Okular crashes while opening pdf files with signatures not supported by NSS library. Program received signal SIGSEGV, Segmentation fault. 0x00007ffff72121a0 in HASH_Update () from /usr/lib64/libnss3.so (gdb) bt #0 0x00007ffff72121a0 in HASH_Update () from /usr/lib64/libnss3.so #1 0x00007ffff7e3272c in HashContext::updateHash (this=<optimized out>, data_block=<optimized out>, data_len=<optimized out>) at /var/tmp/portage/app-text/poppler-23.05.0/work/poppler-23.05.0/poppler/SignatureHandler.cc:1221 #2 0x00007ffff7e32744 in SignatureVerificationHandler::addData (this=<optimized out>, data_block=<optimized out>, data_len=<optimized out>) at /var/tmp/portage/app-text/poppler-23.05.0/work/poppler-23.05.0/poppler/SignatureHandler.cc:793 #3 0x00007ffff7d3d1bb in FormFieldSignature::hashSignedDataBlock (this=this@entry=0x5555555fc420, handler=0x55555563a720, block_len=block_len@entry=494177) at /var/tmp/portage/app-text/poppler-23.05.0/work/poppler-23.05.0/poppler/Form.cc:2327 #4 0x00007ffff7d45393 in FormFieldSignature::validateSignature poppler-23.05 does not check hash support by NSS: https://gitlab.freedesktop.org/poppler/poppler/-/blob/adf710eecf475dd7c64d7b904f7414ec3098491f/poppler/SignatureHandler.cc#L771 If hashType is HASH_AlgNULL hashContext will be NULL and HashContext::updateHash() will crash. BTW looks like poppler-23.07 and later switched to gnupg for signature validation. app-text/poppler-23.07.0 works fine. Reproducible: Always
23.06 has "Fix crash with unknown signature hashing algorithms", and 23.07 is in tree, am I missing anything else here? Stabilisation is already scheduled in bug 911192.
