PDF driver of GDAL 2.0.0 crashes on some PDF with PoDoFo Library (specific to 0.9.0)

[Martin Mikita]

GDAL 2.0 gdalinfo crashes on some PDF (one in Attachment), when compiled with PoDoFo Library. GDAL 1.11.2 compiled in the same way is working without problem.

gdalinfo --version
GDAL 2.0.0, released 2015/06/14

gdalinfo AZ_Grand_Canyon_20120515_TM_geo.pdf 
Warning 6: GDAL_PDF_BANDS=4 only supported when PDF driver is compiled against Poppler. Using 3 as a fallback
Segmentation fault

[Martin Mikita]

Sorry, PDF file is larger than maximum size of attachment. Here is the link for PDF: ​http://private.mikita.eu/AZ_Grand_Canyon_20120515_TM_geo.pdf

[Even Rouault]

Which OS ? Which Podofo version ? I don't reproduce any problem on Linux 64 bit with Podofo 0.9.1. Can you run Valgrind and/or attach a gdb trace ?

[Martin Mikita]

Debian 7.8 x64 with libpodofo (0.9.0-1.1+b1) debian package

#0  0x00007ffff073a4a4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff6f18b3a in GDALPDFStreamPodofo::GetBytes (this=0xa5bb30) at pdfobject.cpp:1827
#2  0x00007ffff6f21e8b in PDFDataset::ParseContent (this=0x8a4490,
    pszContent=0xefeaca "/G19 gs\rQ\rEMC\rEMC\rEMC\r/OC /ocg340092120 BDC\r/OC /ocg340095552 BDC\r/OC /ocg340094408 BDC\rq\r/TGOA618 Do\rQ\rEMC\rEMC\rEMC\r/OC /ocg340092120 BDC\r/OC /ocg340096280 BDC\r/OC /ocg340095968 BDC\rq\r/TGOA608 Do\rQ\rEM"..., poResources=0x89d4c0, bInitBDCStack=0,
    bMatchQ=0, oMapPropertyToLayer=..., poCurLayer=0xef7480) at pdfreadvectors.cpp:1056
#3  0x00007ffff6f24c0f in PDFDataset::ExploreContentsNonStructuredInternal (this=0x8a4490, poContents=0x89da30, poResources=0x89d4c0,
    oMapPropertyToLayer=...) at pdfreadvectors.cpp:1554
#4  0x00007ffff6f25240 in PDFDataset::ExploreContentsNonStructured (this=0x8a4490, poContents=0x89da30, poResources=0x89d4c0)
    at pdfreadvectors.cpp:1645
#5  0x00007ffff6f1d6b2 in PDFDataset::OpenVectorLayers (this=0x8a4490, poPageDict=0x65a840) at pdfreadvectors.cpp:66
#6  0x00007ffff6f08ea3 in PDFDataset::Open (poOpenInfo=0x7fffffff4710) at pdfdataset.cpp:3420
#7  0x00007ffff7070e69 in GDALOpenEx (pszFilename=0x652190 "az-gc.geo.pdf", nOpenFlags=2, papszAllowedDrivers=0x0, papszOpenOptions=0x0,
    papszSiblingFiles=0x0) at gdaldataset.cpp:2570
#8  0x000000000040419e in main (argc=2, argv=0x652150) at gdalinfo.c:209

[Even Rouault]

@MikiBOB Interesting, it seems that it is the opening of vector layers that cause the crash. Are you sure that ogrinfo of GDAL 1.11 wouldn't crash on the file ? Might be a defect of podofo 0.9.0. I could probably defer the loading of vector layers.

Could you try running with Valgrind too ?

[Even Rouault]

I can reproduce the issue with PoDoFo 0.9.0. It appears this specific version as a bug in the PdfMemStream.cpp file that existed neither in earlier or later version. So this version should be avoided

For reference, the diff between 0.9.0 and 0.9.1 is :

--- /home/even/podofo-0.9.0/src/base/PdfMemStream.cpp	2011-02-04 15:02:16.000000000 +0100
+++ /home/even/podofo-0.9.1/src/base/PdfMemStream.cpp	2011-04-19 19:34:25.000000000 +0200
@@ -51,6 +51,7 @@
 void PdfMemStream::BeginAppendImpl( const TVecFilters & vecFilters )
 {
     m_buffer  = PdfRefCountedBuffer();
+	m_lLength = 0;
 
     if( vecFilters.size() )
     {
@@ -74,7 +75,7 @@
         m_pStream->Close();
 
         if( !m_pBufferStream ) 
-            m_lLength += dynamic_cast<PdfBufferOutputStream*>(m_pStream)->GetLength();
+            m_lLength = dynamic_cast<PdfBufferOutputStream*>(m_pStream)->GetLength();
 
         delete m_pStream;
         m_pStream = NULL;
@@ -83,7 +84,7 @@
     if( m_pBufferStream ) 
     {
         m_pBufferStream->Close();
-        m_lLength += m_pBufferStream->GetLength();
+        m_lLength = m_pBufferStream->GetLength();
         delete m_pBufferStream;
         m_pBufferStream = NULL;
     }

trunk r29845, branches/2.0 r29846 "PDF: workaround a bug of PoDoFo 0.9.0 by avoiding loading of vector content in raster-only mode (doesn't prevent the crash if reading the vector layers) (#6069)"