Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?
* Frank Küster:
> It also seems that there are some buffer overflows in 3.00 that do not
> have any tests, e.g. in XRef.cc, line 391 after patch-CAN-2004-0888 has
> been applied. Or is such a check
>
> if (newSize < 0) {
> goto err1;
> }
>
> enough to detect an integer overflow, because newSize is signed?
No, it's not, see:
<http://cert.uni-stuttgart.de/advisories/c-integer-overflow.php>
I should retry with GCC 4.1; it might actually perform the
optimization.
Reply to: