Revision 622127

Go back to digest for 14th January 2007

Security in Graphics

Albert Astals Cid committed changes in /branches/KDE/3.5/kdegraphics/kpdf/xpdf/xpdf:

Keep a set of the already read page tree nodes and each time we follow a new one check if we already processed it so we don't end in a infinite loop.
Fixes crash in malicious pdf found at <a href="http://projects.info-pull.com/moab/MOAB-06-01-2007.html">http://projects.info-pull.com/moab/MOAB-06-01-2007.html</a>;

It may seem quite intensive but my measurements indicate the page tree processing is I/O bound as i got the same average times with and without this patch. Obviously if anyone wants to measure more it'll be appreciated.

File Changes

Modified 3 files
  • /branches/KDE/3.5/kdegraphics/kpdf/xpdf/xpdf
  •   /Array.h
  •   /Catalog.cc
  •   /Catalog.h
3 files changed in total