-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid PDF input causes SIGSEGV
crash
#463
Comments
Has been fixed in muhammara 3.1.1 and backported to 2.6.1 |
thanks. i'll take care of this too. both in the C++ version and JS. thanks @mhassan1 and @julianhille. |
There are at least 3 of these npe exceptions in the writer. Should I send you some patches? |
i don't mind scanning your latest corrections, it's fine. thanks. |
@julianhille im seeing just this guy: there's also this: not sure i find other matters. if you can point me to them, good. |
Here are the ones i remember: julianhille/MuhammaraJS@0a6427e Side question, cause you are here: :) If not it would be awesome to point people to muhammara, at least in case of hummus, "merge" community and keep improving. |
I'll provide them as long as my interests in using hummus remains. as it happens im using it now and this comes handy. going forward people should use muhammara for guarantee of service. still...there's still quite a lot of people using hummusjs and pdfwriter now. i don't mind if they benefit from this, so i'll publish. |
Btw my actual plan was to fork, disconnect the fork, and keep maintaining pdf writer, then use it as a submodule for muhammara. That would mean all sides would benefit from updates / improvements and it would be less duplicated PRs / commits / work. If you would like we could have a chat about it. |
yeah but then there's those nifty features added that i don't want. so no...muhammara will be the people's wishes, and hummus will fulfil my own. sort of an old school opensource when it was about sharing sources and not endless mundane maintainance. hopefully people will stop using it sometime. though it doesn't seem to be that way still, unfortunately. |
i'll provide notice in npm and github of hummusjs for people to go to muhammara |
Ok, great. so i'll keep you posted on important security updates. Should i mention you, mail you or just open a PR / issue (what ever comes in handy) in the PDF writer lib? |
pff. i guess mentioning would be best to get my attention. but man don't be too disappointed if im not responding, i guess im not a great guy ;). and thanks for your work. it's a good parser/writer and shame it'd go to shit just cause i'm bummed down by everything. anyways, let's also connect on linkedin while at it, if that makes sense to you: |
fair enough, whatever suits you :> (naaaw just other priorities)
yes it is a good writer. Things change and so do priorities, no problem. will contact you later.
|
ok updated pdfwriter and hummusjs. version 1.0.111 should contain the 3 corrections. there's still some binaries to load for mac (ran out of travis credits) and i didn't take care of node18 et i guess. but at least the code is right. |
Folks. Gonna close this. If theres any more requests lemme know/reopen |
Certain invalid PDFs cause the Node.js process to crash with
SIGSEGV
. I can provide an example.Even though it is an invalid PDF, it should not cause the Node.js process to crash with
SIGSEGV
, which can't be caught; instead, it should throw anError
, like it does for other invalid PDFs.There is a duplicate issue in
muhammara
, a fork ofhummus
: julianhille/MuhammaraJS#214The text was updated successfully, but these errors were encountered: