[poppler] Stack buffer overflow on test utf conversion
Albert Astals Cid
aacid at kde.org
Sat Dec 2 09:35:17 UTC 2017
El dissabte, 2 de desembre de 2017, a les 14:31:55 CET, Adrian Johnson va
escriure:
> On 02/12/17 10:14, Albert Astals Cid wrote:
> > Adrian, can you have a look at https://paste.kde.org/pe6yweh7u ?
> >
> > It seems we have somehow a bug in that code? Is it something you
> > introduced or was it buggy already but just not exercised and now your
> > test reveals the problem?
>
> The buffer in the test is not large enough. The attached patch increases
> the buffer size and adds an assert to check the buffer size.
>
> I did test it with valgrind when I wrote the test but interestingly it
> doesn't pick up the problem. The second attached patch updates the
> INSTALL file to document the use of the address sanitizer.
Pushed both.
Is the "buffer not large enough" something could have caught in the "code
side" and returned an error/nullptr/something instead of crashing? Or is it
not possible/worth it for our use case?
Cheers,
Albert
More information about the poppler
mailing list