GNOME Bugzilla – Bug 482654
PDF signature causes crash
Last modified: 2007-10-11 09:27:17 UTC
Steps to reproduce: 1. view DigitalSignature.pdf (sample from xmlmill.com, I'll attach a copy) Stack trace: sorry, didn't get one Other information: unknown form fields lead to NULL dereferences in ev_form_field_from_poppler_field() and pdf_document_forms_get_form_fields(). The attached patch fixes this for me.
Created attachment 96525 [details] [review] possible fix
Created attachment 96526 [details] signed PDF file which triggers the bug
It's actually a poppler bug, since it's returning unknown field type instead of signature field type. I've just fixed it in poppler (master and poppler-0.6 branches). Thank you very much for reporting and for the patch.
Sorry, your poppler patch doesn't help. I did notice the POPPLER_FORM_FIELD_SIGNATURE constant and that it is never returned by poppler_form_field_get_field_type(), but a test against the sample PDF file shows that even with your patch the "UNKNOWN" field type is returned, so there must be reasons within the guts of poppler which cause that the signature is not recognized. Besides that: I'd still prefer to protect evince in the case of unknown form fields -- it might always be possible to craft pdf files with form fields which are unknown to poppler (or illegal at all). Having evince just crashing on those is an annoyance at least.
(In reply to comment #4) > Sorry, your poppler patch doesn't help. > I did notice the POPPLER_FORM_FIELD_SIGNATURE constant and that it > is never returned by poppler_form_field_get_field_type(), but a test > against the sample PDF file shows that even with your patch the > "UNKNOWN" field type is returned, so there must be reasons within the > guts of poppler which cause that the signature is not recognized. Are you sure you tried with current poppler from git master? It works for me. > Besides that: I'd still prefer to protect evince in the case of unknown > form fields -- it might always be possible to craft pdf files with form fields > which are unknown to poppler (or illegal at all). Having evince just crashing > on those is an annoyance at least. > I agree. I've just applied a slightly modified version of your patch. Thanks again ;-)
> Are you sure you tried with current poppler from git master? I did just apply your patch from the 0.6 branch -- but that was not the problem: For the test, I did only replace libpoppler.so, not the -glib one. Since the patch affects the glib part only, it went without effect at first. I can confirm that the signature is reported now by poppler, sorry about the wrong report. And thanks for fixing this so quickly.
*** Bug 485062 has been marked as a duplicate of this bug. ***
*** Bug 481850 has been marked as a duplicate of this bug. ***
*** Bug 478809 has been marked as a duplicate of this bug. ***
*** Bug 485654 has been marked as a duplicate of this bug. ***