Bug 107782 - FILEOPEN Crash on PDF import with Bad Allocation for several specific PDF forms
Summary: FILEOPEN Crash on PDF import with Bad Allocation for several specific PDF forms
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: filters and storage (show other bugs)
Version:
(earliest affected)
5.3.0.0.beta2
Hardware: All Windows (All)
: high major
Assignee: Miklos Vajna
QA Contact:
URL:
Whiteboard: target:5.5.0 target:5.4.0.1 target:5.3.4
Keywords: bibisected, bisected, regression
: 107974 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-05-11 20:29 UTC by V Stuart Foote
Modified: 2017-05-25 19:46 UTC (History)
8 users (show)

See Also:
Crash report or crash signature:


Attachments
sample PDF (Texas TREC form 36-8) (153.97 KB, application/pdf)
2017-05-11 20:30 UTC, V Stuart Foote
Details
sample PDF (Texas TREC form 37-5) (277.76 KB, application/pdf)
2017-05-11 20:30 UTC, V Stuart Foote
Details

Note You need to log in before you can comment on or make changes to this bug.
Description V Stuart Foote 2017-05-11 20:29:29 UTC
PDF from other sources open/import with no apparent issue. 

But have a couple of PDF forms that File -> Open import of PDF into Draw crashes with "Bad Allocation" 

From Windows builds of master on hand, bibisect to 2016-12-02 -> 2016-12-08
https://cgit.freedesktop.org/libreoffice/core/log/?qt=range&q=33f5bc54aaa7fe7aa9335726e30f9c349155e04d..a238c829b209d0708714aa753fb686525411825f

I don't hold the master builds for 3-7 Dec 2016.

Issue is present at branch for 5.3.0b2 (a7e30712ad6d8bc9286007b37aa581983e0caba3) 2016-12-10

Issue with these two Texas Real Estate commission forms

https://www.trec.texas.gov/sites/default/files/pdf-forms/36-8.pdf
https://www.trec.texas.gov/sites/default/files/pdf-forms/37-5.pdf

Source listed as Acrobat Distiller 11.0 [PScript5.dll ver 5.2.2], as PDF 1.6 with no document restrictions.

Will attach...
Comment 1 V Stuart Foote 2017-05-11 20:30:20 UTC
Created attachment 133243 [details]
sample PDF (Texas TREC form 36-8)
Comment 2 V Stuart Foote 2017-05-11 20:30:42 UTC
Created attachment 133244 [details]
sample PDF (Texas TREC form 37-5)
Comment 3 V Stuart Foote 2017-05-11 20:34:47 UTC
Both PDF imported fine into builds of master through 2016-12-02.

@Miklos?
Comment 4 Julien Nabet 2017-05-11 21:24:49 UTC
On pc Debian x86-64 with master sources updated today, I don't reproduce this but had invalid signature and noticed these logs:
warn:vcl.filter:7819:1:vcl/source/filter/ipdf/pdfdocument.cxx:2437: PDFObjectElement::LookupObject: no such key with reference value: V
warn:xmlsecurity.pdfio:7819:1:xmlsecurity/source/pdfio/pdfdocument.cxx:290: ValidateSignature: no value
warn:xmlsecurity.helper:7819:1:xmlsecurity/source/helper/pdfsignaturehelper.cxx:57: failed to determine digest match
warn:vcl.filter:7819:1:vcl/source/filter/ipdf/pdfdocument.cxx:2437: PDFObjectElement::LookupObject: no such key with reference value: V
warn:xmlsecurity.pdfio:7819:1:xmlsecurity/source/pdfio/pdfdocument.cxx:290: ValidateSignature: no value
warn:xmlsecurity.helper:7819:1:xmlsecurity/source/helper/pdfsignaturehelper.cxx:57: failed to determine digest match
warn:vcl.filter:7819:1:vcl/source/filter/ipdf/pdfdocument.cxx:2437: PDFObjectElement::LookupObject: no such key with reference value: V
warn:xmlsecurity.pdfio:7819:1:xmlsecurity/source/pdfio/pdfdocument.cxx:290: ValidateSignature: no value
warn:xmlsecurity.helper:7819:1:xmlsecurity/source/helper/pdfsignaturehelper.cxx:57: failed to determine digest match
warn:vcl.filter:7819:1:vcl/source/filter/ipdf/pdfdocument.cxx:2437: PDFObjectElement::LookupObject: no such key with reference value: V
warn:xmlsecurity.pdfio:7819:1:xmlsecurity/source/pdfio/pdfdocument.cxx:290: ValidateSignature: no value
warn:xmlsecurity.helper:7819:1:xmlsecurity/source/helper/pdfsignaturehelper.cxx:57: failed to determine digest match
func=xmlSecBase64CtxFinal:file=base64.c:line=283:obj=unknown:subj=outSize > 0:error=100:assertion: 
func=xmlSecBase64Decode:file=base64.c:line=676:obj=unknown:subj=xmlSecBase64CtxFinal:error=1:xmlsec library function failed: 
func=xmlSecBase64CtxFinal:file=base64.c:line=283:obj=unknown:subj=outSize > 0:error=100:assertion: 
func=xmlSecBase64Decode:file=base64.c:line=676:obj=unknown:subj=xmlSecBase64CtxFinal:error=1:xmlsec library function failed: 
func=xmlSecBase64CtxFinal:file=base64.c:line=283:obj=unknown:subj=outSize > 0:error=100:assertion: 
func=xmlSecBase64Decode:file=base64.c:line=676:obj=unknown:subj=xmlSecBase64CtxFinal:error=1:xmlsec library function failed: 
func=xmlSecBase64CtxFinal:file=base64.c:line=283:obj=unknown:subj=outSize > 0:error=100:assertion: 
func=xmlSecBase64Decode:file=base64.c:line=676:obj=unknown:subj=xmlSecBase64CtxFinal:error=1:xmlsec library function failed:
Comment 5 Xisco Faulí 2017-05-12 00:17:34 UTC
I can't reproduce it in

