[Poppler-bugs] [Bug 26048] New: possible buffer overflow in fofi/FoFiType1.cc
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Thu Jan 14 12:06:18 PST 2010
http://bugs.freedesktop.org/show_bug.cgi?id=26048
Summary: possible buffer overflow in fofi/FoFiType1.cc
Product: poppler
Version: unspecified
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: medium
Component: general
AssignedTo: poppler-bugs at lists.freedesktop.org
ReportedBy: gabriel.burt at gmail.com
Created an attachment (id=32642)
--> (http://bugs.freedesktop.org/attachment.cgi?id=32642)
patch for case where line1 is NULL
--- fofi/FoFiType1.cc 2004-01-22 02:26:44.000000000 +0100
+++ fofi/FoFiType1.cc 2009-11-12 20:09:18.000000000 +0100
@@ -163,7 +163,8 @@ void FoFiType1::parse() {
line = getNextLine(line);
for (j = 0; j < 300 && line; ++j) {
line1 = getNextLine(line);
- if ((n = line1 - line) > 255) {
+ // line1 could be NULL
+ if ((n = line1 - line) > 255 || n < 0) {
n = 255;
}
strncpy(buf, line, n);
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Poppler-bugs
mailing list