[cups.bugs] [MOD] STR #1241: addons/lips4v stack overflow

twaugh.redhat twaugh at redhat.com
Fri Aug 12 03:04:49 PDT 2005


[STR New]

espgs-8.15rc4/addons/lips4/gdevl4v.c:704 allocates char dpi_char[3], but
line 745 has:

        sprintf(dpi_char, "%d", dpi);

so when dpi > 99 the terminating nul overflows dpi_char.

ref. 165713

Link: http://www.cups.org/str.php?L1241
Version: 8.15rc3
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ghostscript-overflow.patch
URL: <http://lists.cups.org/pipermail/cups-devel/attachments/20050812/faadec3d/attachment.ksh>


More information about the cups-devel mailing list