Skip to content

GitLab

Closed
Opened by Andrius Merkys@merkys

pdfsig: Segfault in SignatureHandler::SignatureHandler

I did signature checking with pdfsig of a PDF with ETSI.CAdES.detached signature and ran into a segmentation fault. Output of valgrind:

$ valgrind pdfsig document.pdf 
==28240== Memcheck, a memory error detector
==28240== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==28240== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==28240== Command: pdfsig document.pdf
==28240== 
Digital Signature Info of: document.pdf
Internal Error (0): couldn't find default Firefox Folder
==28240== Invalid read of size 8
==28240==    at 0x566BB04: SECMOD_ReferenceModule (in /usr/lib/x86_64-linux-gnu/libnss3.so)
==28240==    by 0x566C07B: ??? (in /usr/lib/x86_64-linux-gnu/libnss3.so)
==28240==    by 0x566C11F: SECMOD_AddNewModuleEx (in /usr/lib/x86_64-linux-gnu/libnss3.so)
==28240==    by 0x4A81B08: SignatureHandler::SignatureHandler(unsigned char*, int) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.80.0.0)
==28240==    by 0x498592D: FormFieldSignature::validateSignature(bool, bool, long) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.80.0.0)
==28240==    by 0x10A974: main (in /usr/bin/pdfsig)
==28240==  Address 0x38 is not stack'd, malloc'd or (recently) free'd
==28240== 
==28240== 
==28240== Process terminating with default action of signal 11 (SIGSEGV)
==28240==  Access not within mapped region at address 0x38
==28240==    at 0x566BB04: SECMOD_ReferenceModule (in /usr/lib/x86_64-linux-gnu/libnss3.so)
==28240==    by 0x566C07B: ??? (in /usr/lib/x86_64-linux-gnu/libnss3.so)
==28240==    by 0x566C11F: SECMOD_AddNewModuleEx (in /usr/lib/x86_64-linux-gnu/libnss3.so)
==28240==    by 0x4A81B08: SignatureHandler::SignatureHandler(unsigned char*, int) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.80.0.0)
==28240==    by 0x498592D: FormFieldSignature::validateSignature(bool, bool, long) (in /usr/lib/x86_64-linux-gnu/libpoppler.so.80.0.0)
==28240==    by 0x10A974: main (in /usr/bin/pdfsig)
==28240==  If you believe this happened as a result of a stack
==28240==  overflow in your program's main thread (unlikely but
==28240==  possible), you can try to increase the size of the
==28240==  main thread stack using the --main-stacksize= flag.
==28240==  The main thread stack size used in this run was 8388608.

(cutting heap summary for brevity)

Observed with poppler-utils 0.69.0-2 as packaged in Debian. Firefox is not installed on this host.

Edited by Andrius Merkys
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information