[Poppler-bugs] [Bug 103552] Out of bounds memory read when loading zero-bytes PDF
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Nov 11 22:44:06 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=103552
--- Comment #3 from Albert Astals Cid <aacid at kde.org> ---
(In reply to simon-freedesktop from comment #2)
> Is “don’t do that” really the best answer to an out-of-bounds memory access
> bug in a library routinely used with untrusted input from the Internet?
Yeah, seriously, it's in your realm of duty to give proper data to the
libraries you use.
>
> The reason I stumbled upon this bug is that I’d like to use Poppler to test
> a library that generates PDF files. I started writing a test harness before
> I wrote any library code, so the first input I tried with my Rust bindings
> to Poppler was the empty byte vector.
>
> Steps to reproduce: compile with gcc $(pkg-config --cflags --libs
> poppler-glib)
>
> #include "poppler.h"
>
> void main() {
> poppler_document_new_from_data((char*) 1, 0, NULL, NULL);
> }
It works fine if you pass a null pointer in the first parameter, i'll let the
glib frontend maintainers decide if they actually care about your use case or
not
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20171111/dd1391b6/attachment.html>
More information about the Poppler-bugs
mailing list