summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin Watts <robin.watts@artifex.com>2012-03-13 19:38:56 +0000
committerRobin Watts <robin.watts@artifex.com>2012-03-13 19:38:56 +0000
commit33dc06b61c0816854193f006c35a9e797f098a22 (patch)
tree4f3dc9346160ff6c1cb041c78e03720cf82ad398
parent7888b56b928707329a84a61eca8f8e75ef6a745a (diff)
downloadmupdf-33dc06b61c0816854193f006c35a9e797f098a22.tar.xz
Bug 692882 - fix buffer overflow.
Long doctitles (filenames in this case) can cause a buffer overflow. Fix here. Thanks to Hin-Tak and Pavel Zhukov.
-rw-r--r--apps/pdfapp.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/apps/pdfapp.c b/apps/pdfapp.c
index 0afd5d15..acad7c9f 100644
--- a/apps/pdfapp.c
+++ b/apps/pdfapp.c
@@ -256,9 +256,11 @@ static void pdfapp_loadpage(pdfapp_t *app)
}
}
+#define MAX_TITLE 256
+
static void pdfapp_showpage(pdfapp_t *app, int loadpage, int drawpage, int repaint)
{
- char buf[256];
+ char buf[MAX_TITLE];
fz_device *idev;
fz_device *tdev;
fz_colorspace *colorspace;
@@ -285,8 +287,20 @@ static void pdfapp_showpage(pdfapp_t *app, int loadpage, int drawpage, int repai
if (drawpage)
{
- sprintf(buf, "%s - %d/%d (%d dpi)", app->doctitle,
+ char buf2[64];
+ int len;
+
+ sprintf(buf2, " - %d/%d (%d dpi)",
app->pageno, app->pagecount, app->resolution);
+ len = MAX_TITLE-strlen(buf2);
+ if (strlen(app->doctitle) > len)
+ {
+ snprintf(buf, len-3, "%s", app->doctitle);
+ strcat(buf, "...");
+ strcat(buf, buf2);
+ }
+ else
+ sprintf(buf, "%s%s", app->doctitle, buf2);
wintitle(app, buf);
ctm = pdfapp_viewctm(app);