Preview.app crashes when PDF contains specific XPM tags

Originator:steipete
Number:rdar://32458135 Date Originated:30-May-2017 08:53 AM
Status:Open Resolved:
Product:Other Product Version:10.12.5
Classification:Crash/Hang/Data Loss Reproducible:Always
 
Summary:
We’ve reverse engineered Preview’s Bookmark storage and made PSPDFKit compatible with it, to improve the macOS ecosystem and have universally working bookmarks across iOS PDF Viewer and macOS Preview.app. We discovered a flaw in Preview’s parser.  We worked around it for now.

Steps to Reproduce:
Open attached PDF in Preview. Observe instant crash. 

Expected Results:
No crash.

Actual Results:
See crash: https://gist.github.com/steipete/de4cdb5236464cbb1325896bf945c433

Relevant lines:


Application Specific Information:
*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** setObjectForKey: object cannot be nil (key: PageIndex)'
terminating with uncaught exception of type NSException
abort() called

Application Specific Backtrace 1:
0   CoreFoundation                      0x00007fffcd6c72cb __exceptionPreprocess + 171
1   libobjc.A.dylib                     0x00007fffe24d248d objc_exception_throw + 48
2   CoreFoundation                      0x00007fffcd5c401a -[__NSDictionaryM setObject:forKey:] + 1146
3   PDFKit                              0x00007fffd2a5b610 __46-[PDFDocument _dataFromXMP:withRootPath:keys:]_block_invoke + 336
4   ImageIO                             0x00007fffcf715cba ___ZL46CGImageMetadataEnumerateTagsUsingBlockInternalPK15CGImageMetadataPK10__CFStringPK14__CFDictionaryU13block_pointerFbS4_P18CGImageMetadataTagE_block_invoke + 87
5   ImageIO                             0x00007fffcf6ac094 IIOArrayEnumerateUsingBlock + 100
6   ImageIO                             0x00007fffcf7158fd _ZL46CGImageMetadataEnumerateTagsUsingBlockInternalPK15CGImageMetadataPK10__CFStringPK14__CFDictionaryU13block_pointerFbS4_P18CGImageMetadataTagE + 1058
7   ImageIO                             0x00007fffcf6aaa90 CGImageMetadataEnumerateTagsUsingBlock + 138
8   PDFKit                              0x00007fffd2a5b45c -[PDFDocument _dataFromXMP:withRootPath:keys:] + 193
9   PDFKit                              0x00007fffd2a5c301 -[PDFDocument documentCatalogMetadataForRootPath:withKeys:] + 188
10  Preview                             0x0000000102f6e26e Preview + 246382
11  Preview                             0x0000000102f4e175 Preview + 115061
12  Preview                             0x0000000102f4c6b2 Preview + 108210
13  Preview                             0x0000000102f40e6e Preview + 61038
14  Preview                             0x0000000102f4092d Preview + 59693
15  AppKit                              0x00007fffcb1a7c78 -[NSWindowController _windowDidLoad] + 682

Version:
10.12.5

Notes:
We’ve blogged about our implementation here:
https://pspdfkit.com/blog/2016/just-a-simple-bookmark/

Please test interoperability with https://pdfviewer.io/

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!