I am not sure if I am just missing where this is verified earlier, but isn't
unsigned int signed_data_len = r2.getInt()+r4.getInt(); unsigned char *to_check = (unsigned char *)gmalloc(signed_data_len); //Read the 2 slices of data that are signed doc->getBaseStream()->setPos(0); doc->getBaseStream()->doGetChars(r2.getInt(), to_check); doc->getBaseStream()->setPos(r3.getInt()); doc->getBaseStream()->doGetChars(r4.getInt(), to_check+r2.getInt()); from FormFieldSignature::validateSignature susceptible to buffer overflow? Meaning for example if r4.getInt() < 0, then signed_data_len < r2.getInt(), so we overflow to_check in the first call to doGetChars while the second one becomes a no-op for a least the Stream and FileStream implementations. Best regards, Adam. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to evince in Ubuntu. https://bugs.launchpad.net/bugs/1085526 Title: ubuntu pdf doc viewer will not let me sign a document Status in Poppler: Confirmed Status in evince package in Ubuntu: Triaged Bug description: Just updated in last few weeks, i think ubuntu 12.4 To sign the document i have to send it to my neighbors windows computer, open it, sign it, then send it, then I get a note from echo sign that the document was sent with my signature. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: evince 3.2.1-0ubuntu2.3 ProcVersionSignature: Ubuntu 3.0.0-27.44-generic 3.0.45 Uname: Linux 3.0.0-27-generic i686 ApportVersion: 1.23-0ubuntu4 Architecture: i386 Date: Fri Nov 30 18:13:25 2012 ExecutablePath: /usr/bin/evince InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1) ProcEnviron: PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: evince UpgradeStatus: Upgraded to oneiric on 2012-11-18 (12 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/poppler/+bug/1085526/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp