New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crash / stack overflow with malformed input pdf #51
Comments
|
Hmm, surprised you don't see the crash. Still crashes for me with the latest git code. |
|
One of the things I hope to do in the next update is to use from c++11 if building with a c++11 compiler and using pcre as a fallback if not available. What version of pcre are you using? |
|
8.39, latest upstream version. |
|
I can reproduce this issue. |
During parsing of an object, sometimes parts of the object have to be resolved. An example is stream lengths. If such an object directly or indirectly points to the object being parsed, it can cause an infinite loop. Guard against all cases of re-entrant resolution of objects.
|
This one also has an easy fix. |
During parsing of an object, sometimes parts of the object have to be resolved. An example is stream lengths. If such an object directly or indirectly points to the object being parsed, it can cause an infinite loop. Guard against all cases of re-entrant resolution of objects.
During parsing of an object, sometimes parts of the object have to be resolved. An example is stream lengths. If such an object directly or indirectly points to the object being parsed, it can cause an infinite loop. Guard against all cases of re-entrant resolution of objects.
During parsing of an object, sometimes parts of the object have to be resolved. An example is stream lengths. If such an object directly or indirectly points to the object being parsed, it can cause an infinite loop. Guard against all cases of re-entrant resolution of objects.
During parsing of an object, sometimes parts of the object have to be resolved. An example is stream lengths. If such an object directly or indirectly points to the object being parsed, it can cause an infinite loop. Guard against all cases of re-entrant resolution of objects.
|
This has been assigned CVE-2015-9252 |
Passing this pdf to qpdf will cause a crash:
https://crashes.fuzzing-project.org/qpdf-crash.pdf
Looking at the stack trace this seems to be an endless recursion causing a stack overflow.
Here's (part of) the stack trace when compiling qpdf with address sanitizer (latest git code):
The text was updated successfully, but these errors were encountered: