diff options
| author | Robin Watts <robin.watts@artifex.com> | 2016-10-12 10:56:53 +0100 |
|---|---|---|
| committer | Robin Watts <robin.watts@artifex.com> | 2016-10-12 12:55:12 +0100 |
| commit | e06eef11c974e38e12c808f95b3987fc41da3f02 (patch) | |
| tree | 61e3116a4fc12405d63c75dfc996d5eecf474bb2 | |
| parent | d64a4eabb26bf6cc05d7de1175edb706117e1207 (diff) | |
| download | mupdf-e06eef11c974e38e12c808f95b3987fc41da3f02.tar.xz | |
Bug 697012: Avoid overflow in xps_parse_real_num.
| -rw-r--r-- | source/xps/xps-glyphs.c | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c index 82daf768..dc414f57 100644 --- a/source/xps/xps-glyphs.c +++ b/source/xps/xps-glyphs.c @@ -298,21 +298,13 @@ static inline int is_real_num_char(int c) static char * xps_parse_real_num(char *s, float *number, int *override) { - char buf[64]; - char *p = buf; - while (is_real_num_char(*s)) - *p++ = *s++; - *p = 0; - if (buf[0]) - { - *override = 1; - *number = fz_atof(buf); - } - else - { - *override = 0; - } - return s; + char *tail; + float v; + v = fz_strtof(s, &tail); + *override = tail != s; + if (*override) + *number = v; + return tail; } static char * |