[gs-cvs] rev 7804 - trunk/gs/src
alexcher at ghostscript.com
alexcher at ghostscript.com
Sun Mar 25 17:36:10 PDT 2007
Author: alexcher
Date: 2007-03-25 17:36:09 -0700 (Sun, 25 Mar 2007)
New Revision: 7804
Modified:
trunk/gs/src/gdevpdfm.c
Log:
Clear a Purify warning. Fix yet another case where a non-0-terminated string
was directly used as a sscanf() argument, causing an access to the wild core.
DIFFERENCES:
No CET or Comparefiles differences.
Modified: trunk/gs/src/gdevpdfm.c
===================================================================
--- trunk/gs/src/gdevpdfm.c 2007-03-25 21:58:01 UTC (rev 7803)
+++ trunk/gs/src/gdevpdfm.c 2007-03-26 00:36:09 UTC (rev 7804)
@@ -1498,6 +1498,7 @@
int code;
gs_matrix ictm;
byte bbox_str[6 + 6 * 15], matrix_str[6 + 6 * 15];
+ char chars[MAX_RECT_STRING + 1];
int bbox_str_len, matrix_str_len;
stream s;
@@ -1506,7 +1507,11 @@
code = gs_matrix_invert(pctm, &ictm);
if (code < 0)
return code;
- if (sscanf((const char *)pairs[1].data, "[%lg %lg %lg %lg]",
+ if (pairs[1].size > MAX_RECT_STRING)
+ return_error(gs_error_limitcheck);
+ memcpy(chars, pairs[1].data, pairs[1].size);
+ chars[pairs[1].size] = 0;
+ if (sscanf(chars, "[%lg %lg %lg %lg]",
&bbox.p.x, &bbox.p.y, &bbox.q.x, &bbox.q.y) != 4)
return_error(gs_error_rangecheck);
if ((pdev->used_mask << 1) == 0)
More information about the gs-cvs
mailing list