[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [pdf-devel] FS#103: Possible memory overflow in the bignums implemen
From: |
Aleksander Morgado |
Subject: |
Re: [pdf-devel] FS#103: Possible memory overflow in the bignums implementation |
Date: |
Thu, 28 Jan 2010 12:45:55 +0100 |
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
> In "pdf-types.h" I see at least one error (if you test before calling
> "pdf_i64_div" that divisor isn't 0, like in "pdf_i64_mod"):
>> #define pdf_i64_div(dest, dividend, divisor, p_status) \
>> do \
>> { \
>> if (dest == NULL) \
>> { \
>> *p_status = PDF_ERROR; \
>> } \
>> else \
>> { \
>> *p_status = PDF_OK; \
>> } \
>> *dest = dividend/divisor; \
> If there isn't destination because it's NULL, why you store on it the
> result? This line shouldn't be in the else clause?
>> } while(0)
>
> I hope that help you.
>
Yeah, that's a clear bug which would cause a segfault.