diff options
author | Robin Watts <robin.watts@artifex.com> | 2016-10-12 14:15:50 +0100 |
---|---|---|
committer | Robin Watts <robin.watts@artifex.com> | 2016-10-17 11:34:05 +0100 |
commit | 910f459d535cec757b8e5f541dd39be6fa2fb0c9 (patch) | |
tree | 41deef3413ba5df953f7c50b275443fbae9dc31c | |
parent | 9388ecefe9d8659d8434aa78d07a1fa247c8ea4e (diff) | |
download | ghostpdl-910f459d535cec757b8e5f541dd39be6fa2fb0c9.tar.gz |
Bug 697012: Fix buffer overflow in gxps.
Port back same fix already applied to muxps.
-rw-r--r-- | xps/xpsglyphs.c | 25 |
1 files changed, 8 insertions, 17 deletions
diff --git a/xps/xpsglyphs.c b/xps/xpsglyphs.c index 1ac28de55..44947028d 100644 --- a/xps/xpsglyphs.c +++ b/xps/xpsglyphs.c @@ -17,6 +17,7 @@ /* XPS interpreter - text drawing support */ #include "ghostxps.h" +#include <stdlib.h> #define XPS_TEXT_BUFFER_SIZE 300 @@ -368,26 +369,16 @@ xps_parse_digits(char *s, int *digit) return s; } -static inline int is_real_num_char(int c) -{ - return (c >= '0' && c <= '9') || c == 'e' || c == 'E' || c == '+' || c == '-' || c == '.'; -} - static char * xps_parse_real_num(char *s, float *number, bool *number_parsed) { - char buf[64]; - char *p = buf; - *number_parsed = false; - - while (is_real_num_char(*s)) - *p++ = *s++; - *p = 0; - if (buf[0]) { - *number = atof(buf); - *number_parsed = true; - } - return s; + char *tail; + float v; + v = (float)strtod(s, &tail); + *number_parsed = tail != s; + if (*number_parsed) + *number = v; + return tail; } static char * |