Comment 61 for bug 26650

Hi Frank, hi Joey!

Frank Küster [2005-12-09 19:01 +0100]:
> Martin Pitt <email address hidden> wrote:
>
> > After discovering that the same flawed multiplication is also present
> > in upstream's other two patches, I decided to completely rework the
> > patch.
> >
> > I attach the debdiff with separated out changelog. Florian, maybe you
> > can peer-review the patch?
>
> Martin and Florian, Joey Schulze also sent a "fixed" patch to the bug,
> see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292;msg=131
>
> Would you be so kind and review it?

Sorry for the delay, lots of private stuff to do on the weekend.

+ nVals = width * nComps;
++ totalBits = nVals * nBits;
++ if (totalBits == 0 ||
++ (totalBits / nBits) / nComps != width ||
++ totalBits + 7 < 0) {
++ return;
++ }

Please do not use this part of Joey's patch. As already disdussed,
this way of checking a multiplication overflow is unreliable. Please
use the var1 >= INT_MAX/var2 approach, which is the 'standard way' and
avoids integer overflows.

Thanks,

Martin

P. S. Frank, I'm this ---><--- close to build tetex-bin against
poppler, I already have working debs. Just fighting with the build
system a bit. :)

--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org