[poppler] Fwd: Re: CVE-2012-2142 xpdf, poppler: Insufficient sanitization of escape sequences in the error messages
williambader at hotmail.com
Sat Dec 1 13:07:01 PST 2012
In my own code, I sometimes filter with ((c&0x7F) < 0x20 || (c&0x7F) == 0x7F) to allow accented characters to pass and to avoid using isprint(). I have had bad luck with passing signed chars to is* macros on old systems, plus the whole idea is to avoid passing escapes to xterm, and maybe some locale considers char 27 as printable.Some of the patches call isprint() with a char, and I think that is bad. The man page for isprint on Fedora 17 says that the argument to is* macros must be "unsigned char" or EOF. To be safe, the patches should use isprint((unsigned char)c) or isprint(c&0xFF).William
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the poppler