[poppler] Fwd: Re: CVE-2012-2142 xpdf, poppler: Insufficient sanitization of escape sequences in the error messages
Albert Astals Cid
aacid at kde.org
Sat Dec 8 09:20:47 PST 2012
El Dissabte, 1 de desembre de 2012, a les 16:07:01, William Bader va escriure:
> In my own code, I sometimes filter with ((c&0x7F) < 0x20 || (c&0x7F) ==
> 0x7F) to allow accented characters to pass and to avoid using isprint(). I
> have had bad luck with passing signed chars to is* macros on old systems,
> plus the whole idea is to avoid passing escapes to xterm, and maybe some
> locale considers char 27 as printable.Some of the patches call isprint()
Not the only patch that makes sense to us that is the upstream.patch one.
Would you agree with that one?
Cheers,
Albert
> with a char, and I think that is bad. The man page for isprint on Fedora
> 17 says that the argument to is* macros must be "unsigned char" or EOF. To
> be safe, the patches should use isprint((unsigned char)c) or
> isprint(c&0xFF).William
More information about the poppler
mailing list