Hi, as reported in a Debian bug [1], it seems GooString::insert could lead to using uninitialized memory. The case is a simple: GooString goo; goo.insert(0, "."); goo.insert(0, "This is a very long long test string"); i.e. basically first insert a single character at position 0, and then a string longer than STR_STATIC_SIZE always at position 0.
The insert(int,char) part of the patch in the bug is superfluous, while
the other part seems correct; on the other hand, I've found that
basically that loop is reinventing memmove, so I've prepared the
following:
--- a/GooString.cc
+++ b/GooString.cc
@@ -646,8 +646,7 @@ GooString *GooString::insert(int i, cons
lengthA = strlen(str);
resize(length + lengthA);
- for (j = prevLen; j >= i; --j)
- s[j+lengthA] = s[j];
+ memmove(s+i+lengthA, s+i, prevLen);
memcpy(s+i, str, lengthA);
return this;
}
Before I commit it in master and 0.20, do you see anything wrong with
it?
Albert, wold it too costly run your regression tests only with this?
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693817
Thanks,
--
Pino Toscano
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
