Abort via poppler::embedded_file::size()
Hello, I'm from X41 D-Sec.
During fuzzing of poppler, we have discovered an
abort() issue in the embedded files handling.
The issue can be triggered with the
poppler-dump test utility compiled from the current Git HEAD:
poppler/build/cpp/tests/poppler-dump --show-embedded-files abort_1.pdf poppler/error: May not be a PDF file (continuing anyway) poppler/error (51): Dictionary key must be a name object [...] poppler/error: Unterminated string poppler/error: Invalid FileSpec 12 0 obj<</Names<</EmbeddedFiles 16 0 R poppler/error (0): Call to Object where the object was type 3, not the expected type 7 Aborted
This issue is a followup of #966 (closed).
Minimized reproducer file: abort_1.pdf
Note: the code deliberately calls
abort() to prevent other issues, so this behavior might be somewhat intentional.