Summary: | integer overflow in PDF parsing | ||
---|---|---|---|
Product: | poppler | Reporter: | Jakub Wilk <jwilk> |
Component: | general | Assignee: | poppler-bugs <poppler-bugs> |
Status: | RESOLVED FIXED | QA Contact: | |
Severity: | normal | ||
Priority: | medium | CC: | jwilk |
Version: | unspecified | ||
Hardware: | Other | ||
OS: | All | ||
Whiteboard: | |||
i915 platform: | i915 features: |
Description
Jakub Wilk
2009-08-01 06:43:02 UTC
The problem lies in Lexer::getObj Fixed in master, thanks for reporting Note that, strictly speaking, your fix is invalid. Signed integer overflow is undefined behaviour in C++, which means that the compiler may assume that it will not happen. That is, the compiler is free to optimize out the branch where you set overflownInteger = gTrue. Either you should refrain from triggering the overflow (by testing for something like xi<INT_MAX/10-1 *before* multiplication) or use -fwrapv gcc option. Oh, and even with -fwarpv it would be still invalid: x * 10 + c == x for 32bit integers with wrap-around semantics, x=477218588 and c=4. Right, should be fixed now, i hope. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.