poppler-0.44.0: infinity loop: Syntax Error (448): Dictionary key must be a name object / Bad 'Length' attribute in stream
Submitted by LE GARREC Vincent
Assigned to poppler-bugs
Description
Dear, Now that all crashes found by afl are solved (thanks :)), there's lots of pdf that run into infinity (?) loop.
The infinity loop comes after that the recursion of Parser::makeStream have the number 500.
output: … Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (448): Dictionary key must be a name object Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (448): Dictionary key must be a name object Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Filter' attribute in stream Syntax Error (482): Bad 'Length' attribute in stream Syntax Error (448): Dictionary key must be a name object …
gdb output:
#0 0x00007ffff7a1f930 in __afl_maybe_log () from /home/legarrec/info/programmation/tmp/poppler-0.44.0/poppler/.libs/libpoppler.so.61
#1 0x00007ffff7a16162 in GooString::append (this=0x74d980, c=108 'l') at GooString.cc:275
#2 0x000000000000006c in ?? ()
#3 0x0000000000000002 in ?? ()
#4 0x000000000074d980 in ?? ()
#5 0x000000000074d980 in ?? ()
#6 0x00007ffffffbcce0 in ?? ()
#7 0x00007ffff7a15e2e in memcpy (__len=7, __src=0x7ffff7da9e20 <vtable for FileStream+16>, __dest=<optimized out>) at /usr/include/bits/string3.h:53
#8 GooString::append (this=0x1e2, this@entry=0x74d980, str=0x7ffff7da9e20 <vtable for FileStream+16> "\300\207\214\367\377\177", str@entry=0x7ffffffbcb7c "i", lengthA=7, lengthA@entry=1) at GooString.cc:288
#9 0x00007ffff7a16190 in GooString::append (this=this@entry=0x74d980, c=105 'i') at GooString.cc:276
#10 0x00007ffff76f4967 in error (category=category@entry=errSyntaxError, pos=482, msg=msg@entry=0x7ffff7b2fd98 "Bad 'Filter' attribute in stream") at Error.cc:80
#11 0x00007ffff78e9f69 in Stream::addFilters (this=this@entry=0x74e1e0, dict=dict@entry=0x7ffffffbcf80, recursion=recursion@entry=499) at Stream.cc:207
#12 0x00007ffff789dbbe in Parser::makeStream (this=this@entry=0x74df10, dict=dict@entry=0x7ffffffbcf80, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=objNum@entry=6, objGen=0, recursion=499, strict=false) at Parser.cc:277
#13 0x00007ffff789e8cc in Parser::getObj (this=this@entry=0x74df10, obj=obj@entry=0x7ffffffbcf80, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=6, objGen=0, recursion=498, strict=false) at Parser.cc:131
#14 0x00007ffff7936bb1 in XRef::fetch (this=0x678140, num=<optimized out>, gen=<optimized out>, obj=0x7ffffffbcf80, obj@entry=0x6, recursion=recursion@entry=498) at XRef.cc:1210
#15 0x00007ffff7887344 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x6, recursion=recursion@entry=498) at Object.cc:122
#16 0x00007ffff76f0ccd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b2ff67 "F", obj=0x6, obj@entry=0x7ffffffbcf80, recursion=recursion@entry=498) at Dict.cc:261
#17 0x00007ffff78ea34d in Object::dictLookup (this=0x7ffffffbd250, this=0x7ffffffbd250, recursion=498, obj=0x7ffffffbcf80, key=0x7ffff7b2ff67 "F") at Object.h:330
#18 Stream::addFilters (this=this@entry=0x74da30, dict=dict@entry=0x7ffffffbd250, recursion=recursion@entry=498) at Stream.cc:181
#19 0x00007ffff789dbbe in Parser::makeStream (this=this@entry=0x74d700, dict=dict@entry=0x7ffffffbd250, fileKey=fileKey@entry=0x0, encAlgorithm=encAlgorithm@entry=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=objNum@entry=6, objGen=0, recursion=498, strict=false) at Parser.cc:277
#20 0x00007ffff789e8cc in Parser::getObj (this=this@entry=0x74d700, obj=obj@entry=0x7ffffffbd250, simpleOnly=simpleOnly@entry=false, fileKey=0x0, encAlgorithm=(cryptAES256 | unknown: 774974788), keyLength=keyLength@entry=-1020982732, objNum=6, objGen=0, recursion=497, strict=false) at Parser.cc:131
#21 0x00007ffff7936bb1 in XRef::fetch (this=0x678140, num=<optimized out>, gen=<optimized out>, obj=0x7ffffffbd250, obj@entry=0x6, recursion=recursion@entry=497) at XRef.cc:1210
#22 0x00007ffff7887344 in Object::fetch (this=<optimized out>, xref=<optimized out>, obj=obj@entry=0x6, recursion=recursion@entry=497) at Object.cc:122
#23 0x00007ffff76f0ccd in Dict::lookup (this=<optimized out>, key=key@entry=0x7ffff7b15f2d "Length", obj=0x6, obj@entry=0x7ffffffbd250, recursion=recursion@entry=497) at Dict.cc:261
#24 0x00007ffff789d427 in Object::dictLookup (key=0x7ffff7b15f2d "Length", this=0x7ffffffbd450, this=0x7ffffffbd450, recursion=497, obj=0x7ffffffbd250) at Object.h:330