Package: libpoppler4
Version: 0.10.6-1
Severity: normal
$ apt-get source poppler
[snip]
$ cd poppler-0.10.6/
$ grep -C1 -r setlocale poppler
poppler/PDFDoc.cc- {
poppler/PDFDoc.cc: char *theLocale = setlocale(LC_NUMERIC, "C");
poppler/PDFDoc.cc- pdfVersion = atof(p);
poppler/PDFDoc.cc: setlocale(LC_NUMERIC, theLocale);
poppler/PDFDoc.cc- }
The code fails to restore the original locale settings. Even if those settings
were being restored, the code would be susceptible to race conditions in
multi-threaded applications. (It is almost always a bad idea to call
setlocale() in a library!)
Moreover, other uses atof() in poppler are not "protected" by setlocale()
calls, so they essentially rely on the brokenness of the quoted code.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
