El Dissabte, 24 de novembre de 2012, a les 16:58:00, Pino Toscano va escriure: > Hi, > > as reported in a Debian bug [1], it seems GooString::insert could lead > to using uninitialized memory. > The case is a simple: > GooString goo; > goo.insert(0, "."); > goo.insert(0, "This is a very long long test string"); > i.e. basically first insert a single character at position 0, and then a > string longer than STR_STATIC_SIZE always at position 0. > > The insert(int,char) part of the patch in the bug is superfluous, while > the other part seems correct; on the other hand, I've found that > basically that loop is reinventing memmove, so I've prepared the > following: > > --- a/GooString.cc > +++ b/GooString.cc > @@ -646,8 +646,7 @@ GooString *GooString::insert(int i, cons > lengthA = strlen(str); > > resize(length + lengthA); > - for (j = prevLen; j >= i; --j) > - s[j+lengthA] = s[j]; > + memmove(s+i+lengthA, s+i, prevLen); > memcpy(s+i, str, lengthA); > return this; > } > > Before I commit it in master and 0.20, do you see anything wrong with > it? > Albert, wold it too costly run your regression tests only with this?
Ran the regtest, commited to master. Cheers, Albert > > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693817 > > Thanks, _______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
