I do not think this is a big problem except in places where it can cause crash due to something in pdf file. I am not aware of such places at the moment.
I found this one by searching for "memcpy" in sources. On Wed, Oct 31, 2018 at 10:43 PM Matthew Brincke <ma...@mailbox.org> wrote: > Hello Michal, hello zyx, hello all, > > > On 29 October 2018 at 16:39 Michal Sudolsky <sudols...@gmail.com> > wrote: > > > > > > I just meant there are other places where I can call function with NULL > > buffer and non-zero length to make crash for example > "PdfImage::LoadFromData". > > IMHO all these places should be fixed together in one commit. When you tell > me which places you mean, I could do the commit :-). What do you think? > > Best regards, mabri > > > > > > > On Mon, Oct 29, 2018 at 8:36 AM zyx < z...@gmx.us> wrote: > > > On Sun, 2018-10-28 at 19:28 +0100, Michal Sudolsky wrote: > > > > crash with null pointer and non-zero length as in other places in > > > > podofo. > > > > > > Hi, > > > crash is generally bad, that can lead to CVE issues at the least. > > > Better is when the code can handle broken inputs gracefully. If it's > > > the code's issue, then it should be fixed. > > > > > > I mean, if you know of places which can crash instead of throw > > > exception, then feel free to share the reproducer and such, it'll be > > > highly appreciated. There are still opened some CVEs against PoDoFo, > > > maybe you face/mean one/some of them. > > > Bye, > > > zyx > > > > > > > > > _______________________________________________ > > > Podofo-users mailing list > > > Podofo-users@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/podofo-users > > > > > > _______________________________________________ > > Podofo-users mailing list > > Podofo-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/podofo-users > > > _______________________________________________ > Podofo-users mailing list > Podofo-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/podofo-users >
_______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users
