5514 – Small glitch in recently applied security patch

Bug 5514 - Small glitch in recently applied security patch

Summary: Small glitch in recently applied security patch

Status:	RESOLVED FIXED

Alias:	None

Product:	poppler
Classification:	Unclassified
Component:	general (show other bugs)
Version:	unspecified
Hardware:	x86 (IA32) Linux (All)

Importance:	high major
Assignee:	Kristian Høgsberg
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-01-05 21:24 UTC by Martin Pitt
Modified:	2006-01-10 11:05 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Martin Pitt 2006-01-05 21:24:02 UTC

I just checked the patches applied to 0.4.3, since the last round of xpdf
patches was truly chaotic. Unfortunately you got only the second-most recent
patch, so that the last fix slipped:

In poppler/Stream.cc, StreamPredictor::StreamPredictor(), line 433:

  if (nVals + 7 <= 0) {

This must really be

  if (nVals * nBits + 7 <= 0) {

since this value is used later for  memory allocation.

Also, the changelog only mentions CVE-2005-3191, however, the patches also fix
CVE-2005-3192 and CVE-2005-3193. Can you please add this?

Thank you!

P.S. There is another round of security updates pending. I will prepare a patch
and send it here.

Comment 1 Kristian Høgsberg 2006-01-11 06:05:09 UTC

Overflow check updated and CVE numbers mentioned in ChangeLog.  I'll do a 0.4.4
release shortly.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.