[cups.bugs] [HIGH] STR #2199: cos_dict_equal crash due to invalid test
Ian Jackson
iwj at ubuntu.com
Wed Jan 17 05:06:59 PST 2007
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
gdevpdfo.c:cos_dict_equal contains this code:
if (cos_type(v->contents.object) != cos_type_dict)
return false; /* Should _never_ happen */
However:
1. v may be a scalar rather than an object type, in which case this code
has undefined behaviour, and there is no check for this
2. there appears to be no justification for the supposition that
dictionaries contain only other dictionaries
3. this code appears _before_ the line which tests v for NULLity, another
source of crashes.
This bug was reported by an Ubuntu user at
https://launchpad.net/ubuntu/+source/gs-esp/+bug/76749
and we will be fixing it in Ubuntu by removing these statements.
Link: http://www.cups.org/str.php?L2199
Version: 8.15.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch
Type: application/octet-stream
Size: 455 bytes
Desc: not available
URL: <http://lists.cups.org/pipermail/cups-devel/attachments/20070117/108a7960/attachment.obj>
More information about the cups-devel
mailing list