Re: New xpdf vulnerabilities related to CAN-2004-0888
Martin Pitt <martin@piware.de> wrote:
> Hi xpdf/cupsys/tetex-bin maintainers, hi Debian security team!
>
> Markus Meissner discovered even more instances of integer overflows
> (see CAN-2004-0888), see forwarded message below.
>
> Several packages follow the bad habit to include xpdf source code;
Why do you think this is a bad habit? As long as xpdf does not provide a
library which we could use, what other choice is there (except rewriting
it)?
> ----- Forwarded message from Matt Zimmerman <mdz@canonical.com> -----
> From: Marcus Meissner <meissner@suse.de>
> To: vendor-sec@lst.de
> Cc: derekn@foolabs.com
> Subject: [vendor-sec] xpdf .... 64bit fun
> Date: Fri, 29 Oct 2004 15:50:53 +0200
>
> I have identified 2 problems:
>
> - We are using "if (size * sizeof(Foo)/sizeof(Foo) != size)" checks,
> which operate on "size_t" which is 64bit unsigned long on 64bit systems.
In the fixes for tetex-bin and pdftohtml in Debian, we used instead
#include <limits.h>
...
if (size >= INT_MAX/sizeof(Foo))
because Martin Schulze feared that the construct cited by you might be
optimized away by the compiler.
Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Reply to: