[Poppler-bugs] [Bug 23077] New: illegitimate use of setlocale(), atof()
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Aug 1 06:39:58 PDT 2009
http://bugs.freedesktop.org/show_bug.cgi?id=23077
Summary: illegitimate use of setlocale(), atof()
Product: poppler
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: medium
Component: general
AssignedTo: poppler-bugs at lists.freedesktop.org
ReportedBy: ubanus at users.sf.net
$ cd poppler-0.10.6/
$ grep -C1 -r setlocale poppler
poppler/PDFDoc.cc- {
poppler/PDFDoc.cc: char *theLocale = setlocale(LC_NUMERIC, "C");
poppler/PDFDoc.cc- pdfVersion = atof(p);
poppler/PDFDoc.cc: setlocale(LC_NUMERIC, theLocale);
poppler/PDFDoc.cc- }
The code fails to restore the original locale settings. Even if those settings
were being restored, the code would be susceptible to race conditions in
multi-threaded applications. (It is almost always a bad idea to call
setlocale() in a library!)
Moreover, other uses atof() in poppler are not "protected" by setlocale()
calls, so they essentially rely on the brokenness of the quoted code.
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Poppler-bugs
mailing list