Skip to content
GitLab
Closed
Issue created by Bugzilla Migration User@bugzilla-migration

Incompatible pointer cast in _poppler_attachment_new

Submitted by Jason Crain

Assigned to poppler-bugs

Link to original bug (#77921)

Description

Created attachment 97950 Don't cast GTime* to time_t*

Coverity CIDs 16825 and 16826

The glib frontend casts a GTime* to time_t* in _poppler_attachment_new. These are different sizes on x86_64, so it can result in junk being written to the succeeding bytes of the PopplerAttachment struct if a PDF's EmbeddedFile dates do not fit in 32 bits. It's possible to crash Evince when it tries to free an invalid attachment->checksum pointer.

Attached patch replaces the pointer cast with an assignment.

Patch 97950, "Don't cast GTime* to time_t*":
Dont-cast-GTime-to-time_t.patch

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information