use after free in pdfsig
Attached file will cause a use after free bug, visible with asan.
Stack trace:
==7698==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000001e1 at pc 0x7f5fbba31b5f bp 0x7ffc970b4560 sp 0x7ffc970b4558
READ of size 1 at 0x6160000001e1 thread T0
#0 0x7f5fbba31b5e in GlobalParams::getErrQuiet() /f/poppler/poppler/GlobalParams.cc:1164:10
#1 0x7f5fbb80be26 in error(ErrorCategory, long long, char const*, ...) /f/poppler/poppler/Error.cc:64:50
#2 0x7f5fbbac88f5 in Linearization::getNumPages() /f/poppler/poppler/Linearization.cc:172:5
#3 0x7f5fbbb1346d in PDFDoc::getNumPages() /f/poppler/poppler/PDFDoc.cc:2080:34
#4 0x7f5fbbb128a2 in PDFDoc::~PDFDoc() /f/poppler/poppler/PDFDoc.cc:320:25
#5 0x4fc7cf in main /f/poppler/utils/pdfsig.cc:281:3
#6 0x7f5fbae594ea in __libc_start_main (/lib64/libc.so.6+0x244ea)
#7 0x41c659 in _start (/r/poppler/pdfsig+0x41c659)
0x6160000001e1 is located 353 bytes inside of 520-byte region [0x616000000080,0x616000000288)
freed by thread T0 here:
#0 0x4f7c82 in operator delete(void*) (/r/poppler/pdfsig+0x4f7c82)
#1 0x4fc6c8 in main /f/poppler/utils/pdfsig.cc:279:3
#2 0x7f5fbae594ea in __libc_start_main (/lib64/libc.so.6+0x244ea)
#3 0x41c659 in _start (/r/poppler/pdfsig+0x41c659)
previously allocated by thread T0 here:
#0 0x4f7042 in operator new(unsigned long) (/r/poppler/pdfsig+0x4f7042)
#1 0x4fc3d1 in main /f/poppler/utils/pdfsig.cc:154:18
#2 0x7f5fbae594ea in __libc_start_main (/lib64/libc.so.6+0x244ea)
#3 0x41c659 in _start (/r/poppler/pdfsig+0x41c659)