[Poppler-bugs] [Bug 77921] New: Incompatible pointer cast in _poppler_attachment_new

Fri Apr 25 04:06:58 PDT 2014

https://bugs.freedesktop.org/show_bug.cgi?id=77921

          Priority: medium
            Bug ID: 77921
          Assignee: poppler-bugs at lists.freedesktop.org
           Summary: Incompatible pointer cast in _poppler_attachment_new
          Severity: major
    Classification: Unclassified
                OS: All
          Reporter: jason at aquaticape.us
          Hardware: x86-64 (AMD64)
            Status: NEW
           Version: unspecified
         Component: glib frontend
           Product: poppler

Created attachment 97950
  --> https://bugs.freedesktop.org/attachment.cgi?id=97950&action=edit
Don't cast GTime* to time_t*

Coverity CIDs 16825 and 16826

The glib frontend casts a GTime* to time_t* in _poppler_attachment_new.  These
are different sizes on x86_64, so it can result in junk being written to the
succeeding bytes of the PopplerAttachment struct if a PDF's EmbeddedFile dates
do not fit in 32 bits.  It's possible to crash Evince when it tries to free an
invalid attachment->checksum pointer.

Attached patch replaces the pointer cast with an assignment.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/poppler-bugs/attachments/20140425/c2a642ea/attachment.html>