Re: [pdf-devel] pdf-devel Digest, Vol 50, Issue 5

[Gustavo Martin Domato]

Hi:

I have a problem: I'm copying and modifying a lot of code from TIFF
library and I don't know whether I should leave that code in the
original files (that would make those files heavily modified) or copy it
to the pdf-stm-f-fax.c file (that would make it enormous). The most
comfortable would be to create my own library files, based on TIFF, and
place them in lib, but I'm not sure if you want to populate that
directory with my files. 


Regards,
Gustavo.

On Fri, 2011-08-05 at 12:00 -0400, address@hidden wrote:
> Send pdf-devel mailing list submissions to
>       address@hidden
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>       https://lists.gnu.org/mailman/listinfo/pdf-devel
> or, via email, send a message with subject or body 'help' to
>       address@hidden
> 
> You can reach the person managing the list at
>       address@hidden
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of pdf-devel digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: [pdf-tasks] [flyspray] LZW Filter Implementation
>       (Georg Gottleuber)
>    2. Re: LZWEncode Bug Report (Juan Pedro Bol?var Puente)
>    3. Re: [pdf-tasks] [flyspray] LZW Filter Implementation
>       (Juan Pedro Bol?var Puente)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Thu, 04 Aug 2011 19:05:28 +0200
> From: Georg Gottleuber <address@hidden>
> To: Aleksander Morgado <address@hidden>
> Cc: address@hidden
> Subject: Re: [pdf-devel] [pdf-tasks] [flyspray] LZW Filter
>       Implementation
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset=UTF-8
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 04.08.2011 15:19, Aleksander Morgado wrote:
> > 
> >>
> >> I have added unit tests for lzw filter. Reused most of the flate test
> >> code. Patch is attached. Is it sufficient?
> >>
> > 
> > Does it include a testcase to catch the additional unspecified 0 byte at
> > the end of the encoded lzw stream thingy? That would be great to have.
> 
> Not yet. But I can do this.
> 
> Regards,
> Georg
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAk460VgACgkQ5sLITM1qIaJncwCfbds4YirN7lugyACyn0kb5F4U
> l6QAnAxALaVTgS4MFzy4CQbOUkh3Q1eB
> =2SwH
> -----END PGP SIGNATURE-----
> 
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Thu, 04 Aug 2011 17:01:46 +0200
> From: Juan Pedro Bol?var Puente <address@hidden>
> To: address@hidden
> Subject: Re: [pdf-devel] LZWEncode Bug Report
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> On 28/07/11 14:40, David Stroud wrote:
> > Hey there,
> > 
> > After chatting with jemarch in the irc channel, I was advised to submit a
> > bug report of this issue I've been having.
> > 
> > I'm trying to compress JavaScript inside PDFs for use in avoiding AVs in
> > client side attacks. To begin with I was just encoding this single line in
> > pdf-filter:
> > 
> > app.alert({cMsg: 'Hello there', cTitle: 'Testing PDF JavaScript', nIcon:
> > 3});
> > 
> > and it worked fine with lzw encoding, rle, ahex and flate (singularly or
> > stacked together).
> > 
> > After that, I moved on to the actual exploit itself, which is the
> > collectemailinfo heap spray. Here is the code with a payload that spawns
> > calculator:
> > 
> > [...]
> >
> 
> I cannot reproduce your bug. Copied the payload that you placed here
> test-lzw then:
> 
>   $ ./pdf-filter --lzwenc < test-lzw > test-lzw.enc
>   $ ./pdf-filter --lzwdec < test-lzw.enc > test-lzw.dec
>   $ diff test-lzw test-lzw.dec
> 
> Can you provide further information? How exactly does the filter not
> work, what steps are you taking to encode and decode?
> 
> Thanks,
> 
> JP
> 
> PS: I do not believe the trailing 0 is the source of the problem, and
> indeed that 0 must be harmless -- appart from wasting 1 byte.
> 
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Thu, 04 Aug 2011 17:07:55 +0200
> From: Juan Pedro Bol?var Puente <address@hidden>
> To: address@hidden
> Subject: Re: [pdf-devel] [pdf-tasks] [flyspray] LZW Filter
>       Implementation
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> On 29/07/11 13:09, Aleksander Morgado wrote:
> > Hi Georg,
> > 
> >>
> >> I have chosen LZW filter task. The code looks ok (maybe some gotos to
> >> refactor), it compiles, and it seems to work. So what has to be done?
> >>
> > 
> > At least unit tests are missing.
> > 
> > I also dislike the use of gotos, but I found them quite handy to keep
> > the flow of the state in the filtes, so crossed feelings about that. I
> > wouldn't refactor them if they work ok.
> > 
> 
> I dislike goto's too. I wrote those goto's in the original code. There
> is a metodology in how they are used and their only purpose is to keep
> state when we run out of buffer space without having to split and blurr
> the main algorithm. I do not know of any clearer way of doing this
> without continuations (lisp, python) or lazy evaluation (haskell), but
> if you do I would love to read it :)
> 
> Thanks for maintaining that code, if you have any problems with it I can
> try to take a look at it again.
> 
> JP
> 
> 
> 
> 
> End of pdf-devel Digest, Vol 50, Issue 5
> ****************************************