[trunk] Import commit f4139d702559649e577a5df9cfd64b0ca6107a7a from ghostpdl

Several functions accept a buffer size but never actually check whether the buffer overflows during reading/writing. This fixes all cases where a size variable has explicitly been marked as unused (through a (void) cast). This was discovered while investigating an assertion caused by 7cc691f332f26802c64cdc47e17bff8b_signal_sigabrt_7ffff6d59425_2247_2509.pdf among others. Thanks to Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for providing the example files.
author: Mathieu Malaterre <mathieu.malaterre@gmail.com> 2014-02-25 13:28:37 +0000
committer: Mathieu Malaterre <mathieu.malaterre@gmail.com> 2014-02-25 13:28:37 +0000
commit: 876c02206da3017745fdd1ab7f555a956c73ca0c (patch)
tree: 05084292a8fe1246faf1e246f1cd0569e4f95164 /src/lib/openjp2/event.c
parent: 3ca312033f99eea39fecd83dde5e5797436d6648 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/openjp2/event.c b/src/lib/openjp2/event.c
index 6c53515b..42f59f0f 100644
--- a/src/lib/openjp2/event.c
+++ b/src/lib/openjp2/event.c
@@ -118,7 +118,7 @@ OPJ_BOOL opj_event_msg(opj_event_mgr_t* p_event_mgr, OPJ_INT32 event_type, const
 		str_length = (strlen(fmt) > OPJ_MSG_SIZE) ? OPJ_MSG_SIZE : strlen(fmt);
         (void)str_length;
 		/* parse the format string and put the result in 'message' */
-		vsprintf(message, fmt, arg); /* UniPG */
+		vsnprintf(message, OPJ_MSG_SIZE, fmt, arg); /* UniPG */
 		/* deinitialize the optional parameter list */
 		va_end(arg);
author	Mathieu Malaterre <mathieu.malaterre@gmail.com>	2014-02-25 13:28:37 +0000
committer	Mathieu Malaterre <mathieu.malaterre@gmail.com>	2014-02-25 13:28:37 +0000
commit	876c02206da3017745fdd1ab7f555a956c73ca0c (patch)
tree	05084292a8fe1246faf1e246f1cd0569e4f95164 /src/lib/openjp2/event.c
parent	3ca312033f99eea39fecd83dde5e5797436d6648 (diff)