[gs-cvs] rev 7048 - trunk/gs/src
alexcher at ghostscript.com
alexcher at ghostscript.com
Thu Sep 14 10:29:57 PDT 2006
Author: alexcher
Date: 2006-09-14 10:29:56 -0700 (Thu, 14 Sep 2006)
New Revision: 7048
Modified:
trunk/gs/src/gdevpdfp.c
Log:
Copy a non 0-terminated PS string to a local buffer to avoid scanning past
the end of the string. Also fix a few compiler warnings.
Bug 688882.
Modified: trunk/gs/src/gdevpdfp.c
===================================================================
--- trunk/gs/src/gdevpdfp.c 2006-09-14 17:19:41 UTC (rev 7047)
+++ trunk/gs/src/gdevpdfp.c 2006-09-14 17:29:56 UTC (rev 7048)
@@ -536,7 +536,7 @@
* the ones that we see how to map directly to obvious PDF constructs.
*/
int code = 0;
- int i;
+ uint i;
/*
* If ParseDSCComments is false, all DSC comments are ignored, even if
@@ -569,6 +569,7 @@
key = "/Author";
else {
pdf_page_dsc_info_t *ppdi;
+ char scan_buf[200]; /* arbitrary */
if ((ppdi = &pdev->doc_dsc_info,
pdf_key_eq(pkey, "Orientation")) ||
@@ -589,7 +590,11 @@
gs_matrix mat;
int orient;
- if (sscanf((const char *)pvalue->data, "[%g %g %g %g]",
+ if(pvalue->size >= sizeof(scan_buf) - 1)
+ continue; /* error */
+ memcpy(scan_buf, pvalue->data, pvalue->size);
+ scan_buf[pvalue->size] = 0;
+ if (sscanf(scan_buf, "[%g %g %g %g]",
&mat.xx, &mat.xy, &mat.yx, &mat.yy) != 4
)
continue; /* error */
@@ -618,7 +623,11 @@
ppdi = &pdev->page_dsc_info;
else
continue;
- if (sscanf((const char *)pvalue->data, "[%lg %lg %lg %lg]",
+ if(pvalue->size >= sizeof(scan_buf) - 1)
+ continue; /* error */
+ memcpy(scan_buf, pvalue->data, pvalue->size);
+ scan_buf[pvalue->size] = 0;
+ if (sscanf(scan_buf, "[%lg %lg %lg %lg]",
&box.p.x, &box.p.y, &box.q.x, &box.q.y) != 4
)
continue; /* error */
More information about the gs-cvs
mailing list