The attached patch fixes a crash in Page::removeAnnot, which blindly assumes /Annots only contains Ref objects. Some PDF creators embed links (which are Dictionaries) in the /Annots array, and this makes us abort() with
Error (0): Call to Object where the object was type 7, not the expected type 9 when we stumble on such a link. This patch adds a check to skip non-Ref entries (regular annotations *are* Ref entries). Test document (recycled from another bug, turns out it wasn't that useless :D) https://bugs.freedesktop.org/attachment.cgi?id=63393&action=edit Steps to reproduce: 1. Open the document 2. Add new annotation 3. Remove it 4. abort() gets called Thanks, Fabio
>From 956593acb6731f92451c4969117d6a1d56786835 Mon Sep 17 00:00:00 2001 From: Fabio D'Urso <[email protected]> Date: Wed, 26 Jun 2013 23:12:40 +0200 Subject: [PATCH] Do not crash in page::removeAnnot if there are non-Ref entries in /Annots --- poppler/Page.cc | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/poppler/Page.cc b/poppler/Page.cc index a587b9b..426a15d 100644 --- a/poppler/Page.cc +++ b/poppler/Page.cc @@ -454,11 +454,13 @@ void Page::removeAnnot(Annot *annot) { // Get annotation position for (int i = 0; idx == -1 && i < annArray.arrayGetLength(); ++i) { Object tmp; - Ref currAnnot = annArray.arrayGetNF(i, &tmp)->getRef(); - tmp.free(); - if (currAnnot.num == annotRef.num && currAnnot.gen == annotRef.gen) { - idx = i; + if (annArray.arrayGetNF(i, &tmp)->isRef()) { + Ref currAnnot = tmp.getRef(); + if (currAnnot.num == annotRef.num && currAnnot.gen == annotRef.gen) { + idx = i; + } } + tmp.free(); } if (idx == -1) { -- 1.8.1.4
_______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
