[Podofo-users] Stack Overflow in PoDoFo::PdfParser::ReadXRefStreamContents()

kamil Sun, 19 Feb 2017 03:55:46 -0800

After some fuzz testing I found a crashing test case.


Tested on SVN rev: 1824.

To reproduce: podofopdfinfo podofo_so_ReadXRefStreamContents.pdf (POC in attachment).


ASAN:

ASAN:DEADLYSIGNAL
=================================================================

==25035==ERROR: AddressSanitizer: stack-overflow on address 0x7ffcf2a55ce8 (pc 0x000000520f9e bp 0x7ffcf2a56530 sp 0x7ffcf2a55cd0 T0) #0 0x520f9d in BufferedStackTrace /home/llvm/clang-3.9/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_stacktrace.h:94:37 #1 0x520f9d in operator new(unsigned long) /home/llvm/clang-3.9/final/llvm.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:78 #2 0x7178d6 in PoDoFo::PdfMemStream::BeginAppendImpl(std::vector<PoDoFo::EPdfFilter, std::allocator<PoDoFo::EPdfFilter> > const&) XYZ/podofo-code/podofo/trunk/src/base/PdfMemStream.cpp:71:27 #3 0x56801d in PoDoFo::PdfStream::BeginAppend(std::vector<PoDoFo::EPdfFilter, std::allocator<PoDoFo::EPdfFilter> > const&, bool, bool) XYZ/podofo-code/podofo/trunk/src/base/PdfStream.cpp:240:11 #4 0x5665ac in PoDoFo::PdfStream::SetRawData(PoDoFo::PdfInputStream*, long) XYZ/podofo-code/podofo/trunk/src/base/PdfStream.cpp:175:11 #5 0x7489fa in PoDoFo::PdfParserObject::ParseStream() XYZ/podofo-code/podofo/trunk/src/base/PdfParserObject.cpp:351:33 #6 0x749ee2 in PoDoFo::PdfParserObject::DelayedStreamLoadImpl() XYZ/podofo-code/podofo/trunk/src/base/PdfParserObject.cpp:396:19 #7 0x55734c in PoDoFo::PdfObject::DelayedStreamLoad() const XYZ/podofo-code/podofo/trunk/src/base/PdfObject.h:459:39 #8 0x55734c in PoDoFo::PdfObject::GetStream() XYZ/podofo-code/podofo/trunk/src/base/PdfObject.cpp:257 #9 0x780cc7 in PoDoFo::PdfXRefStreamParserObject::ParseStream(long const*, std::vector<long, std::allocator<long> > const&) XYZ/podofo-code/podofo/trunk/src/base/PdfXRefStreamParserObject.cpp:127:11 #10 0x77e20e in PoDoFo::PdfXRefStreamParserObject::ReadXRefTable() XYZ/podofo-code/podofo/trunk/src/base/PdfXRefStreamParserObject.cpp:118:5 #11 0x73646f in PoDoFo::PdfParser::ReadXRefStreamContents(long, bool) XYZ/podofo-code/podofo/trunk/src/base/PdfParser.cpp:858:16 #12 0x72bba1 in PoDoFo::PdfParser::ReadXRefContents(long, bool) XYZ/podofo-code/podofo/trunk/src/base/PdfParser.cpp:682:13 #13 0x736524 in PoDoFo::PdfParser::ReadXRefStreamContents(long, bool) XYZ/podofo-code/podofo/trunk/src/base/PdfParser.cpp:869:13 #14 0x72bba1 in PoDoFo::PdfParser::ReadXRefContents(long, bool) XYZ/podofo-code/podofo/trunk/src/base/PdfParser.cpp:682:13 #15 0x736524 in PoDoFo::PdfParser::ReadXRefStreamContents(long, bool) XYZ/podofo-code/podofo/trunk/src/base/PdfParser.cpp:869:13 #16 0x72bba1 in PoDoFo::PdfParser::ReadXRefContents(long, bool) XYZ/podofo-code/podofo/trunk/src/base/PdfParser.cpp:682:13 ######################################################## SNIP! ######################################################## #252 0x72bba1 in PoDoFo::PdfParser::ReadXRefContents(long, bool) XYZ/podofo-code/podofo/trunk/src/base/PdfParser.cpp:682:13 #253 0x736524 in PoDoFo::PdfParser::ReadXRefStreamContents(long, bool) XYZ/podofo-code/podofo/trunk/src/base/PdfParser.cpp:869:13

SUMMARY: AddressSanitizer: stack-overflow /home/llvm/clang-3.9/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_stacktrace.h:94:37 in BufferedStackTrace

==25035==ABORTING


---
Best regards
Kamil Frankowicz

podofo_so_ReadXRefStreamContents.pdf
Description: Adobe PDF document

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users

[Podofo-users] Stack Overflow in PoDoFo::PdfParser::ReadXRefStreamContents()

Reply via email to