Our fuzzer found a crash due to an invalid read on the function GfxState::~GfxState (the latest commit b671b64 on master - version 0.70).
valgrind pdf2json $PoC /dev/null
==7805== Invalid read of size 8
==7805== at 0x41ACF7: GfxState::~GfxState() (in /home/dungnguyen/PoCs/pdf2json_b671b64/pdf2json)
==7805== by 0x41C839: GfxState::restore() (in /home/dungnguyen/PoCs/pdf2json_b671b64/pdf2json)
==7805== by 0x467BEB: Gfx::restoreState() (in /home/dungnguyen/PoCs/pdf2json_b671b64/pdf2json)
==7805== by 0x42A5AA: Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, Links*, int, Catalog*, int (*)(void*), void*) (in /home/dungnguyen/PoCs/pdf2json_b671b64/pdf2json)
==7805== by 0x42A14A: Page::display(OutputDev*, double, double, int, int, int, Links*, int, Catalog*, int (*)(void*), void*) (in /home/dungnguyen/PoCs/pdf2json_b671b64/pdf2json)
==7805== by 0x42BCBD: PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) (in /home/dungnguyen/PoCs/pdf2json_b671b64/pdf2json)
==7805== by 0x42BD48: PDFDoc::displayPages(OutputDev*, int, int, double, double, int, int, int, int, int (*)(void*), void*) (in /home/dungnguyen/PoCs/pdf2json_b671b64/pdf2json)
==7805== by 0x40269A: main (pdf2json.cc:275)
==7805== Address 0xbdcabdbebdbcbdb0 is not stack'd, malloc'd or (recently) free'd
Segmentation fault
Hi,
Our fuzzer found a crash due to an invalid read on the function GfxState::~GfxState (the latest commit b671b64 on master - version 0.70).
PoC: https://github.com/strongcourage/PoCs/blob/master/pdf2json_b671b64/PoC_segv_GfxState::~GfxState
Valgrind says:
Thanks,
Manh Dung