[Secure-testing-team] Re: xpdf vulnerability?
Hubert Chan
hubert at uhoreg.ca
Wed Mar 23 18:13:25 UTC 2005
On 2005-03-23 04:07:47 -0500 Frank Küster <frank at debian.org> wrote:
> Hubert Chan <hubert at uhoreg.ca> wrote:
>
>> Is it an int or a size_t (like what malloc uses)? If it is an int,
>> then INT_MAX would work as expected. If it's size_t, then you should
>> use SIZE_MAX (defined in stdint.h).
>
> from sarge's tetex:
>
> ,---- xpdf/goo/gmem.h of xpdf 2.01 | /*
> | extern void *gmalloc(int size);
> | extern void *grealloc(void *p, int size);
> `----
OK, then assuming that gmalloc is sane when it calls malloc (I think a
size_t will always be at least as big as an int anyways, so it shouldn't
cause a problem), then checking against INT_MAX should be safe.
--
Hubert Chan <hubert at uhoreg.ca> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
More information about the Secure-testing-team
mailing list