PdfReference.cpp:Segmentation fault
Liujiahao0 opened this issue · comments
I'm submitting a:Bug report
The problem occurred in the PdfReference:: IsIndirect function. Specifically, a null pointer object was called in the PdfObject:: IsIndirect function. Further tracking, the PdfFontManager:: GetLoadedFont function threw an error while attempting to obtain a font named 'FT14'.
This may be due to the use of an invalid font name or some other logical error while loading the font.
version:0.11.0
reproduce: podofotxtextract poc.pdf
My system OS:Ubuntu 22.04
My Compilation Process:
git clone https://github.com/podofo/podofo.git
cd podofo
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Debug cmake -DPODOFO_BUILD_TOOLS=TRUE ..
cmake --build . --config Debug
The stack information is as follows:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7c74d8c in PoDoFo::PdfReference::IsIndirect (this=0x18) at /home/ljh/podofo/src/podofo/main/PdfReference.cpp:64
64 return m_ObjectNo != 0 || m_GenerationNo != 0;
(gdb) bt
#0 0x00007ffff7c74d8c in PoDoFo::PdfReference::IsIndirect (this=0x18)
at /home/ljh/podofo/src/podofo/main/PdfReference.cpp:64
#1 0x00007ffff7bffb38 in PoDoFo::PdfObject::IsIndirect (this=0x0)
at /home/ljh/podofo/src/podofo/main/PdfObject.cpp:309
#2 0x00007ffff7baebb7 in PoDoFo::PdfFontManager::GetLoadedFont (
this=0x7fffffffdcf0, resources=..., name="FT14")
at /home/ljh/podofo/src/podofo/main/PdfFontManager.cpp:98
#3 0x00007ffff7c75518 in PoDoFo::PdfResources::GetFont (this=0x555555626560,
name="FT14") at /home/ljh/podofo/src/podofo/main/PdfResources.cpp:87
#4 0x00007ffff7c1f763 in ExtractionContext::Tf_Operator (this=0x7fffffffd5c0,
fontname=..., fontsize=180)
at /home/ljh/podofo/src/podofo/main/PdfPage_TextExtraction.cpp:882
#5 0x00007ffff7c1c3dc in PoDoFo::PdfPage::ExtractTextTo (this=0x5555556264c0,
entries=std::vector of length 0, capacity 0, pattern="", params=...)
at /home/ljh/podofo/src/podofo/main/PdfPage_TextExtraction.cpp:282
#6 0x0000555555556683 in Main (args=...)
at /home/ljh/podofo/tools/podofotxtextract/podofotxtextract.cpp:40
#7 0x00005555555571dc in main (argc=2, argv=0x7fffffffe008)
at /home/ljh/podofo/tools/private/MainEntryPoint.cpp:35
Please, next time use https://github.com/podofo/podofo/security/advisories/new for such reports.
I'm very sorry, next time I will use the error report template.
I tried using https://github.com/podofo/podofo/security/advisories/new However, the PDF file that caused the error cannot be uploaded. Also, may I ask if this error has been confirmed? If this error has already been discovered or is not an error, I apologize for wasting your time
The github reporting form for security advisories is the right tool for such reports. If you are unable to upload test files, try to track the exact problem next time. While not strictly required, it would be nice if you drop a little word of how come you are using PoDoFo and why you are doing some fuzzing with it. All recent PoDoFo security advisory reports had all this common pattern where users with empty or almost empty github history dropped reports similar to yours, with no description on the context of such testing. I would be curious to understand why so, if it's a coincidence or quite common way of doing when reporting security advisories.
I am studying the improvement of fuzzing technology, and testing several popular programs to find new errors to verify the effectiveness of the improved fuzzing technology. I think other similar reports should have the same reason as me.
Because I only use Fuzzing technology to find errors, I do not have a deep understanding of the software under test. I can only obtain stack information through the file that caused the Fuzzing crash. But it is difficult for me to find the specific cause of the error.