=================================================================
==15571==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x632000014b20 at pc 0x7fac6548f951 bp 0x7fffb884dba0 sp 0x7fffb884db98
READ of size 1 at 0x632000014b20 thread T0
#0 0x7fac6548f950 in Splash::blitTransparent(SplashBitmap*, int, int, int, int, int, int) /src/poppler-0.74/splash/Splash.cc:5872:6
#1 0x7fac65422030 in SplashOutputDev::beginTransparencyGroup(GfxState*, double const*, GfxColorSpace*, bool, bool, bool) /src/poppler-0.74/poppler/SplashOutputDev.cc:4282:13
#2 0x7fac64f06096 in Gfx::drawForm(Object*, Dict*, double const*, double const*, bool, bool, GfxColorSpace*, bool, bool, bool, Function*, GfxColor*) /src/poppler-0.74/poppler/Gfx.cc:4828:10
#3 0x7fac64f373ad in Gfx::doForm(Object*) /src/poppler-0.74/poppler/Gfx.cc:4764:3
#4 0x7fac64ebe0fd in Gfx::opXObject(Object*, int) /src/poppler-0.74/poppler/Gfx.cc:4181:2
#5 0x7fac64f0066f in Gfx::execOp(Object*, Object*, int) /src/poppler-0.74/poppler/Gfx.cc:876:3
#6 0x7fac64efc707 in Gfx::go(bool) /src/poppler-0.74/poppler/Gfx.cc:752:7
#7 0x7fac64efb5b3 in Gfx::display(Object*, bool) /src/poppler-0.74/poppler/Gfx.cc:714:3
#8 0x7fac64f062f5 in Gfx::drawForm(Object*, Dict*, double const*, double const*, bool, bool, GfxColorSpace*, bool, bool, bool, Function*, GfxColor*) /src/poppler-0.74/poppler/Gfx.cc:4841:3
#9 0x7fac64f373ad in Gfx::doForm(Object*) /src/poppler-0.74/poppler/Gfx.cc:4764:3
#10 0x7fac64ebe0fd in Gfx::opXObject(Object*, int) /src/poppler-0.74/poppler/Gfx.cc:4181:2
#11 0x7fac64f0066f in Gfx::execOp(Object*, Object*, int) /src/poppler-0.74/poppler/Gfx.cc:876:3
#12 0x7fac64efc707 in Gfx::go(bool) /src/poppler-0.74/poppler/Gfx.cc:752:7
#13 0x7fac64efb5b3 in Gfx::display(Object*, bool) /src/poppler-0.74/poppler/Gfx.cc:714:3
#14 0x7fac6513614c in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /src/poppler-0.74/poppler/Page.cc:548:10
#15 0x7fac651538b1 in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /src/poppler-0.74/poppler/PDFDoc.cc:665:20
#16 0x521264 in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /src/poppler-0.74/utils/pdftoppm.cc:287:8
#17 0x521264 in main /src/poppler-0.74/utils/pdftoppm.cc:600
#18 0x7fac637b982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#19 0x41b838 in _start (/src/aflbuild/installed/bin/pdftoppm+0x41b838)
0x632000014b20 is located 0 bytes to the right of 82720-byte region [0x632000000800,0x632000014b20)
allocated by thread T0 here:
#0 0x4dfa68 in __interceptor_malloc /work/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x7fac65499963 in gmalloc(unsigned long, bool) /src/poppler-0.74/goo/gmem.h:41:17
#2 0x7fac65499963 in gmallocn(int, int, bool) /src/poppler-0.74/goo/gmem.h:115
#3 0x7fac65499963 in gmallocn_checkoverflow(int, int) /src/poppler-0.74/goo/gmem.h:119
#4 0x7fac65499963 in SplashBitmap::SplashBitmap(int, int, int, SplashColorMode, bool, bool, GooList*) /src/poppler-0.74/splash/SplashBitmap.cc:113
SUMMARY: AddressSanitizer: heap-buffer-overflow /src/poppler-0.74/splash/Splash.cc:5872:6 in Splash::blitTransparent(SplashBitmap*, int, int, int, int, int, int)
Shadow bytes around the buggy address:
0x0c647fffa910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c647fffa920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c647fffa930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c647fffa940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c647fffa950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c647fffa960: 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffa970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffa980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffa990: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffa9a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffa9b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==15571==ABORTING