[gs-commits] ghostpdl branch, master, updated. ghostpdl-9.02-563-gfc3adb3
Alex Cherepanov
alexcher at ghostscript.com
Wed Aug 31 01:05:37 UTC 2011
The ghostpdl branch, master has been updated
via fc3adb358eb5c0175fc5e24d7f275ffe2ac39fb9 (commit)
from 2b898bdf0ba77853f4af9da4e39141189a1580a1 (commit)
----------------------------------------------------------------------
commit fc3adb358eb5c0175fc5e24d7f275ffe2ac39fb9
Author: Alex Cherepanov <alex.cherepanov at artifex.com>
Date: Tue Aug 30 18:24:57 2011 -0400
Bug 692409: check file name length
Check the length of a file name argument and throw /limitcheck when
it exceed the size of the internal buffer. Avoid undefined behaviour
and possible security issues.
diff --git a/gs/base/gdevprn.c b/gs/base/gdevprn.c
index d8a2037..e0f7053 100644
--- a/gs/base/gdevprn.c
+++ b/gs/base/gdevprn.c
@@ -722,6 +722,8 @@ label:\
if (ppdev->file != NULL)
gx_device_close_output_file(pdev, ppdev->fname, ppdev->file);
ppdev->file = NULL;
+ if (sizeof(ppdev->fname) <= ofs.size)
+ return_error(gs_error_limitcheck);
memcpy(ppdev->fname, ofs.data, ofs.size);
ppdev->fname[ofs.size] = 0;
}
Summary of changes:
gs/base/gdevprn.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
More information about the gs-commits
mailing list