Version: 5.4.0.0.alpha1+
Build ID: f12096272e684ddcd8ffa4e34dcb0a680cc594c2
CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; VCL: gtk2; 
Locale: fo-FO (ca_ES.UTF-8); Calc: group

but I can in

Versión: 5.3.2.2
Id. de compilación: 6cd4f1ef626f15116896b1d8e1398b56da0d0ee1
Subproc. CPU: 1; SO: Windows 6.1; Repr. de IU: predet.; Motor de trazado: HarfBuzz; 
Configuración regional: ro-RO (es_ES); Calc: group
Comment 6 Xisco Faulí 2017-05-12 15:53:03 UTC
I can't reproduce it in

Versión: 5.2.6.2
Id. de compilación: a3100ed2409ebf1c212f5048fbe377c281438fdc
Subprocesos de CPU: 1; SO: Windows 6.1; Repr. de IU: predeterminado; 
Configuración regional: es-ES (es_ES); Calc: group
Comment 7 raal 2017-05-17 05:30:01 UTC
This seems to have begun at the below commit.
Adding Cc: to Miklos Vajna; Could you possibly take a look at this one? Thanks


f0e64e108dd24e7b25f9400f5cbec811ddd0708d is the first bad commit
commit f0e64e108dd24e7b25f9400f5cbec811ddd0708d
Author: Norbert Thiebaud <nthiebaud@gmail.com>
Date:   Mon Dec 5 20:49:33 2016 -0800

    source sha:992b3c8644549218e6e2535eab7f8b239cf95a23
author	Miklos Vajna <vmiklos@collabora.co.uk>	2016-12-01 13:26:55 (GMT)
committer	Miklos Vajna <vmiklos@collabora.co.uk>	2016-12-05 08:09:33 (GMT)
commit	992b3c8644549218e6e2535eab7f8b239cf95a23 (patch)
tree	d8cdda5b4aa9bff3cc90a6be66aac0005396d29b
parent	6d1df1b0e1189e7e0ae2181a0fdc174d1ad404d0 (diff)
xmlsecurity PDF verify: last batch of various fixes
Comment 8 Miklos Vajna 2017-05-17 21:12:19 UTC
Aha, looks like indeed the bug is Windows-only; now I can now reproduce, will take a look.
Comment 9 V Stuart Foote 2017-05-17 22:14:32 UTC
(In reply to Miklos Vajna from comment #8)
> Aha, looks like indeed the bug is Windows-only; now I can now reproduce,
> will take a look.

Yes, and both the 32-bit and 64-bit Windows builds crash with the "Bad Allocation" message.
Comment 10 Commit Notification 2017-05-18 18:33:29 UTC
Miklos Vajna committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=18aa83acfa243741eb4c79a2e11aec6eaf1a9f02

tdf#107782 xmlsecurity PDF verify: handle empty X509 certificate

It will be available in 5.4.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 11 Commit Notification 2017-05-19 10:02:01 UTC
Miklos Vajna committed a patch related to this issue.
It has been pushed to "libreoffice-5-4":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=8f208bfc1069b1c2f4a3df17252c7da2b005b5d8&h=libreoffice-5-4

tdf#107782 xmlsecurity PDF verify: handle empty X509 certificate

It will be available in 5.4.0.1.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 12 V Stuart Foote 2017-05-19 21:20:32 UTC
Thanks! Verified working correctly now for both import filters.

On Widnows 8.1 Ent 64-bit en-US with
Version: 5.5.0.0.alpha0+
Build ID: fa89a464ca9c76332f533da0ab641da5acd00b52
CPU threads: 8; OS: Windows 6.29; UI render: GL; 
TinderBox: Win-x86@39, Branch:master, Time: 2017-05-19_01:24:56
Locale: en-US (en_US); Calc: CL
Comment 13 Xisco Faulí 2017-05-22 08:26:56 UTC
*** Bug 107974 has been marked as a duplicate of this bug. ***
Comment 14 Commit Notification 2017-05-25 19:46:15 UTC
Miklos Vajna committed a patch related to this issue.
It has been pushed to "libreoffice-5-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=398ab416bd552162131e74751e48d266a1f31ee9&h=libreoffice-5-3

tdf#107782 xmlsecurity PDF verify: handle empty X509 certificate

It will be available in 5.3.4.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.