[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?

Hi Frank, hi Joey!

Frank Küster [2005-12-09 19:01 +0100]:
> Martin Pitt <mpitt@debian.org> wrote:
> 
> > After discovering that the same flawed multiplication is also present
> > in upstream's other two patches, I decided to completely rework the
> > patch.
> >
> > I attach the debdiff with separated out changelog. Florian, maybe you
> > can peer-review the patch?
> 
> Martin and Florian,  Joey Schulze also sent a "fixed" patch to the bug,
> see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292;msg=131
> 
> Would you be so kind and review it?

Sorry for the delay, lots of private stuff to do on the weekend.

+   nVals = width * nComps;
++  totalBits = nVals * nBits;
++  if (totalBits == 0 ||
++      (totalBits / nBits) / nComps != width ||
++      totalBits + 7 < 0) {
++    return;
++  }

Please do not use this part of Joey's patch. As already disdussed,
this way of checking a multiplication overflow is unreliable. Please
use the var1 >= INT_MAX/var2 approach, which is the 'standard way' and
avoids integer overflows.

Thanks,

Martin

P. S. Frank, I'm this ---><--- close to build tetex-bin against
poppler, I already have working debs. Just fighting with the build
system a bit. :)

-- 
Martin Pitt              http://www.piware.de
Ubuntu Developer   http://www.ubuntulinux.org
Debian Developer        http://www.debian.org
Reply to: