Hi! Hilmar, where did you see patches like
+ if (pagesSize*(int)sizeof(Page *)/sizeof(Page *) != pagesSize || + pagesSize*(int)sizeof(Ref)/sizeof(Ref) != pagesSize) { in the current tetex-bin package? debian/patches/patch-CAN-2004-0888 already has correct patches. Also, "advanced static code analysis" shows that the wrong approach is not used: ~/tex/tetex-bin-2.0.2 $ grep -r 'pagesSize.*sizeof' . ./libs/xpdf/xpdf/Catalog.cc: pages = (Page **)gmalloc(pagesSize * sizeof(Page *)); ./libs/xpdf/xpdf/Catalog.cc: pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref)); ./libs/xpdf/xpdf/Catalog.cc: pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *)); ./libs/xpdf/xpdf/Catalog.cc: pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref)); ./debian/patches/patch-CAN-2004-0888:+ if (pagesSize >= INT_MAX/sizeof(Page *) || ./debian/patches/patch-CAN-2004-0888:+ pagesSize >= INT_MAX/sizeof(Ref)) { ./debian/patches/patch-CAN-2004-0888: pages = (Page **)gmalloc(pagesSize * sizeof(Page *)); ./debian/patches/patch-CAN-2004-0888: pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref)); ./debian/patches/patch-CAN-2004-0888:+ if (pagesSize >= INT_MAX/sizeof(Page *) || ./debian/patches/patch-CAN-2004-0888:+ pagesSize >= INT_MAX/sizeof(Ref)) { ./debian/patches/patch-CAN-2004-0888: pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *)); ./debian/patches/patch-CAN-2004-0888: pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref)); At the time the patch was fixed, the new CAN number was not yet assigned, so it does not appear in the changelog. So it would be nice to add the CAN to the changelog. This was the relevant upload (I think): tetex-bin (2.0.2-24) unstable; urgency=high * SECURITY UPDATE: more buffer overflows in xpdf library, thanks to Martin Pitt <[EMAIL PROTECTED]> for the tetex-bin-specific patch, which fixes more integer overflows discovered by Markus Meissner <[EMAIL PROTECTED]>, thanks to him for discovering this. * Added debian/patches/patch-CAN-2004-0888. This patch contains the first fix included in the last upload, as well as the additional fixes from this upload, which are: [...] Please close this bug. Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
signature.asc
Description: Digital signature