search

linmaogithub / pdfium

Automatically exported from code.google.com/p/pdfium
0 stars 0 forks source link

Segmentation fault from invalid memory address. #193

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Run the attached PDF (b.pdf) with pdfium_test binary or load in Chrome.
2. pdfium_test will segfault and Chrome PDF loading spinner will freeze.

What is the expected output? What do you see instead?
It shouldn't segfault.

What version of the product are you using? On what operating system?
Latest version of pdfium from source code and also tested on all Google Chrome 
versions.

Please provide any additional information below.

The given PDF was generated from fuzzing attempts. I ran pdfium_test in gdb 
using `gdb --args ./pdfium_test ~/b.pdf` and it reports this:

Program received signal SIGSEGV, Segmentation fault. ^C 0x000000000061399a in CFX_MapPtrToPtr::HashKey (this=0x24e8378, key=<error reading variable: Cannot access memory at address 0x7fffff7feff8>) at ../../core/src/fxcrt/fx_basic_maps.cpp:31 31 FX_DWORD CFX_MapPtrToPtr::HashKey(void* key) const {


Note: after Chrome has failed to load PDF, further PDFs will not load until the 
browser is restarted.

Original issue reported on code.google.com by thisisda...@gmail.com on 19 Aug 2015 at 3:52

Attachments:

GoogleCodeExporter commented 8 years ago 
Issue 195 has been merged into this issue.

Original comment by thestig@chromium.org on 21 Aug 2015 at 6:26

GoogleCodeExporter commented 8 years ago 
BTW, it's weird that Chrome fails to load anymore PDFs afterwards. I'll take a 
look at that separately.

Original comment by thestig@chromium.org on 21 Aug 2015 at 6:32

GoogleCodeExporter commented 8 years ago 
When Chrome stopped loading PDFs, it had a PDF plugin process still looping 
infinitely. Once that process dies, then loading PDFs works again.

See also: bug 164

Original comment by thestig@chromium.org on 21 Aug 2015 at 6:54

GoogleCodeExporter commented 8 years ago 
Ah okay - Thanks for looking into this and let me know if you need anything!

Original comment by thisisda...@gmail.com on 22 Aug 2015 at 10:56

GoogleCodeExporter commented 8 years ago 
Fixed in commit 0c9f1d8f6dd6

Original comment by thestig@chromium.org on 31 Aug 2015 at 5:48