[Secure-testing-team] Re: xpdf vulnerability?
Frank Küster
frank at debian.org
Wed Mar 23 09:07:47 UTC 2005
Hubert Chan <hubert at uhoreg.ca> wrote:
> On 2005-03-22 08:20:32 -0500 Frank Küster <frank at kuesterei.ch> wrote:
>
>> However, that doesn't invalidate the check.
>> The main point of CAN-2004-0206, as I understand it, is that the
>> upstream/original check will be performed in the limits of the widest
>> integer type involved, sizeof(XRefEntry) which is 64bit on 64bit
>> platforms, whereas gmalloc (which is fed the size parameter) has a
>> prototype of "int".
>
> Is it an int or a size_t (like what malloc uses)? If it is an int,
> then INT_MAX would work as expected. If it's size_t, then you should
> use SIZE_MAX (defined in stdint.h).
from sarge's tetex:
,---- xpdf/goo/gmem.h of xpdf 2.01
| /*
| * Same as malloc, but prints error message and exits if malloc()
| * returns NULL.
| */
| extern void *gmalloc(int size);
|
| /*
| * Same as realloc, but prints error message and exits if realloc()
| * returns NULL. If <p> is NULL, calls malloc instead of realloc().
| */
| extern void *grealloc(void *p, int size);
`----
same in xpdf-3.00 in experimental's tetex.
Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
More information about the Secure-testing-team
mailing list