A FPE in function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc:4625-28
poppler
version
poppler 0.74description
Nonedownload link
NoneSplashOutputDev::tilingPatternFill@SplashOutputDev.cc:4625-28___FPE
description
An issue was discovered in poppler 0.74 and 0.78, There is a/an FPE in function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc:4625-28commandline
pdftoppm -cropbox -gray @@source
nonedebug
debug with poppler 0.74 and poppler 0.78
Program received signal SIGFPE
pwndbg> p result_width
$1 = 0
pwndbg> p surface_width
$2 = 0bug report
AddressSanitizer:DEADLYSIGNAL
=================================================================
==29151==ERROR: AddressSanitizer: FPE on unknown address 0x7fea8ca05ae8 (pc 0x7fea8ca05ae8 bp 0x7ffc75bb6b00 sp 0x7ffc75bb6620 T0)
#0 0x7fea8ca05ae7 in SplashOutputDev::tilingPatternFill(GfxState*, Gfx*, Catalog*, Object*, double const*, int, int, Dict*, double const*, double const*, int, int, int, int, double, double) /src/poppler-0.74/poppler/SplashOutputDev.cc:4625:28
#1 0x7fea8c4e93be in Gfx::doTilingPatternFill(GfxTilingPattern*, bool, bool, bool) /src/poppler-0.74/poppler/Gfx.cc:2225:9
#2 0x7fea8c4e6646 in Gfx::doPatternStroke() /src/poppler-0.74/poppler/Gfx.cc:1967:5
#3 0x7fea8c4a3544 in Gfx::opStroke(Object*, int) /src/poppler-0.74/poppler/Gfx.cc:1774:2
#4 0x7fea8c4df66f in Gfx::execOp(Object*, Object*, int) /src/poppler-0.74/poppler/Gfx.cc:876:3
#5 0x7fea8c4db707 in Gfx::go(bool) /src/poppler-0.74/poppler/Gfx.cc:752:7
#6 0x7fea8c4da5b3 in Gfx::display(Object*, bool) /src/poppler-0.74/poppler/Gfx.cc:714:3
#7 0x7fea8c4e52f5 in Gfx::drawForm(Object*, Dict*, double const*, double const*, bool, bool, GfxColorSpace*, bool, bool, bool, Function*, GfxColor*) /src/poppler-0.74/poppler/Gfx.cc:4841:3
#8 0x7fea8c5163ad in Gfx::doForm(Object*) /src/poppler-0.74/poppler/Gfx.cc:4764:3
#9 0x7fea8c49d0fd in Gfx::opXObject(Object*, int) /src/poppler-0.74/poppler/Gfx.cc:4181:2
#10 0x7fea8c4df66f in Gfx::execOp(Object*, Object*, int) /src/poppler-0.74/poppler/Gfx.cc:876:3
#11 0x7fea8c4db707 in Gfx::go(bool) /src/poppler-0.74/poppler/Gfx.cc:752:7
#12 0x7fea8c4da5b3 in Gfx::display(Object*, bool) /src/poppler-0.74/poppler/Gfx.cc:714:3
#13 0x7fea8c71514c in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /src/poppler-0.74/poppler/Page.cc:548:10
#14 0x7fea8c7328b1 in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /src/poppler-0.74/poppler/PDFDoc.cc:665:20
#15 0x521264 in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /src/poppler-0.74/utils/pdftoppm.cc:287:8
#16 0x521264 in main /src/poppler-0.74/utils/pdftoppm.cc:600
#17 0x7fea8ad9882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#18 0x41b838 in _start (/src/aflbuild/installed/bin/pdftoppm+0x41b838)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /src/poppler-0.74/poppler/SplashOutputDev.cc:4625:28 in SplashOutputDev::tilingPatternFill(GfxState*, Gfx*, Catalog*, Object*, double const*, int, int, Dict*, double const*, double const*, int, int, int, int, double, double)
==29151==ABORTING
others
from fuzz project pwd-poppler-pdftoppm-01
crash name pwd-poppler-pdftoppm-01-00000088-20190427.pdf
Auto-generated by pyspider at 2019-04-27 20:37:40