41 lines
1.2 KiB
Diff
41 lines
1.2 KiB
Diff
|
From 77dc7f699beba606937b7ea23b50cf5974fa64b1 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Ken Sharp <Ken.Sharp@artifex.com>
|
||
|
|
Date: Thu, 25 Jan 2024 11:55:49 +0000
|
||
|
|
Subject: [PATCH 2/6] Bug 707510 - don't allow PDF files with bad Filters to
|
||
|
|
overflow the debug buffer
|
||
|
|
|
||
|
|
Item #2 of the report.
|
||
|
|
|
||
|
|
Allocate a buffer to hold the filter name, instead of assuming it will
|
||
|
|
fit in a fixed buffer.
|
||
|
|
|
||
|
|
Reviewed all the other PDFDEBUG cases, no others use a fixed buffer like
|
||
|
|
this.
|
||
|
|
---
|
||
|
|
pdf/pdf_file.c | 6 +++++-
|
||
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/pdf/pdf_file.c b/pdf/pdf_file.c
|
||
|
|
index 5698866..89298f0 100644
|
||
|
|
--- a/pdf/pdf_file.c
|
||
|
|
+++ b/pdf/pdf_file.c
|
||
|
|
@@ -773,10 +773,14 @@ static int pdfi_apply_filter(pdf_context *ctx, pdf_dict *dict, pdf_name *n, pdf_
|
||
|
|
|
||
|
|
if (ctx->args.pdfdebug)
|
||
|
|
{
|
||
|
|
- char str[100];
|
||
|
|
+ char *str;
|
||
|
|
+ str = gs_alloc_bytes(ctx->memory, n->length + 1, "temp string for debug");
|
||
|
|
+ if (str == NULL)
|
||
|
|
+ return_error(gs_error_VMerror);
|
||
|
|
memcpy(str, (const char *)n->data, n->length);
|
||
|
|
str[n->length] = '\0';
|
||
|
|
dmprintf1(ctx->memory, "FILTER NAME:%s\n", str);
|
||
|
|
+ gs_free_object(ctx->memory, str, "temp string for debug");
|
||
|
|
}
|
||
|
|
|
||
|
|
if (pdfi_name_is(n, "RunLengthDecode")) {
|
||
|
|
--
|
||
|
|
2.43.0
|
||
|
|
|