[gs-bugs] [Bug 692593] New: memory overflow(s) in shape related code
bugzilla-daemon at ghostscript.com
bugzilla-daemon at ghostscript.com
Fri Oct 14 03:51:38 UTC 2011
http://bugs.ghostscript.com/show_bug.cgi?id=692593
Summary: memory overflow(s) in shape related code
Product: MuPDF
Version: unspecified
Platform: PC
URL: http://code.google.com/p/sumatrapdf/issues/detail?id=1
664
OS/Version: Windows 7
Status: NEW
Severity: normal
Priority: P4
Component: fitz
AssignedTo: tor.andersson at artifex.com
ReportedBy: zeniko at gmail.com
QAContact: gs-bugs at ghostscript.com
CC: robin.watts at artifex.com
The file linked from the URL crashes at page 18 because the clipping bbox isn't
contained within the shape at all, but the shape is nonetheless modified as if
it were, leading unrelated memory to be overwritten.
And while you're at it: draw_affine.c contains several instances of "hp[n1]"
which also leads to memory overflows if n1 != 1 (correct would be "hp[0]").
--
Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the gs-bugs
mailing list