Summary: | KPDF crashes as underlying xpdf cannot load pdf properly | ||
---|---|---|---|
Product: | [Applications] kpdf | Reporter: | Thomas Fischer <fischer> |
Component: | general | Assignee: | Albert Astals Cid <aacid> |
Status: | RESOLVED FIXED | ||
Severity: | crash | ||
Priority: | NOR | ||
Version: | 0.5 | ||
Target Milestone: | --- | ||
Platform: | Gentoo Packages | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Thomas Fischer
2006-01-17 14:57:59 UTC
Program received signal SIGSEGV, Segmentation fault. SplashPath::offset (this=0x0, dx=0, dy=1130.1678867440774) at SplashPath.cc:165 165 for (i = 0; i < length; ++i) { (gdb) bt #0 SplashPath::offset (this=0x0, dx=0, dy=1130.1678867440774) at SplashPath.cc:165 #1 0xb698be1f in SplashOutputDev::drawChar (this=0x80912d8, state=0x825e3d0, x=0.98360999999999998, y=0.70146979030000012, originX=0, originY=0, code=70) at SplashOutputDev.cc:1363 #2 0xb693dcb8 in Gfx::doShowText (this=0x828f110, s=0x826c918) at Gfx.cc:2788 #3 0xb693eafa in Gfx::opShowText (this=0x828f110, args=0x0) at Gfx.cc:2576 #4 0xb693a80d in Gfx::execOp (this=0x828f110, cmd=0x0, args=0xb66040a0, numArgs=<value optimized out>) at Gfx.cc:676 #5 0xb693aa9d in Gfx::go (this=0x828f110, topLevel=1) at Gfx.cc:567 #6 0xb693b563 in Gfx::display (this=0x828f110, obj=0xb66041e4, topLevel=1) at Gfx.cc:539 #7 0xb697b206 in Page::displaySlice (this=0x8181e20, out=0x80912d8, hDPI=97.621070237028349, vDPI=97.523968000416005, rotate=0, useMediaBox=0, crop=0, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, links=0x8089310, catalog=0x8238c88, abortCheckCbk=0, abortCheckCbkData=0x0) at Page.cc:421 #8 0xb697b644 in Page::display (this=0x8181e20, out=0x80912d8, hDPI=97.621070237028349, vDPI=97.523968000416005, rotate=0, useMediaBox=0, crop=1, links=0x8089310, catalog=0x8238c88, abortCheckCbk=0, abortCheckCbkData=0x0) at Page.cc:327 #9 0xb6978236 in PDFDoc::displayPage (this=0x8269538, out=0x80912d8, page=2, SVN commit 499428 by aacid: Fix for 120310 The check that was checking the length of some strings was not having into account \n or \r that can be there BUGS: 120310 M +27 -4 CharCodeToUnicode.cc [POSSIBLY UNSAFE: scanf] --- branches/KDE/3.5/kdegraphics/kpdf/xpdf/xpdf/CharCodeToUnicode.cc #499427:499428 @@ -243,8 +243,18 @@ } if (!(n1 == 2 + nDigits && tok1[0] == '<' && tok1[n1 - 1] == '>' && tok2[0] == '<' && tok2[n2 - 1] == '>')) { - error(-1, "Illegal entry in bfchar block in ToUnicode CMap"); - continue; + + // check there was no line jump inside the token and so the length is + // longer than it should be + int countAux = 0; + for (int k = 0; k < n1; k++) + if (tok1[k] != '\n' && tok1[k] != '\r') countAux++; + + if (!(countAux == 2 + nDigits && tok1[0] == '<' && tok1[n1 - 1] == '>' && + tok2[0] == '<' && tok2[n2 - 1] == '>')) { + error(-1, "Illegal entry in bfchar block in ToUnicode CMap"); + continue; + } } tok1[n1 - 1] = tok2[n2 - 1] = '\0'; if (sscanf(tok1 + 1, "%x", &code1) != 1) { @@ -268,8 +278,21 @@ } if (!(n1 == 2 + nDigits && tok1[0] == '<' && tok1[n1 - 1] == '>' && n2 == 2 + nDigits && tok2[0] == '<' && tok2[n2 - 1] == '>')) { - error(-1, "Illegal entry in bfrange block in ToUnicode CMap"); - continue; + // check there was no line jump inside the token and so the length is + // longer than it should be + int countAux = 0; + for (int k = 0; k < n1; k++) + if (tok1[k] != '\n' && tok1[k] != '\r') countAux++; + + int countAux2 = 0; + for (int k = 0; k < n1; k++) + if (tok2[k] != '\n' && tok2[k] != '\r') countAux++; + + if (!(countAux == 2 + nDigits && tok1[0] == '<' && tok1[n1 - 1] == '>' && + countAux2 == 2 + nDigits && tok2[0] == '<' && tok2[n2 - 1] == '>')) { + error(-1, "Illegal entry in bfrange block in ToUnicode CMap"); + continue; + } } tok1[n1 - 1] = tok2[n2 - 1] = '\0'; if (sscanf(tok1 + 1, "%x", &code1) != 1 || |