Re: New xpdf vulnerabilities related to CAN-2004-0888

To: team@security.debian.org, debian-tetex-maint <debian-tetex-maint@lists.debian.org>
Subject: Re: New xpdf vulnerabilities related to CAN-2004-0888
From: Stefan Ulrich <stefanulrich@users.sourceforge.net>
Date: Mon, 15 Nov 2004 22:06:23 +0000
Message-id: <16793.10335.648142.39081@82.69.16.43>
In-reply-to: <873bzbgjy9.fsf@alhambra.bioz.unibas.ch>
References: <20041101144520.GA29587@box79162.elkhouse.de> <87mzxzdr34.fsf@alhambra.bioz.unibas.ch> <873bzbgjy9.fsf@alhambra.bioz.unibas.ch>

Frank Küster <frank@kuesterei.ch> writes:

> I also wonder why it seems that the question of compilier-optimization
> (whether the published fixes are really dangerous, because gcc might
> optimize the checks away) is not discussed?


It seems to me that this version:

   if (newSize >= INT_MAX/sizeof(XRefEntry))
      error(...);

is much more readable, more efficient (comparison to a
compile-time constant instead of run-time computation) and,
due to the optimization issue, probably also safer than:

   if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)
       error(...);

Best,
Stefan

Reply to:

References:
- New xpdf vulnerabilities related to CAN-2004-0888
  - From: Martin Pitt <martin@piware.de>
- Re: New xpdf vulnerabilities related to CAN-2004-0888
  - From: Frank Küster <frank@debian.org>
- Re: New xpdf vulnerabilities related to CAN-2004-0888
  - From: frank@kuesterei.ch (Frank Küster)

Prev by Date: Bug#204953: acknowledged by developer (Re: Bug#204953: tetex-bin up
Next by Date: Bug#204953: acknowledged by developer (Re: Bug#204953: tetex-bin up
Previous by thread: Re: New xpdf vulnerabilities related to CAN-2004-0888
Next by thread: Bug#273789: Bug # 273789: tetex-base: fmtutil.cnf not found, Installation OK
Index(es):
- Date
- Thread