Hello Michal, hello zyx, hello all, > On 29 October 2018 at 16:39 Michal Sudolsky <[email protected]> wrote: > > > I just meant there are other places where I can call function with NULL > buffer and non-zero length to make crash for example "PdfImage::LoadFromData".
IMHO all these places should be fixed together in one commit. When you tell me which places you mean, I could do the commit :-). What do you think? Best regards, mabri > > > On Mon, Oct 29, 2018 at 8:36 AM zyx < [email protected]> wrote: > > On Sun, 2018-10-28 at 19:28 +0100, Michal Sudolsky wrote: > > > crash with null pointer and non-zero length as in other places in > > > podofo. > > > > Hi, > > crash is generally bad, that can lead to CVE issues at the least. > > Better is when the code can handle broken inputs gracefully. If it's > > the code's issue, then it should be fixed. > > > > I mean, if you know of places which can crash instead of throw > > exception, then feel free to share the reproducer and such, it'll be > > highly appreciated. There are still opened some CVEs against PoDoFo, > > maybe you face/mean one/some of them. > > Bye, > > zyx > > > > > > _______________________________________________ > > Podofo-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/podofo-users > > > _______________________________________________ > Podofo-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/podofo-users _______________________________________________ Podofo-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/podofo-users
