Bug 1302365
Summary: | pdflatex crashes with SIGABRT when trying to process corrupted file | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Marek Haicman <mhaicman> | ||||||
Component: | poppler | Assignee: | Marek Kašík <mkasik> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 6.8 | CC: | tpelka | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | poppler-0.12.4-11.el6 | Doc Type: | If docs needed, set a value | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2017-03-21 09:59:49 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1363705 | ||||||||
Attachments: |
|
Description
Marek Haicman
2016-01-27 15:51:06 UTC
Created attachment 1118825 [details]
simple tex file used for reproduction of bug
Created attachment 1118826 [details]
corrupted pdf trigger
it looks like a bug in poppler. (gdb) bt #0 0x000000349c2325e5 in raise () from /lib64/libc.so.6 #1 0x000000349c233dc5 in abort () from /lib64/libc.so.6 #2 0x000000000047bf98 in dictGetKey () at /usr/include/poppler/Object.h:307 #3 copyFontDict () at pdftoepdf.cc:320 #4 writeRefs () at pdftoepdf.cc:599 #5 write_epdf () at pdftoepdf.cc:958 #6 0x0000000000478026 in writeimage (img=0) at writeimg.c:350 #7 0x000000000044b8c6 in zpdfwriteimage (n=<value optimized out>) at pdftex2.c:303 #8 0x000000000044ec61 in zpdfshipout (p=463, shippingpage=1) at pdftex2.c:2775 #9 0x000000000046118e in maincontrol () at pdftex3.c:5368 #10 0x0000000000411e23 in mainbody () at pdftexini.c:5664 #11 0x0000000000464e0e in main (ac=<value optimized out>, av=<value optimized out>) at pdftexextra.c:349 following patch fixes the crash diff -Nur poppler-0.12.4/poppler/Parser.cc.than poppler-0.12.4/poppler/Parser.cc --- poppler-0.12.4/poppler/Parser.cc.than 2016-07-21 16:33:48.191383459 +0200 +++ poppler-0.12.4/poppler/Parser.cc 2016-07-21 16:33:56.982126084 +0200 @@ -180,7 +180,7 @@ } else { error(getPos(), "Bad 'Length' attribute in stream"); obj.free(); - return NULL; + length = 0; } // check for length in damaged file reassign to correct component Thank you for the patch. I'm setting devel_ack+ for this bug. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0637.html |