| Summary: |
infinite loop in FoFiType1C::cvtGlyph in FoFiType1C.cc, poppler 0.59.0(REOPEN) |
| Product: |
poppler
|
Reporter: |
junchao luan <luanjunchao> |
| Component: |
utils | Assignee: |
poppler-bugs <poppler-bugs> |
| Status: |
RESOLVED
FIXED
|
QA Contact: |
|
| Severity: |
normal
|
|
|
| Priority: |
medium
|
|
|
| Version: |
unspecified | |
|
| Hardware: |
Other | |
|
| OS: |
All | |
|
| Whiteboard: |
|
|
i915 platform:
|
|
i915 features:
|
|
|---|
| Attachments: |
poc of crash
|
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 134809 [details] poc of crash When I run pdftops with a specific pdf file, it shows #./utils/pdftops crash.pdf a ASAN:DEADLYSIGNAL ================================================================= ==5527==ERROR: AddressSanitizer: stack-overflow on address 0x7fff4ec5ef78 (pc 0x560dfe39a582 bp 0x7fff4ec5f0b0 sp 0x7fff4ec5ef60 T0) #0 0x560dfe39a581 in FoFiType1C::getOp(int, bool, bool*) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:2548 #1 0x560dfe386a07 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1215 #2 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592 #3 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592 #4 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592 #5 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592 #6 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592 .... And here is the backtrace of gdb: (gdb) bt -18 #24935 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280, offset=15028, nBytes=4, charBuf=0x603000014650, subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=false) at FoFiType1C.cc:1592 #24936 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280, offset=15028, nBytes=4, charBuf=0x603000014650, subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=false) at FoFiType1C.cc:1592 #24937 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280, offset=10866, nBytes=6, charBuf=0x603000014650, subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=false) at FoFiType1C.cc:1592 #24938 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280, offset=392146, nBytes=6458, charBuf=0x603000014650, subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=true) at FoFiType1C.cc:1592 #24939 0x0000555555735678 in FoFiType1C::eexecCvtGlyph (this=0x61a00001f280, eb=0x7fffffffce20, glyphName=0x603000014680 "c36", offset=392146, nBytes=6458, subrIdx=0x7fffffffcde0, pDict=0x61600000f080) at FoFiType1C.cc:1178 #24940 0x0000555555734eab in FoFiType1C::convertToType0 (this=0x61a00001f280, psName=0x603000018bb0 "Arial", codeMap=0x0, nCodes=0, outputFunc=0x5555556cc8a8 <outputToFile(void*, char const*, int)>, outputStream=0x61600000f380) at FoFiType1C.cc:1109 #24941 0x000055555571d785 in FoFiTrueType::convertToType0 (this=0x60b00000af90, psName=0x603000018bb0 "Arial", cidMap=0x0, nCIDs=0, outputFunc=0x5555556cc8a8 <outputToFile(void*, char const*, int)>, outputStream=0x61600000f380) at FoFiTrueType.cc:856 #24942 0x00005555556db416 in PSOutputDev::setupEmbeddedOpenTypeCFFFont (this=0x61800000fc80, font=0x61200000bbc0, id=0x60400000b658, psName=0x603000018bb0) at PSOutputDev.cc:2758 #24943 0x00005555556d4655 in PSOutputDev::setupFont (this=0x61800000fc80, font=0x61200000bbc0, parentResDict=0x60700000d610) at PSOutputDev.cc:1963 #24944 0x00005555556d3ae7 in PSOutputDev::setupFonts (this=0x61800000fc80, resDict=0x60700000d610) at PSOutputDev.cc:1885 #24945 0x00005555556d3214 in PSOutputDev::setupResources (this=0x61800000fc80, resDict=0x60700000d610) at PSOutputDev.cc:1798 #24946 0x00005555556d246c in PSOutputDev::writeDocSetup (this=0x61800000fc80, doc=0x60f00000ef50, catalog=0x61300000de80, pages=std::vector of length 1, capacity 1 = {...}, duplexA=false) at PSOutputDev.cc:1696 #24947 0x00005555556d0078 in PSOutputDev::postInit (this=0x61800000fc80) at PSOutputDev.cc:1455 #24948 0x00005555556deff1 in PSOutputDev::checkPageSlice (this=0x61800000fc80, page=0x611000009c80, rotateA=0, useMediaBox=false, crop=true, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=true, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0) at PSOutputDev.cc:3246 #24949 0x0000555555888737 in Page::displaySlice (this=0x611000009c80, out=0x61800000fc80, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, crop=true, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=true, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at Page.cc:539 #24950 0x0000555555887e72 in Page::display (this=0x611000009c80, out=0x61800000fc80, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, crop=true, printing=true, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at Page.cc:483 #24951 0x0000555555684675 in PDFDoc::displayPage (this=0x60f00000ef50, out=0x61800000fc80, page=1, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, crop=true, printing=true, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at PDFDoc.cc:488 #24952 0x00005555556733ce in main (argc=3, argv=0x7fffffffe0e8) at pdftops.cc:423 We can see clearly that there is an infinite loop in FoFiType1C::cvtGlyph.