[Okular-devel] new xpdf vulnerability
Albert Astals Cid
aacid at kde.org
Thu Jan 11 23:05:09 CET 2007
A Dijous 11 Gener 2007 21:39, Albert Astals Cid va escriure:
> A Dijous 11 Gener 2007 21:27, Dirk Mueller va escriure:
> > On Wednesday, 10. January 2007 20:49, Albert Astals Cid wrote:
> > > > to limit the recursion depth more or less arbitrarily (e.g. no more
> > > > than 32 recursions). wouldn't that work as well?
> > >
> > > Well, that would be a bit lame and prone to break easily.
> >
> > well, it is only to fix a border case. it shouldn't make the regular case
> > any slower. And how is that supposed to break? It can't break more easily
> > than the set based code.
>
> By break i mean failing on correct pdf, as one can easily write a correct
> pdf with a page tree recursion level of 33. My code would work and an one
> with arbitrary limit would not, but see the other mail i just sent, an
> arbitrary limit seems to be the winning bet.
>
> > > I've improved my patch so it only looks for/adds things on the set when
> > > calling the recursion and compiled on release mode. That gave me
> > > similar time in millisecons (even the code without the patch got a
> > > higher average) so it seems it gets I/O "limited" and adding the patch
> > > is "free".
> >
> > for excluding the I/O factors, it would be a good idea to kcachegrind it
> > instead of timing it ;)
>
> Well, the "user experience" TM includes I/O so it makes sense to me to take
> I/O into account.
Ok, sending the final patch agreed with poppler devels.
Albert
>
> Albert
>
> > Dirk
>
> _______________________________________________
> Okular-devel mailing list
> Okular-devel at kde.org
> https://mail.kde.org/mailman/listinfo/okular-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MOAB
Type: text/x-diff
Size: 2456 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/okular-devel/attachments/20070111/f5de96f7/attachment.bin
More information about the Okular-devel
mailing list