Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upcrash / stack overflow with malformed input pdf #51
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
jberkenbilt
added
the
next
label
Sep 10, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
hannob
Sep 11, 2016
Hmm, surprised you don't see the crash. Still crashes for me with the latest git code.
As the crash actually happens in libpcre it may be a bug in there...
hannob
commented
Sep 11, 2016
|
Hmm, surprised you don't see the crash. Still crashes for me with the latest git code. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
jberkenbilt
Sep 13, 2016
Contributor
One of the things I hope to do in the next update is to use from c++11 if building with a c++11 compiler and using pcre as a fallback if not available. What version of pcre are you using?
|
One of the things I hope to do in the next update is to use from c++11 if building with a c++11 compiler and using pcre as a fallback if not available. What version of pcre are you using? |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
hannob
commented
Sep 13, 2016
|
8.39, latest upstream version. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
asarubbo
commented
Feb 13, 2017
|
I can reproduce this issue. |
This was referenced Feb 13, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
added a commit
to jberkenbilt/qpdf
that referenced
this issue
Jul 26, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
This one also has an easy fix. |
jberkenbilt
added
the
bug
label
Jul 26, 2017
added a commit
to jberkenbilt/qpdf
that referenced
this issue
Jul 26, 2017
added a commit
to jberkenbilt/qpdf
that referenced
this issue
Jul 26, 2017
added a commit
to jberkenbilt/qpdf
that referenced
this issue
Jul 26, 2017
added a commit
to jberkenbilt/qpdf
that referenced
this issue
Jul 26, 2017
jberkenbilt
closed this
in
701b518
Jul 26, 2017
This was referenced Aug 8, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
ghost
commented
Feb 14, 2018
|
This has been assigned CVE-2015-9252 |
hannob commentedSep 2, 2015
Passing this pdf to qpdf will cause a crash:
https://crashes.fuzzing-project.org/qpdf-crash.pdf
Looking at the stack trace this seems to be an endless recursion causing a stack overflow.
Here's (part of) the stack trace when compiling qpdf with address sanitizer (latest git code):