-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Global declared object of OpenSSLInit class (PdfEncrypt.cpp) can throw exception from constructor and crash application on start #27
Comments
This risk of failures during static fields initialization may be considered acceptable in some cases but I understand your point since here we are calling an external library. An improvement here may come later (0.11): I have some code parked that will move the init in a common place to be called in various places. |
Ok, please understand that moving to lazy initialization won't fix this issue for you. You must bind to a openssl build that has legacy algorithms, or lazily crash in PoDoFo only if RC4 algorithms are needed by the actual document but OpenSSL support is not available. Patches welcome to add the latter. |
Sure, thanks. |
It is workable with some modifications to PoDoFo, but it won't work with RC4 encrypted documents. You can point out this to the Conan index. |
Hi! |
Implemented in 09cb7e1 . It didn't come for free, so I hope it was worth. |
Hi!
There is an OpenSSLInit class in PdfEncrypt.cpp and the global s_SSL object of this class.
Class has a constructor that can throw an exception. The problem is that it cannot be catched because s_SL constructor is called before main(). In case of an error during initialization of OpenSSL, the program crashes before the start of main().
It is better to redesign OpenSSLInit.
The text was updated successfully, but these errors were encountered: