Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?

To: Frank Küster <frank@debian.org>
Cc: 342292@bugs.debian.org, Martin Pitt <mpitt@debian.org>
Subject: Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 08 Dec 2005 22:03:19 +0100
Message-id: <[🔎] 87vexzfgiw.fsf@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 342292@bugs.debian.org
In-reply-to: <[🔎] 86wtif5za8.fsf@alhambra.kuesterei.ch> (Frank Küster's message of "Thu, 08 Dec 2005 17:28:15 +0100")
References: <[🔎] 20051208112157.GF5010@piware.de> <[🔎] 86wtif940h.fsf@alhambra.kuesterei.ch> <[🔎] 20051208135555.GB4471@piware.de> <[🔎] 86wtif5za8.fsf@alhambra.kuesterei.ch>

* Frank Küster:

> It also seems that there are some buffer overflows in 3.00 that do not
> have any tests, e.g. in XRef.cc, line 391 after patch-CAN-2004-0888 has
> been applied.  Or is such a check
>
>       if (newSize < 0) {
> 	goto err1;
>       }
>
> enough to detect an integer overflow, because newSize is signed?

No, it's not, see:

  <http://cert.uni-stuttgart.de/advisories/c-integer-overflow.php>

I should retry with GCC 4.1; it might actually perform the
optimization.

Reply to:

References:
- Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
  - From: Martin Pitt <martin.pitt@canonical.com>
- Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
  - From: Frank Küster <frank@debian.org>
- Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
  - From: Martin Pitt <mpitt@debian.org>
- Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
  - From: Frank Küster <frank@debian.org>

Prev by Date: Bug#342247: marked as done (updating tetex-extra fails)
Next by Date: Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
Previous by thread: Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
Next by thread: Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
Index(es):
- Date
- Thread