First Last Prev Next    This bug is not in your last search results.
Bug 1302365 - pdflatex crashes with SIGABRT when trying to process corrupted file
pdflatex crashes with SIGABRT when trying to process corrupted file
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: poppler (Show other bugs)
6.8
Unspecified Unspecified
unspecified Severity medium
: rc
: ---
Assigned To: Marek Kašík
Desktop QE
:
Depends On:
Blocks: 1363705
  Show dependency treegraph
 
Reported: 2016-01-27 10:51 EST by Marek Haicman
Modified: 2017-03-21 05:59 EDT (History)
1 user (show)

See Also:
Fixed In Version: poppler-0.12.4-11.el6
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-03-21 05:59:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
simple tex file used for reproduction of bug (124 bytes, text/plain)
2016-01-27 10:52 EST, Marek Haicman 		no flags Details
corrupted pdf trigger (236.03 KB, application/pdf)
2016-01-27 10:52 EST, Marek Haicman 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
FreeDesktop.org 25756 None None None 2016-08-04 08:02 EDT

  None (edit)
Description Marek Haicman 2016-01-27 10:51:06 EST 
Description of problem:
When pdflatex is fed with corrupted input, it crashes and coredumps (SIGABRT, exitcode 134)


Version-Release number of selected component (if applicable):
texlive-2007-60.el6_7

How reproducible:
reliably

Steps to Reproduce:
1. put reproducer and pdf file in directory
2. pdflatex reproducer.tex
3. observe dump

Actual results:
coredump

Expected results:
graceful failure

Additional info:
Comment 1 Marek Haicman 2016-01-27 10:52 EST 
Created attachment 1118825 [details]
simple tex file used for reproduction of bug
Comment 2 Marek Haicman 2016-01-27 10:52 EST 
Created attachment 1118826 [details]
corrupted pdf trigger
Comment 3 Ngo Than 2016-07-21 10:38:10 EDT 
it looks like a bug in poppler.

(gdb) bt
#0  0x000000349c2325e5 in raise () from /lib64/libc.so.6
#1  0x000000349c233dc5 in abort () from /lib64/libc.so.6
#2  0x000000000047bf98 in dictGetKey () at /usr/include/poppler/Object.h:307
#3  copyFontDict () at pdftoepdf.cc:320
#4  writeRefs () at pdftoepdf.cc:599
#5  write_epdf () at pdftoepdf.cc:958
#6  0x0000000000478026 in writeimage (img=0) at writeimg.c:350
#7  0x000000000044b8c6 in zpdfwriteimage (n=<value optimized out>) at pdftex2.c:303
#8  0x000000000044ec61 in zpdfshipout (p=463, shippingpage=1) at pdftex2.c:2775
#9  0x000000000046118e in maincontrol () at pdftex3.c:5368
#10 0x0000000000411e23 in mainbody () at pdftexini.c:5664
#11 0x0000000000464e0e in main (ac=<value optimized out>, av=<value optimized out>) at pdftexextra.c:349

following patch fixes the crash

diff -Nur poppler-0.12.4/poppler/Parser.cc.than poppler-0.12.4/poppler/Parser.cc
--- poppler-0.12.4/poppler/Parser.cc.than      2016-07-21 16:33:48.191383459 +0200
+++ poppler-0.12.4/poppler/Parser.cc   2016-07-21 16:33:56.982126084 +0200
@@ -180,7 +180,7 @@
   } else {
     error(getPos(), "Bad 'Length' attribute in stream");
     obj.free();
-    return NULL;
+    length = 0;
   }
 
   // check for length in damaged file


reassign to correct component
Comment 4 Marek Kašík 2016-08-04 08:02:21 EDT 
Thank you for the patch. I'm setting devel_ack+ for this bug.
Comment 9 errata-xmlrpc 2017-03-21 05:59:49 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0637.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.