Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • P poppler
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 687
    • Issues 687
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 52
    • Merge requests 52
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • poppler
  • poppler
  • Issues
  • #802
Closed
Open
Issue created Jul 11, 2019 by pwd@Daniel

A FPE in function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc:4625-28

poppler

version

poppler 0.74

description

None

download link

None

SplashOutputDev::tilingPatternFill@SplashOutputDev.cc:4625-28___FPE

description

An issue was discovered in poppler 0.74 and 0.78, There is a/an FPE in function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc:4625-28

commandline

pdftoppm -cropbox -gray @@

source

none

debug

debug with poppler 0.74 and poppler 0.78

Program received signal SIGFPE
pwndbg> p result_width
$1 = 0
pwndbg> p surface_width
$2 = 0

bug report

AddressSanitizer:DEADLYSIGNAL
=================================================================
==29151==ERROR: AddressSanitizer: FPE on unknown address 0x7fea8ca05ae8 (pc 0x7fea8ca05ae8 bp 0x7ffc75bb6b00 sp 0x7ffc75bb6620 T0)
    #0 0x7fea8ca05ae7 in SplashOutputDev::tilingPatternFill(GfxState*, Gfx*, Catalog*, Object*, double const*, int, int, Dict*, double const*, double const*, int, int, int, int, double, double) /src/poppler-0.74/poppler/SplashOutputDev.cc:4625:28
    #1 0x7fea8c4e93be in Gfx::doTilingPatternFill(GfxTilingPattern*, bool, bool, bool) /src/poppler-0.74/poppler/Gfx.cc:2225:9
    #2 0x7fea8c4e6646 in Gfx::doPatternStroke() /src/poppler-0.74/poppler/Gfx.cc:1967:5
    #3 0x7fea8c4a3544 in Gfx::opStroke(Object*, int) /src/poppler-0.74/poppler/Gfx.cc:1774:2
    #4 0x7fea8c4df66f in Gfx::execOp(Object*, Object*, int) /src/poppler-0.74/poppler/Gfx.cc:876:3
    #5 0x7fea8c4db707 in Gfx::go(bool) /src/poppler-0.74/poppler/Gfx.cc:752:7
    #6 0x7fea8c4da5b3 in Gfx::display(Object*, bool) /src/poppler-0.74/poppler/Gfx.cc:714:3
    #7 0x7fea8c4e52f5 in Gfx::drawForm(Object*, Dict*, double const*, double const*, bool, bool, GfxColorSpace*, bool, bool, bool, Function*, GfxColor*) /src/poppler-0.74/poppler/Gfx.cc:4841:3
    #8 0x7fea8c5163ad in Gfx::doForm(Object*) /src/poppler-0.74/poppler/Gfx.cc:4764:3
    #9 0x7fea8c49d0fd in Gfx::opXObject(Object*, int) /src/poppler-0.74/poppler/Gfx.cc:4181:2
    #10 0x7fea8c4df66f in Gfx::execOp(Object*, Object*, int) /src/poppler-0.74/poppler/Gfx.cc:876:3
    #11 0x7fea8c4db707 in Gfx::go(bool) /src/poppler-0.74/poppler/Gfx.cc:752:7
    #12 0x7fea8c4da5b3 in Gfx::display(Object*, bool) /src/poppler-0.74/poppler/Gfx.cc:714:3
    #13 0x7fea8c71514c in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /src/poppler-0.74/poppler/Page.cc:548:10
    #14 0x7fea8c7328b1 in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /src/poppler-0.74/poppler/PDFDoc.cc:665:20
    #15 0x521264 in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /src/poppler-0.74/utils/pdftoppm.cc:287:8
    #16 0x521264 in main /src/poppler-0.74/utils/pdftoppm.cc:600
    #17 0x7fea8ad9882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #18 0x41b838 in _start (/src/aflbuild/installed/bin/pdftoppm+0x41b838)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /src/poppler-0.74/poppler/SplashOutputDev.cc:4625:28 in SplashOutputDev::tilingPatternFill(GfxState*, Gfx*, Catalog*, Object*, double const*, int, int, Dict*, double const*, double const*, int, int, int, int, double, double)
==29151==ABORTING

others

from fuzz project pwd-poppler-pdftoppm-01
crash name pwd-poppler-pdftoppm-01-00000088-20190427.pdf
Auto-generated by pyspider at 2019-04-27 20:37:40

poc.tar.gz

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking