Bug 99357 - Fix segfault/assert if LinkDestination is constructed with invalid input string
Summary: Fix segfault/assert if LinkDestination is constructed with invalid input string
Status: RESOLVED FIXED
Alias: None
Product: poppler
Classification: Unclassified
Component: qt frontend (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: poppler-bugs
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-11 09:03 UTC by Christoph Cullmann
Modified: 2017-01-13 06:14 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
Patch to fix it (982 bytes, patch)
2017-01-11 09:03 UTC, Christoph Cullmann 		Details | Splinter Review
View All

Description Christoph Cullmann 2017-01-11 09:03:25 UTC 
Created attachment 128883 [details] [review]
Patch to fix it

Fix segfault/assert if LinkDestination is constructed with invalid input string.

.at(...) will fail if we have not enough components, fix: create invalid default destination if not enough elements there.
Comment 1 Albert Astals Cid 2017-01-11 22:22:19 UTC 
Are you feeding a string directly to this?
Comment 2 Christoph Cullmann 2017-01-12 06:01:01 UTC 
In my case yes, but in any case invalid data should not crash it, or?
Comment 3 Albert Astals Cid 2017-01-12 22:14:22 UTC 
You're not supposed to do that, it's marked internal for a reason, actually it should be private with friend access. Why are you feeding strings directly to it?
Comment 4 Christoph Cullmann 2017-01-12 22:36:57 UTC 
I do that e.g. to handle table of contents, just like okular does it in generator_pdf.cpp, too:

     if (!e.attribute(QStringLiteral("Destination")).isNull())
        {
            Okular::DocumentViewport vp;
            fillViewportFromLinkDestination( vp, Poppler::LinkDestination(e.attribute(QStringLiteral("Destination"))) );
            item.setAttribute( QStringLiteral("Viewport"), vp.toString() );
        }

=> if you have any broken entry there, that will segfault, which IMHO is not nice.

Now you can argue that the toc QDomDocument should contain only wellformed things, still I see no real point in not avoiding the doom in the constructor as that check is really cheap.
Comment 5 Christoph Cullmann 2017-01-12 22:38:09 UTC 
Actually my code is here:

https://github.com/AbsInt/FirstAid/blob/master/src/tocdock.cpp
Comment 6 Albert Astals Cid 2017-01-12 22:45:48 UTC 
it only contains nice things because it's created by poppler-qt itself so yes, it's only nice things.
Comment 7 Albert Astals Cid 2017-01-12 22:46:47 UTC 
If you're going to care about people passing stupidly wrong strings to that function, at least add a warning saying "your string is wrong you fool" and don't silently fail.
Comment 8 Christoph Cullmann 2017-01-12 22:52:02 UTC 
It doesn't fail, you will just get a default constructed invalid destination which you can nicely check afterwards e.g. for page not > 0.

It is just the same as if you pass any other garbage string that has enough separators, there you get ATM silently converted garbage values, but no segfault.
Comment 9 Albert Astals Cid 2017-01-12 23:04:16 UTC 
Applied, evne if your patch didn't properly apply because the tabs/spaces were messed up
Comment 10 Christoph Cullmann 2017-01-13 06:14:59 UTC 
Thanks

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.