cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed buffer overflow condition in t2p_write_pdf_string() as per bug

Browse Source 
http://bugzilla.remotesensing.org/show_bug.cgi?id=1196
This commit is contained in:
Andrey Kiselev 2006-06-08 10:45:35 +00:00
parent 01a173d4b8
commit a0fdd6eb0c
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tools/tiff2pdf.c
View File

@ -1,4 +1,4 @@
/* $Id: tiff2pdf.c,v 1.33 2006-04-21 15:09:34 dron Exp $
/* $Id: tiff2pdf.c,v 1.34 2006-06-08 10:45:35 dron Exp $
*
* tiff2pdf - converts a TIFF image to a PDF document
*
@ -3669,16 +3669,17 @@ tsize_t t2p_write_pdf_name(char* name, TIFF* output){
tsize_t t2p_write_pdf_string(char* pdfstr, TIFF* output){
tsize_t written=0;
uint32 i=0;
char buffer[5];
uint32 len=0;
tsize_t written = 0;
uint32 i = 0;
char buffer[64];
uint32 len = 0;
len=strlen(pdfstr);
len = strlen(pdfstr);
written += TIFFWriteFile(output, (tdata_t) "(", 1);
for (i=0;i<len;i++){
for (i=0; i<len; i++) {
if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
sprintf(buffer, "\\%.3o", pdfstr[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += TIFFWriteFile(output, (tdata_t) buffer, 4);
} else {
switch (pdfstr[i]){