Segmentation fault (core dumped) during rendering of the pdf file
I have a pdf file with an element FunctionType 0/Size[112269824]
and on this file I have segmentation fault.
The problem I found in function gmallocn
, in my case nObjs >= INT_MAX / objSize
and the program exit (1)
Stack looks like:
#0 gmallocn (nObjs=336809472, objSize=8, checkoverflow=false) at /third_party/poppler/goo/gmem.cc:181
#1 0x00000000004f09c8 in gmallocn (nObjs=336809472, objSize=8) at /third_party/poppler/goo/gmem.cc:195
#2 0x000000000064af06 in SampledFunction::SampledFunction (this=0x9ddf40, funcObj=0x7fffffffd3d0, dict=0x9cf3a0) at /third_party/poppler/poppler/Function.cc:373
#3 0x0000000000649933 in Function::parse (funcObj=0x7fffffffd3d0, usedParents=0x7fffffffd2f0) at /third_party/poppler/poppler/Function.cc:90
#4 0x00000000006497c7 in Function::parse (funcObj=0x7fffffffd3d0) at /third_party/poppler/poppler/Function.cc:63<br />
#5 0x000000000054637f in GfxAxialShading::parse (res=0x989670, dict=0x9b9f60, out=0x7fffffffdeb0, state=0x9a0130) at /third_party/poppler/poppler/GfxState.cc:4125
#6 0x000000000054332e in GfxShading::parse (res=0x989670, obj=0x7fffffffd630, out=0x7fffffffdeb0, state=0x9a0130) at /third_party/poppler/poppler/GfxState.cc:3591
#7 0x0000000000542d07 in GfxShadingPattern::parse (res=0x989670, patObj=0x7fffffffd780, out=0x7fffffffdeb0, state=0x9a0130, patternRefNum=47) at /third_party/poppler/poppler/GfxState.cc:3494
#8 0x00000000005422f6 in GfxPattern::parse (res=0x989670, obj=0x7fffffffd780, out=0x7fffffffdeb0, state=0x9a0130, patternRefNum=47) at /third_party/poppler/poppler/GfxState.cc:3362
#9 0x0000000000509820 in GfxResources::lookupPattern (this=0x989670, name=0x988ab0 "P47", out=0x7fffffffdeb0, state=0x9a0130) at /third_party/poppler/poppler/Gfx.cc:471
#10 0x000000000050f3ed in Gfx::opSetFillColorN (this=0x989540, args=0x7fffffffd990, numArgs=1) at /third_party/poppler/poppler/Gfx.cc:1599
#11 0x000000000050b230 in Gfx::execOp (this=0x989540, cmd=0x7fffffffd950, args=0x7fffffffd990, numArgs=1) at /third_party/poppler/poppler/Gfx.cc:878
#12 0x000000000050ab10 in Gfx::go (this=0x989540, topLevel=true) at /third_party/poppler/poppler/Gfx.cc:753
#13 0x000000000050a89c in Gfx::display (this=0x989540, obj=0x7fffffffdcd0, topLevel=true) at /third_party/poppler/poppler/Gfx.cc:715
#14 0x000000000056c4b1 in Page::displaySlice (this=0x9870b0, out=0x7fffffffdeb0, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, crop=true, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at /third_party/poppler/poppler/Page.cc:560
#15 0x00000000005705c1 in PDFDoc::displayPageSlice (this=0x9866d0, out=0x7fffffffdeb0, page=1, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, crop=true, printing=false, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false)at /third_party/poppler/poppler/PDFDoc.cc:555
#16 0x00000000004eaedb in poppler::page_renderer::render_page (this=0x7fffffffe0a0, p=0x9876f0, xres=72, yres=72, x=-1, y=-1, w=-1, h=-1, rotate=poppler::rotate_0) at /third_party/poppler/cpp/poppler-page-renderer.cpp:303
#17 0x00000000004d93b0 in main (argc=2, argv=0x7fffffffe238) at /third_party/poppler/cpp/tests/poppler-render.cpp:104
I don't want this exit, What can I do?
I found the discussion of the same problem but for other function: https://bugs.freedesktop.org/show_bug.cgi?id=93476 There you add check for ExponentialFunction in poppler/Function.cc: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433