| <<<Back 1 day (to 2016/07/26) | 20160727 |
explorer_ | I found a heap overflow vulnerability in mupdf .May some offer a email address ?So I can send the vulnerability detail | 07:46.45 |
chrisl | explorer_: if you open a bug at bugs.ghostscript.com and post the number here, I'll mark it as private | 07:56.01 |
explorer_ | so, I open a blank bug report and edit it after you mark it as private ? | 08:07.30 |
chrisl | explorer_: Just fill it in - it should only publicly visible for a few minutes | 08:08.18 |
| explorer_: Or do it your way - I think that works | 08:08.42 |
explorer_ | Sorry for wait ,The bug number is Bug 696954 | 08:24.07 |
kens | Marked thread and attachment as private | 08:26.34 |
sebras | Robin_Watts: I fixed 696954 over at sebras/master. | 14:22.00 |
Robin_Watts | sebras: How about 696945 ? | 14:22.31 |
| Look good. | 14:23.33 |
| Looks good, even. | 14:23.42 |
sebras | Robin_Watts: I haven't looked at 696954. | 14:25.22 |
Robin_Watts | sebras: Are you interested in doing so? | 14:25.39 |
sebras | Robin_Watts: sure, I'm just looking at a few other uses of pdf_array_len() to see if we have similar issues elsewhere. | 14:28.53 |
Robin_Watts | cool. If it looks like it's a bug in openjpeg and you don't want to get mired in that, then we can probably try passing it to shelly. Up to you. | 14:29.24 |
sebras | Robin_Watts: I took a look at the openjpeg issue. and while I can reproduce a valgrind issue in the luratech decoder on latest master I cannot reproduce the issue with openjpeg inside or outside valgrind. | 18:39.56 |
| Robin_Watts: could be because I'm using 32-bit linux..? | 18:40.06 |
| I did try on 1.9 as reported as well, but no luck. | 18:40.41 |
Robin_Watts | sebras: Hmm. | 18:57.15 |
| If you can't reproduce it, ask for more details? | 18:57.51 |
HenryStiles | hmm don't think we should be take on stuff only reproducible in a genymotion simulator | 22:42.12 |
| Forward 1 day (to 2016/07/28)>>> | |