Created attachment 134809 [details] poc of crash When I run pdftops with a specific pdf file, it shows #./utils/pdftops crash.pdf a ASAN:DEADLYSIGNAL ================================================================= ==5527==ERROR: AddressSanitizer: stack-overflow on address 0x7fff4ec5ef78 (pc 0x560dfe39a582 bp 0x7fff4ec5f0b0 sp 0x7fff4ec5ef60 T0) #0 0x560dfe39a581 in FoFiType1C::getOp(int, bool, bool*) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:2548 #1 0x560dfe386a07 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1215 #2 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592 #3 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592 #4 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592 #5 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592 #6 0x560dfe38d069 in FoFiType1C::cvtGlyph(int, int, GooString*, Type1CIndex*, Type1CPrivateDict*, bool) /root/Desktop/poppler-0.59.0/fofi/FoFiType1C.cc:1592 .... And here is the backtrace of gdb: (gdb) bt -18 #24935 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280, offset=15028, nBytes=4, charBuf=0x603000014650, subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=false) at FoFiType1C.cc:1592 #24936 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280, offset=15028, nBytes=4, charBuf=0x603000014650, subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=false) at FoFiType1C.cc:1592 #24937 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280, offset=10866, nBytes=6, charBuf=0x603000014650, subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=false) at FoFiType1C.cc:1592 #24938 0x000055555573c06a in FoFiType1C::cvtGlyph (this=0x61a00001f280, offset=392146, nBytes=6458, charBuf=0x603000014650, subrIdx=0x7fffffffcde0, pDict=0x61600000f080, top=true) at FoFiType1C.cc:1592 #24939 0x0000555555735678 in FoFiType1C::eexecCvtGlyph (this=0x61a00001f280, eb=0x7fffffffce20, glyphName=0x603000014680 "c36", offset=392146, nBytes=6458, subrIdx=0x7fffffffcde0, pDict=0x61600000f080) at FoFiType1C.cc:1178 #24940 0x0000555555734eab in FoFiType1C::convertToType0 (this=0x61a00001f280, psName=0x603000018bb0 "Arial", codeMap=0x0, nCodes=0, outputFunc=0x5555556cc8a8 <outputToFile(void*, char const*, int)>, outputStream=0x61600000f380) at FoFiType1C.cc:1109 #24941 0x000055555571d785 in FoFiTrueType::convertToType0 (this=0x60b00000af90, psName=0x603000018bb0 "Arial", cidMap=0x0, nCIDs=0, outputFunc=0x5555556cc8a8 <outputToFile(void*, char const*, int)>, outputStream=0x61600000f380) at FoFiTrueType.cc:856 #24942 0x00005555556db416 in PSOutputDev::setupEmbeddedOpenTypeCFFFont (this=0x61800000fc80, font=0x61200000bbc0, id=0x60400000b658, psName=0x603000018bb0) at PSOutputDev.cc:2758 #24943 0x00005555556d4655 in PSOutputDev::setupFont (this=0x61800000fc80, font=0x61200000bbc0, parentResDict=0x60700000d610) at PSOutputDev.cc:1963 #24944 0x00005555556d3ae7 in PSOutputDev::setupFonts (this=0x61800000fc80, resDict=0x60700000d610) at PSOutputDev.cc:1885 #24945 0x00005555556d3214 in PSOutputDev::setupResources (this=0x61800000fc80, resDict=0x60700000d610) at PSOutputDev.cc:1798 #24946 0x00005555556d246c in PSOutputDev::writeDocSetup (this=0x61800000fc80, doc=0x60f00000ef50, catalog=0x61300000de80, pages=std::vector of length 1, capacity 1 = {...}, duplexA=false) at PSOutputDev.cc:1696 #24947 0x00005555556d0078 in PSOutputDev::postInit (this=0x61800000fc80) at PSOutputDev.cc:1455 #24948 0x00005555556deff1 in PSOutputDev::checkPageSlice (this=0x61800000fc80, page=0x611000009c80, rotateA=0, useMediaBox=false, crop=true, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=true, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0) at PSOutputDev.cc:3246 #24949 0x0000555555888737 in Page::displaySlice (this=0x611000009c80, out=0x61800000fc80, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, crop=true, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=true, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at Page.cc:539 #24950 0x0000555555887e72 in Page::display (this=0x611000009c80, out=0x61800000fc80, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, crop=true, printing=true, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at Page.cc:483 #24951 0x0000555555684675 in PDFDoc::displayPage (this=0x60f00000ef50, out=0x61800000fc80, page=1, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, crop=true, printing=true, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at PDFDoc.cc:488 #24952 0x00005555556733ce in main (argc=3, argv=0x7fffffffe0e8) at pdftops.cc:423 We can see clearly that there is an infinite loop in FoFiType1C::cvtGlyph.
Can you please explain why you opened a new bug when there was another one with exactly the same information?
Fixed in master
Fixing commit is 60b4fe65bc9dc9b82bbadf0be2e3781be796a13d
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.