[DVIPDFMx] fixed-size buffers in dvipdfmx
Karl Berry
karl at freefriends.org
Tue Apr 6 09:30:29 KST 2010
I grepped for sprintf %s in the dvipdfmx sources, and saw the following
places that looked like they depended on a non-nasty input (font) file:
cmap_write.c:349: wbuf.curptr += sprintf(wbuf.curptr, "/CMapName /%s def\n", cmap->name);
pdfdev.c:1743: len = sprintf(work_buffer, " /%s Do", res_name);
spc_tpic.c:194: len += sprintf(buf + len, " /%s gs", resname);
I can't prove it or give you an example where the fixed-size buffers
overflow, but I suggest using snprintf instead of sprintf, to avoid the
possibility of problems. snprintf is already being used in mem.c, so it
wouldn't be the first time.
(BTW, I just heard from Nelson that snprintf is available on all his
myriad machines with one exception: OSF/1 4.0. I hope he doesn't force
us into autoconf-checking for it just for that old OS ...)
Thanks,
Karl
More information about the dvipdfmx
mailing list