Null-pointer dereference in act_LZW_literal
observed with 357995507f26fc6f741f2dd62d4d967009ba64f58fa32f7bc2b7029f9e3bea24
cf. #25 (closed) (same root cause?)
stacktrace:
#0 act_LZW_literal (p=0xb52167073c8, u=0xb52468fa000) at lzw.c:225
225 next_entry_size = prev_string->len + 1;
(gdb) bt
#0 act_LZW_literal (p=0xb52167073c8, u=0xb52468fa000) at lzw.c:225
#1 0x00000b5224e9c5f5 in parse_action () from /usr/local/lib/libhammer.so
#2 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#3 0x00000b5224ea01ef in parse_choice () from /usr/local/lib/libhammer.so
#4 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#5 0x00000b5224e9e923 in parse_butnot () from /usr/local/lib/libhammer.so
#6 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#7 0x00000b5224ea3b7b in parse_many () from /usr/local/lib/libhammer.so
#8 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#9 0x00000b5224e9c5e0 in parse_action () from /usr/local/lib/libhammer.so
#10 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#11 0x00000b5224ea6b6f in parse_sequence () from /usr/local/lib/libhammer.so
#12 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#13 0x00000b5224e9c5e0 in parse_action () from /usr/local/lib/libhammer.so
#14 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#15 0x00000b5224ea9bfb in h_packrat_parse () from /usr/local/lib/libhammer.so
#16 0x00000b5224eb83bd in h_parse () from /usr/local/lib/libhammer.so
#17 0x00000b4fae666a01 in parse_LZW_data (
input=0xb52a1579c01 <Address 0xb52a1579c01 out of bounds>, length=989)
at lzw.c:443
#18 0x00000b4fae65f9db in LZWDecode (parms=0x0, b=
{token = 0xb52a1579c01 <Address 0xb52a1579c01 out of bounds>, len = 989}, p=0xb5272f63740) at pdf.c:3252
#19 0x00000b4fae663615 in decode_stream (d=0xb5242088d70, b=
{token = 0xb52a1579c01 <Address 0xb52a1579c01 out of bounds>, len = 989}, p=0xb5272f63740) at pdf.c:4387
#20 0x00000b4fae663f4c in act_ks_value (p=0xb5298d130c0, u=0xb51d1356c10)
at pdf.c:4444
#21 0x00000b5224e9c5f5 in parse_action () from /usr/local/lib/libhammer.so
#22 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#23 0x00000b5224ea6b6f in parse_sequence () from /usr/local/lib/libhammer.so
#24 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#25 0x00000b5224e9d5e9 in parse_bind () from /usr/local/lib/libhammer.so
#26 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#27 0x00000b5224ea6b6f in parse_sequence () from /usr/local/lib/libhammer.so
#28 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#29 0x00000b5224e9ce71 in parse_attr_bool () from /usr/local/lib/libhammer.so
#30 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#31 0x00000b5224e9c5e0 in parse_action () from /usr/local/lib/libhammer.so
#32 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#33 0x00000b5224ea01ef in parse_choice () from /usr/local/lib/libhammer.so
#34 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#35 0x00000b5224ea1f09 in parse_ignoreseq () from /usr/local/lib/libhammer.so
#36 0x00000b5224ea97ed in h_do_parse () from /usr/local/lib/libhammer.so
#37 0x00000b5224ea9bfb in h_packrat_parse () from /usr/local/lib/libhammer.so
#38 0x00000b5224eb83bd in h_parse () from /usr/local/lib/libhammer.so
#39 0x00000b4fae66459f in parse_xrefs (aux=0x7f7ffffe7570) at pdf.c:4839
#40 0x00000b4fae664fd9 in main (argc=1, argv=0x7f7ffffe7748) at pdf.c:5071
Current language: auto; currently minimal
(gdb) print prev_string
$1 = (HBytes *) 0x0relevant code (lzw.c, act_LZW_literal):
/*
* Update the dictionary with the new string. Use of system allocator
* here and in act_LZW_codeword is intentional, as LZW_clear_table/init_LZW_context free these
*/
prev_string = ctx->lzw_code_table[ctx->old];
next_entry_size = prev_string->len + 1;