I didn't directly respond to this point, sorry William. On Thu, 20 Aug 2020 at 13:57, William Bader <[email protected]> wrote: > > If the big image patches are committed, is it worth adding a command line > option to enable or disable big images or to set the max image size so > applications that should never see big images don't have to worry about DOS?
So, DoS is an issue regardless of the current allocator restrictions, because of the features of the PDF format. It would be reasonable to have some documentation about using the various sandboxing features of platforms when handing untrusted PDFs, which in practice most uses of the library will already do (previewing a PDF should not crash your shell). The cases I'm most worried about come from the current code around buffer offsets, which need to be fixed before the allocator change could land. With all those cases adapted to use the correct (64 bit) operations, the binary Just Works for larger sizes, and the code already does (something) in response to malloc failure. Martin _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
