pdf-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [pdf-devel] FS#103: Possible memory overflow in the bignums implemen

From: Aleksander Morgado
Subject: Re: [pdf-devel] FS#103: Possible memory overflow in the bignums implementation
Date: Thu, 28 Jan 2010 12:45:55 +0100
User-agent: Thunderbird 2.0.0.23 (X11/20090817) 
> In "pdf-types.h" I see at least one error (if you test before calling
> "pdf_i64_div" that divisor isn't 0, like in "pdf_i64_mod"):
>> #define pdf_i64_div(dest, dividend, divisor, p_status) \
>>  do                                                   \
>>    {                                                  \
>>      if (dest == NULL)                                \
>>        {                                              \
>>          *p_status =  PDF_ERROR;                      \
>>        }                                              \
>>      else                                             \
>>        {                                              \
>>          *p_status =  PDF_OK;                         \
>>        }                                              \
>>      *dest = dividend/divisor;                        \
> If there isn't destination because it's NULL, why you store on it the
> result? This line shouldn't be in the else clause?
>>    } while(0)
> 
> I hope that help you.
> 

Yeah, that's a clear bug which would cause a segfault.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]