Object.cc:122
#14 0x00007ffff7a350b9 in Array::get (this=<optimized out>, i=i@entry=0, 
    obj=obj@entry=0x7fffffffceb0, recursion=recursion@entry=0)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/Array.cc:125
#15 0x00007ffff7a39652 in arrayGet (recursion=0, this=0x7fffffffce90, 
    this=0x7fffffffce90, obj=0x7fffffffceb0, i=0)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/Object.h:293
#16 Catalog::cachePageTree (this=this@entry=0x64b130, page=page@entry=3715)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/Catalog.cc:385
#17 0x00007ffff7a39f0a in Catalog::getPage (this=0x64b130, i=i@entry=3715)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/Catalog.cc:239
#18 0x00007ffff7ab0850 in PDFDoc::getPage (this=this@entry=0x64adb0, 
    page=page@entry=3715)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/PDFDoc.cc:1938
#19 0x00007ffff7ab0922 in PDFDoc::displayPage (this=this@entry=0x64adb0, 
    out=out@entry=0x64bc40, page=page@entry=3715, hDPI=hDPI@entry=108, 
    vDPI=vDPI@entry=108, rotate=rotate@entry=0, 
    useMediaBox=useMediaBox@entry=true, crop=crop@entry=false, 
    printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, 
    annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/PDFDoc.cc:466
#20 0x00007ffff7ab0a89 in PDFDoc::displayPages (this=this@entry=0x64adb0, 
    out=out@entry=0x64bc40, firstPage=<optimized out>, lastPage=14600000, 
    hDPI=108, vDPI=108, rotate=rotate@entry=0, 
    useMediaBox=useMediaBox@entry=true, crop=false, printing=false, 
    abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, 
    annotDisplayDecideCbkData=0x0)
    at /home/legarrec/info/programmation/tmp/poppler/poppler/PDFDoc.cc:486
#21 0x0000000000409974 in main (argc=2, argv=<optimized out>)
    at /home/legarrec/info/programmation/tmp/poppler/utils/pdftohtml.cc:392
Comment 1 Albert Astals Cid 2015-09-24 22:05:57 UTC 
"Error: Page count (14600000) larger than number of objects (256)" 
is what new popple says

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.