Fixed buffer overflow condition in t2p_write_pdf_string() as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=1196
This commit is contained in:
parent
01a173d4b8
commit
a0fdd6eb0c
@ -1,4 +1,4 @@
|
|||||||
/* $Id: tiff2pdf.c,v 1.33 2006-04-21 15:09:34 dron Exp $
|
/* $Id: tiff2pdf.c,v 1.34 2006-06-08 10:45:35 dron Exp $
|
||||||
*
|
*
|
||||||
* tiff2pdf - converts a TIFF image to a PDF document
|
* tiff2pdf - converts a TIFF image to a PDF document
|
||||||
*
|
*
|
||||||
@ -3671,7 +3671,7 @@ tsize_t t2p_write_pdf_string(char* pdfstr, TIFF* output){
|
|||||||
|
|
||||||
tsize_t written = 0;
|
tsize_t written = 0;
|
||||||
uint32 i = 0;
|
uint32 i = 0;
|
||||||
char buffer[5];
|
char buffer[64];
|
||||||
uint32 len = 0;
|
uint32 len = 0;
|
||||||
|
|
||||||
len = strlen(pdfstr);
|
len = strlen(pdfstr);
|
||||||
@ -3679,6 +3679,7 @@ tsize_t t2p_write_pdf_string(char* pdfstr, TIFF* output){
|
|||||||
for (i=0; i<len; i++) {
|
for (i=0; i<len; i++) {
|
||||||
if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
|
if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
|
||||||
sprintf(buffer, "\\%.3o", pdfstr[i]);
|
sprintf(buffer, "\\%.3o", pdfstr[i]);
|
||||||
|
buffer[sizeof(buffer) - 1] = '\0';
|
||||||
written += TIFFWriteFile(output, (tdata_t) buffer, 4);
|
written += TIFFWriteFile(output, (tdata_t) buffer, 4);
|
||||||
} else {
|
} else {
|
||||||
switch (pdfstr[i]){
|
switch (pdfstr[i]){
|
||||||
|
Loading…
Reference in New Issue
Block a user