Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
P
poppler
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 613
    • Issues 613
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 39
    • Merge Requests 39
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • poppler
  • poppler
  • Issues
  • #654

Closed
Open
Opened Nov 01, 2018 by pwd@Daniel

memory leak at GfxState.cc:245

version

The latest stable release poppler-0.71.0.tar.xz, released on Oct 31, 2018

others

this bug is reported by pwd@360TeamSeri0us, please send email to teamSeri0us360@gmail.com if you have any questions.

Test Target

./pdftocairo poc -ps

debug info

In file: ~/poppler-0.71.0/poppler/GfxState.cc
   242 	  INTENT_RELATIVE_COLORIMETRIC,LCMS_FLAGS)) == nullptr) {
   243       error(errSyntaxWarning, -1, "Can't create Lab transform");
   244     } else {
   245       XYZ2DisplayTransform = new GfxColorTransform(transform, INTENT_RELATIVE_COLORIMETRIC, PT_XYZ, displayPixelType);
   246     }
 ► 247     cmsCloseProfile(XYZProfile);
   248   }
   249 }
   250 
   251 void GfxColorSpace::setDisplayProfileName(GooString *name) {
   252   displayProfileName = name->copy();
───────────────────────────────────────────────────────────[ BACKTRACE ]─────────────────────────────────────────────────────
 ► f 0     7ffff6dd1937 GfxColorSpace::setDisplayProfile(void*)+2119
   f 1           52838e main+16110
   f 2     7ffff52d6b97 __libc_start_main+231
pwndbg> p XYZ2DisplayTransform
$6 = (GfxColorTransform *) 0x60300000e470

// ...
// ...
// Before binary exit,

In file: ~/poppler-0.71.0/utils/pdftocairo.cc
   1281   cmsCloseProfile(profile);
   1282   if (icc_data)
   1283     gfree(icc_data);
   1284 #endif
   1285 
 ► 1286   return 0;
   1287 }

Breakpoint pdftocairo.cc:1286
pwndbg> p 0x60300000e470
$7 = 105759274755184
pwndbg> p XYZ2DisplayTransform
$8 = (GfxColorTransform *) 0x603000011740

ASAN report

=================================================================
==35865==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 512 byte(s) in 2 object(s) allocated from:
    #0 0x4e5690 in __interceptor_malloc /home/pwd/llvm_dev/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
    #1 0x7f928fe128ed  (/usr/lib/x86_64-linux-gnu/libfontconfig.so.1+0x1d8ed)

Direct leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x51dc40 in operator new(unsigned long) /home/pwd/llvm_dev/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:92
    #1 0x7f9291dfb863 in GfxColorSpace::setDisplayProfile(void*) /home/pwd/fuzz/fuzz-poppler/poppler-0.71.0/poppler/GfxState.cc:245:30
    #2 0x7f9290300b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 25384 byte(s) in 21 object(s) allocated from:
    #0 0x4e5690 in __interceptor_malloc /home/pwd/llvm_dev/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
    #1 0x7f929164b177  (/usr/lib/x86_64-linux-gnu/liblcms2.so.2+0xc177)

Indirect leak of 408 byte(s) in 3 object(s) allocated from:
    #0 0x4e5690 in __interceptor_malloc /home/pwd/llvm_dev/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
    #1 0x7f929164b177  (/usr/lib/x86_64-linux-gnu/liblcms2.so.2+0xc177)
    #2 0x100000000fff  (<unknown module>)

Indirect leak of 264 byte(s) in 1 object(s) allocated from:
    #0 0x4e5690 in __interceptor_malloc /home/pwd/llvm_dev/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
    #1 0x7f929164b177  (/usr/lib/x86_64-linux-gnu/liblcms2.so.2+0xc177)
    #2 0x40018  (<unknown module>)

Indirect leak of 224 byte(s) in 7 object(s) allocated from:
    #0 0x4e58b8 in calloc /home/pwd/llvm_dev/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:97
    #1 0x7f928fe12fd8  (/usr/lib/x86_64-linux-gnu/libfontconfig.so.1+0x1dfd8)

Indirect leak of 98 byte(s) in 6 object(s) allocated from:
    #0 0x441eb0 in __interceptor_strdup /home/pwd/llvm_dev/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:407
    #1 0x7f928fe122f4 in FcValueSave (/usr/lib/x86_64-linux-gnu/libfontconfig.so.1+0x1d2f4)

Indirect leak of 72 byte(s) in 1 object(s) allocated from:
    #0 0x4e5690 in __interceptor_malloc /home/pwd/llvm_dev/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
    #1 0x7f929164b139  (/usr/lib/x86_64-linux-gnu/liblcms2.so.2+0xc139)

SUMMARY: AddressSanitizer: 26986 byte(s) leaked in 42 allocation(s).

poc.tar.gz

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: poppler/poppler#654