From 77dc7f699beba606937b7ea23b50cf5974fa64b1 Mon Sep 17 00:00:00 2001 From: Ken Sharp Date: Thu, 25 Jan 2024 11:55:49 +0000 Subject: [PATCH] Bug 707510 - don't allow PDF files with bad Filters to overflow the debug buffer Item #2 of the report. Allocate a buffer to hold the filter name, instead of assuming it will fit in a fixed buffer. Reviewed all the other PDFDEBUG cases, no others use a fixed buffer like this. --- pdf/pdf_file.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pdf/pdf_file.c b/pdf/pdf_file.c index 6680ae2db..4b04e3582 100644 --- a/pdf/pdf_file.c +++ b/pdf/pdf_file.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2018-2023 Artifex Software, Inc. +/* Copyright (C) 2018-2024 Artifex Software, Inc. All Rights Reserved. This software is provided AS-IS with no warranty, either express or @@ -777,10 +777,14 @@ static int pdfi_apply_filter(pdf_context *ctx, pdf_dict *dict, pdf_name *n, pdf_ if (ctx->args.pdfdebug) { - char str[100]; + char *str; + str = gs_alloc_bytes(ctx->memory, n->length + 1, "temp string for debug"); + if (str == NULL) + return_error(gs_error_VMerror); memcpy(str, (const char *)n->data, n->length); str[n->length] = '\0'; dmprintf1(ctx->memory, "FILTER NAME:%s\n", str); + gs_free_object(ctx->memory, str, "temp string for debug"); } if (pdfi_name_is(n, "RunLengthDecode")) { -- 2.45.2