Skip to content

GitLab

Closed
Created by bin24151@bin24151

Invalid Memory Access in ` Splash::pipeRun` which results in Segmentation Fault

  • Version: 20.12.1
  • Commit: e1f56258
  • How to reproduce: ./pdftops ./poc.pdf /dev/null

The backtrace is:

==79548==ERROR: AddressSanitizer: SEGV on unknown address 0x633f8001da68 (pc 0x00000071f9a6 bp 0x7ffea1e3ea60 sp 0x7ffea1e3e8c0 T0)
==79548==The signal is caused by a READ memory access.
  #0 0x71f9a5 in Splash::pipeRun(SplashPipe*) /src/poppler_latest/splash/Splash.cc:433:24
    #1 0x782e48 in Splash::drawSpan(SplashPipe*, int, int, int, bool) /src/poppler_latest/splash/Splash.cc:1339:13
    #2 0x743645 in Splash::fillWithPattern(SplashPath*, bool, SplashPattern*, double) /src/poppler_latest/splash/Splash.cc
    #3 0x6e71cf in SplashOutputDev::fill(GfxState*) /src/poppler_latest/poppler/SplashOutputDev.cc:2110:13
    #4 0x8d3907 in Gfx::opCloseFillStroke(Object*, int) /src/poppler_latest/poppler/Gfx.cc:1823:22
    #5 0x8f3866 in Gfx::execOp(Object*, Object*, int) /src/poppler_latest/poppler/Gfx.cc:802:5
    #6 0x8f1ec9 in Gfx::go(bool) /src/poppler_latest/poppler/Gfx.cc:679:13
    #7 0x8f1480 in Gfx::display(Object*, bool) /src/poppler_latest/poppler/Gfx.cc:640:5
    #8 0x916428 in Gfx::doShowText(GooString const*) /src/poppler_latest/poppler/Gfx.cc:3923:25
    #9 0x8d2468 in Gfx::opShowText(Object*, int) /src/poppler_latest/poppler/Gfx.cc:3709:5
    #10 0x8f3866 in Gfx::execOp(Object*, Object*, int) /src/poppler_latest/poppler/Gfx.cc:802:5
    #11 0x8f1ec9 in Gfx::go(bool) /src/poppler_latest/poppler/Gfx.cc:679:13
    #12 0x8f1480 in Gfx::display(Object*, bool) /src/poppler_latest/poppler/Gfx.cc:640:5
    #13 0xa7dc5f in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /src/poppler_latest/poppler/Page.cc:576:14
    #14 0x669e81 in PSOutputDev::checkPageSlice(Page*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*) /src/poppler_latest/poppler/PSOutputDev.cc:3252:15
    #15 0xa7d958 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /src/poppler_latest/poppler/Page.cc:562:15
    #16 0xa7d7de in Page::display(OutputDev*, double, double, int, bool, bool, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /src/poppler_latest/poppler/Page.cc:521:5
    #17 0x54b920 in PDFDoc::displayPage(OutputDev*, int, double, double, int, bool, bool, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /src/poppler_latest/poppler/PDFDoc.cc:639:24
    #18 0x5219bc in main /src/poppler_latest/utils/pdftops.cc:515:18
    #19 0x7fc888708bf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
    #20 0x420439 in _start (/src/executable/pdftops_latest+0x420439)

poc

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information