Re: New xpdf vulnerabilities related to CAN-2004-0888
Frank Küster <frank@kuesterei.ch> writes:
> I also wonder why it seems that the question of compilier-optimization
> (whether the published fixes are really dangerous, because gcc might
> optimize the checks away) is not discussed?
It seems to me that this version:
if (newSize >= INT_MAX/sizeof(XRefEntry))
error(...);
is much more readable, more efficient (comparison to a
compile-time constant instead of run-time computation) and,
due to the optimization issue, probably also safer than:
if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)
error(...);
Best,
Stefan
Reply to: