Incompatible pointer cast in _poppler_attachment_new
Submitted by Jason Crain
Assigned to poppler-bugs
Description
Created attachment 97950 Don't cast GTime* to time_t*
Coverity CIDs 16825 and 16826
The glib frontend casts a GTime* to time_t* in _poppler_attachment_new. These are different sizes on x86_64, so it can result in junk being written to the succeeding bytes of the PopplerAttachment struct if a PDF's EmbeddedFile dates do not fit in 32 bits. It's possible to crash Evince when it tries to free an invalid attachment->checksum pointer.
Attached patch replaces the pointer cast with an assignment.
Patch 97950, "Don't cast GTime* to time_t*":
Dont-cast-GTime-to-time_t.patch
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information