[gs-bugs] [Bug 692593] New: memory overflow(s) in shape related code

bugzilla-daemon at ghostscript.com bugzilla-daemon at ghostscript.com
Fri Oct 14 03:51:38 UTC 2011


           Summary: memory overflow(s) in shape related code
           Product: MuPDF
           Version: unspecified
          Platform: PC
               URL: http://code.google.com/p/sumatrapdf/issues/detail?id=1
        OS/Version: Windows 7
            Status: NEW
          Severity: normal
          Priority: P4
         Component: fitz
        AssignedTo: tor.andersson at artifex.com
        ReportedBy: zeniko at gmail.com
         QAContact: gs-bugs at ghostscript.com
                CC: robin.watts at artifex.com

The file linked from the URL crashes at page 18 because the clipping bbox isn't
contained within the shape at all, but the shape is nonetheless modified as if
it were, leading unrelated memory to be overwritten.

And while you're at it: draw_affine.c contains several instances of "hp[n1]"
which also leads to memory overflows if n1 != 1 (correct would be "hp[0]").

Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the gs-bugs mailing list