Begin forwarded message:
Hi, The attached file segfault.pdf will (well...) segfault podofopdfinfo. Looks like a null pointer access. The other file will expose a heap overflow in the function ReadXRefSubsection. To see this one needs either address sanitizer or valgrind. I have attached both sample files and the output from address sanitizer. These were found through fuzzing podofo with the tool american fuzzy lop. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42 -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
heapoverflow-ReadXRefSubsection.pdf
Description: Adobe PDF document
heapoverflow-ReadXRefSubsection.pdf.asan.txt.xz
Description: application/xz
segfault.pdf
Description: Adobe PDF document
segfault.pdf.asan.txt.xz
Description: application/xz
pgp3Ku0J_9AkK.pgp
Description: OpenPGP digital signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Podofo-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/podofo-users
