Bug#784080: marked as done (libe-book-0.1-1: PDB parser: null pointer deference)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 7 Jan 2018 23:07:10 +0100
with message-id <20180107220710.GH2670@rene-engelhard.de>
and subject line fixed
has caused the Debian Bug report #784080,
regarding libe-book-0.1-1: PDB parser: null pointer deference
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
784080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784080
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: libe-book-0.1-1: PDB parser: null pointer deference
• From: Jakub Wilk <jwilk@debian.org>
• Date: Sat, 2 May 2015 22:14:12 +0200
• Message-id: <20150502201411.GA6229@jwilk.net>

Package: libe-book-0.1-1
Version: 0.1.2-2
Usertags: afl

libe-book crashes on the attached (slightly corrupted) PalmDoc Ebook file:

$ ./src/conv/text/ebook2text crash.pdb
Segmentation fault


GDB says it's a null pointer dereference:

(gdb) up
#1  0xf7f631a4 in libebook::PDBParser::openDocument (this=0xffffd538) at PDBParser.cpp:142
142         if (m_converter->convertBytes(getName(), std::strlen(getName()), nameUtf8) && !nameUtf8.empty())
(gdb) print m_converter
$1 = (libebook::EBOOKCharsetConverter *) 0x0
(gdb) bt
#0  0xf7f1a0b3 in libebook::EBOOKCharsetConverter::convertBytes (this=0x0, in=0x8051c3c "sample_dvi", length=10, out=std::vector of length 10, capacity 10 = {...})
   at EBOOKCharsetConverter.cpp:135
#1  0xf7f631a4 in libebook::PDBParser::openDocument (this=0xffffd538) at PDBParser.cpp:142
#2  0xf7f62f61 in libebook::PDBParser::readDataRecord (this=0xffffd538, input=0x8051c50, last=true) at PDBParser.cpp:108
#3  0xf7f65a57 in libebook::PDXParser::readDataRecords (this=0xffffd538) at PDXParser.cpp:188
#4  0xf7f65666 in libebook::PDXParser::parse (this=0xffffd538) at PDXParser.cpp:118
#5  0xf7f186bf in libebook::(anonymous namespace)::doParse<libebook::PDBParser> (input=0x8051ba0, document=0xffffd624) at EBOOKDocument.cpp:370
#6  0xf7f17c6e in libebook::EBOOKDocument::parse (input=0x8051ba0, document=0xffffd624, type=libebook::EBOOKDocument::TYPE_PALMDOC) at EBOOKDocument.cpp:603
#7  0x08049160 in main (argc=2, argv=0xffffd6f4) at ebook2text.cpp:100


This bug was found using American fuzzy lop:
http://lcamtuf.coredump.cx/afl/

-- System Information:
Debian Release: stretch/sid
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libe-book-0.1-1 depends on:
ii  libc6             2.19-18
ii  libgcc1           1:5.1.1-2
ii  libicu52          52.1-8
ii  librevenge-0.0-0  0.0.2-2
ii  libstdc++6        5.1.1-2
ii  libxml2           2.9.2+dfsg1-3
ii  zlib1g            1:1.2.8.dfsg-2+b1

--
Jakub Wilk

Attachment: crash.pdb
Description: Protein Databank data

--- End Message ---

--- Begin Message ---

• To: 784080-done@bugs.debian.org
• Subject: fixed
• From: Rene Engelhard <rene@debian.org>
• Date: Sun, 7 Jan 2018 23:07:10 +0100
• Message-id: <20180107220710.GH2670@rene-engelhard.de>

Version: 0.1.3-1

fixed in above version

--- End Message ---