[poppler] Stack buffer overflow on test utf conversion

Albert Astals Cid aacid at kde.org
Sat Dec 2 09:35:17 UTC 2017


El dissabte, 2 de desembre de 2017, a les 14:31:55 CET, Adrian Johnson va 
escriure:
> On 02/12/17 10:14, Albert Astals Cid wrote:
> > Adrian, can you have a look at https://paste.kde.org/pe6yweh7u ?
> > 
> > It seems we have somehow a bug in that code? Is it something you
> > introduced or was it buggy already but just not exercised and now your
> > test reveals the problem?
> 
> The buffer in the test is not large enough. The attached patch increases
> the buffer size and adds an assert to check the buffer size.
> 
> I did test it with valgrind when I wrote the test but interestingly it
> doesn't pick up the problem. The second attached patch updates the
> INSTALL file to document the use of the address sanitizer.

Pushed both.

Is the "buffer not large enough" something could have caught in the "code 
side" and returned an error/nullptr/something instead of crashing? Or is it 
not possible/worth it for our use case?

Cheers,
  Albert


More information about the poppler mailing list