[Secure-testing-team] Re: xpdf vulnerability?
Hubert Chan
hubert at uhoreg.ca
Tue Mar 22 20:43:34 UTC 2005
On 2005-03-22 08:20:32 -0500 Frank Küster <frank at kuesterei.ch> wrote:
> However, that doesn't invalidate the check.
> The main point of CAN-2004-0206, as I understand it, is that the
> upstream/original check will be performed in the limits of the widest
> integer type involved, sizeof(XRefEntry) which is 64bit on 64bit
> platforms, whereas gmalloc (which is fed the size parameter) has a
> prototype of "int".
Is it an int or a size_t (like what malloc uses)? If it is an int,
then INT_MAX would work as expected. If it's size_t, then you should
use SIZE_MAX (defined in stdint.h).
--
Hubert Chan <hubert at uhoreg.ca> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
More information about the Secure-testing-team
mailing list