Summary: | mupdf crashed while LATEX generated PDF opened | ||
---|---|---|---|
Product: | MuPDF | Reporter: | Pavel Zhukov <landgraf> |
Component: | mupdf | Assignee: | Tor Andersson <tor.andersson> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | htl10, robin.watts |
Priority: | P4 | ||
Version: | unspecified | ||
Hardware: | PC | ||
OS: | Linux | ||
Customer: | Word Size: | --- | |
Attachments: | a pdf with a stupidously long pdfdoc title |
Description
Pavel Zhukov
2012-02-27 17:51:34 UTC
Can you attach the file that crashes please? I can't see it on the redhat bug report. (In reply to comment #0) > Crash report can be found here: > https://bugzilla.redhat.com/show_bug.cgi?id=752388 > I've reproduced bug for all latex generated PDFs. Really? I have mupdf-0.9-1.fc16.x86_64 and tried a few latex-generated PDFs. From the two redhat bugzilla backtraces though, it looks like it is string buffer overrun. Does your LaTeX pdf's have extremely long titles? apps/pdfapps.c: line 360 -ish, have this: ----------- static void pdfapp_showpage(pdfapp_t *app, int loadpage, int drawpage, int repaint) { char buf[256]; ----------- could you try changing the 256 to some large number, and/or the sprintf() a few lines down, to snprintf(buf, 256, ...)? --------------- if (drawpage) { sprintf(buf, "%s - %d/%d (%d dpi)", app->doctitle, ------------- Created attachment 8411 [details]
a pdf with a stupidously long pdfdoc title
Based on my inspection of the mupdf code and my suspection that I can overrun that string buffer, I made a pdf with a stupideously long pdfdoc title. And it crashes mupdf. Both xpdf and gs are happy to open it.
Fixed in: commit 33dc06b61c0816854193f006c35a9e797f098a22 Author: Robin Watts <robin.watts@artifex.com> Date: Tue Mar 13 19:38:56 2012 +0000 Bug 692882 - fix buffer overflow. Long doctitles (filenames in this case) can cause a buffer overflow. Fix here. Thanks to Hin-Tak and Pavel Zhukov. Thanks! |