Re: xpdf vulnerability?

To: debian-security@lists.debian.org
Cc: debian-tetex-maint <debian-tetex-maint@lists.debian.org>, pdftohtml@packages.debian.org, debian-security@lists.debian.org, secure-testing-team@lists.alioth.debian.org
Subject: Re: xpdf vulnerability?
From: Hubert Chan <hubert@uhoreg.ca>
Date: Tue, 22 Mar 2005 15:43:34 -0500
Message-id: <[🔎] c5fbf84985c27bcfe5655be84e3af2d2@evinrude>
In-reply-to: <[🔎] 87d5tr24wv.fsf@alhambra.kuesterei.ch>

On 2005-03-22 08:20:32 -0500 Frank Küster <frank@kuesterei.ch> wrote:

> However, that doesn't invalidate the check.
> The main point of CAN-2004-0206, as I understand it, is that the
> upstream/original check will be performed in the limits of the widest
> integer type involved, sizeof(XRefEntry) which is 64bit on 64bit
> platforms, whereas gmalloc (which is fed the size parameter) has a
> prototype of "int".

Is it an int or a size_t (like what malloc uses)?  If it is an int,
then INT_MAX would work as expected.  If it's size_t, then you should
use SIZE_MAX (defined in stdint.h).

-- 
Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

Reply to:

Follow-Ups:
- Re: xpdf vulnerability?
  - From: Frank Küster <frank@debian.org>

References:
- Re: xpdf vulnerability?
  - From: frank@kuesterei.ch (Frank Küster)

Prev by Date: unsubscribe
Next by Date: Re: Procmail recipe for Nitwit unsubscribers who can't read DU sigs.
Previous by thread: Re: xpdf vulnerability?
Next by thread: Re: xpdf vulnerability?
Index(es):
- Date
- Thread