Re: [Podofo-users] BUG: Erase method from PdfOutlineItem sometimes segfaults

Wed, 04 May 2016 10:45:59 -0700 

On Tue, 2016-05-03 at 10:26 +0200, zyx wrote:
> My personal opinion on the patch itself is that the pseudo-reference-
> counting added is not needed and it's not thread safe. Also, the ref-
> count should always start at 1, not at 0, but I didn't test the patch
> yet, thus my patch-reading-opinion can be wrong.

        Hi,
I tested the patch from the other thread with the Yan's test doc1.pdf
and slightly modified code:

static void
outline_crash (void)
{
        PdfMemDocument doc;
        const PdfMemDocument indoc1("doc1.pdf");
        PdfOutlines *outout = doc.GetOutlines();
        outout->CreateRoot("doc1.pdf");
        PdfOutlineItem *root = doc.GetOutlines()->First();
        doc.InsertPages(indoc1,0,3);
        root->SetDestination(PdfDestination(doc.GetPage(0)));
        PdfOutlineItem *nextroot = root->Next();
        if (nextroot) root->InsertChild(nextroot);
        PdfOutlineItem *x = doc.GetOutlines()->First();
        x->Erase();
}

and that is still crashing, even with the patch allied. The valgrind
claims a use-after-free without the patch and an invalid read with the
patch applied:

==8307== Invalid read of size 8
==8307==    at 0x4E33C0: PoDoFo::PdfElement::GetObject() (PdfElement.h:180)
==8307==    by 0x4FFB34: 
PoDoFo::PdfOutlineItem::SetPrevious(PoDoFo::PdfOutlineItem*) 
(PdfOutlines.cpp:192)
==8307==    by 0x50002C: PoDoFo::PdfOutlineItem::Erase() (PdfOutlines.cpp:235)
==8307==    by 0x4FFFDA: PoDoFo::PdfOutlineItem::Erase() (PdfOutlines.cpp:225)
==8307==    by 0x4FFFDA: PoDoFo::PdfOutlineItem::Erase() (PdfOutlines.cpp:225)
==8307==    by 0x4B78AA: outline_crash() (crash.cpp:21)
==8307==    by 0x4B79B7: main (crash.cpp:40)
==8307==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
==8307== 
==8307== 
==8307== Process terminating with default action of signal 11 (SIGSEGV)
==8307==  Access not within mapped region at address 0x8
==8307==    at 0x4E33C0: PoDoFo::PdfElement::GetObject() (PdfElement.h:180)
==8307==    by 0x4FFB34: 
PoDoFo::PdfOutlineItem::SetPrevious(PoDoFo::PdfOutlineItem*) 
(PdfOutlines.cpp:192)
==8307==    by 0x50002C: PoDoFo::PdfOutlineItem::Erase() (PdfOutlines.cpp:235)
==8307==    by 0x4FFFDA: PoDoFo::PdfOutlineItem::Erase() (PdfOutlines.cpp:225)
==8307==    by 0x4FFFDA: PoDoFo::PdfOutlineItem::Erase() (PdfOutlines.cpp:225)
==8307==    by 0x4B78AA: outline_crash() (crash.cpp:21)
==8307==    by 0x4B79B7: main (crash.cpp:40)

        Bye,
        zyx
-- 
http://www.litePDF.cz                                 i...@litepdf.cz

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users

Reply via email to