[Okular-devel] new xpdf vulnerability

Albert Astals Cid aacid at kde.org
Thu Jan 11 21:39:01 CET 2007


A Dijous 11 Gener 2007 21:27, Dirk Mueller va escriure:
> On Wednesday, 10. January 2007 20:49, Albert Astals Cid wrote:
> > > to limit the recursion depth more or less arbitrarily (e.g. no more
> > > than 32 recursions). wouldn't that work as well?
> >
> > Well, that would be a bit lame and prone to break easily.
>
> well, it is only to fix a border case. it shouldn't make the regular case
> any slower. And how is that supposed to break? It can't break more easily
> than the set based code.

By break i mean failing on correct pdf, as one can easily write a correct pdf 
with a page tree recursion level of 33. My code would work and an one with 
arbitrary limit would not, but see the other mail i just sent, an arbitrary 
limit seems to be the winning bet.

>
> > I've improved my patch so it only looks for/adds things on the set when
> > calling the recursion and compiled on release mode. That gave me similar
> > time in millisecons (even the code without the patch got a higher
> > average) so it seems it gets I/O "limited" and adding the patch is
> > "free".
>
> for excluding the I/O factors, it would be a good idea to kcachegrind it
> instead of timing it ;)

Well, the "user experience" TM includes I/O so it makes sense to me to take 
I/O into account.

Albert

>
>
> Dirk


More information about the Okular-devel mailing list