diff options
| author | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2015-05-30 17:01:35 +0000 |
|---|---|---|
| committer | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2015-05-30 17:01:35 +0000 |
| commit | c137d70a0f2e6ac557bfbfd064adfafb45dfb452 (patch) | |
| tree | 4525c87155eab394f918d4e7958b8055d272dad4 | |
| parent | 0f599eb9b1a2fd87d9bf235267e52ee43304dbd0 (diff) | |
| download | netpbm-mirror-c137d70a0f2e6ac557bfbfd064adfafb45dfb452.tar.gz netpbm-mirror-c137d70a0f2e6ac557bfbfd064adfafb45dfb452.tar.xz netpbm-mirror-c137d70a0f2e6ac557bfbfd064adfafb45dfb452.zip | |
Fix overrun
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@2531 9d0c8265-081b-0410-96cb-a4ca84ce46f8
| -rw-r--r-- | converter/pbm/pbmtoescp2.c | 5 | ||||
| -rw-r--r-- | doc/HISTORY | 3 |
2 files changed, 8 insertions, 0 deletions
diff --git a/converter/pbm/pbmtoescp2.c b/converter/pbm/pbmtoescp2.c index 8585614a..7dc6653d 100644 --- a/converter/pbm/pbmtoescp2.c +++ b/converter/pbm/pbmtoescp2.c @@ -165,6 +165,11 @@ main(int argc, char* argv[]) { for (idx = 0; idx < 24 && row+idx < rows; ++idx) pbm_readpbmrow_packed(ifP,bytes+idx*pbm_packed_bytes(cols), cols,format); + /* Add delimiter to end of rows, using inverse of final + data byte to prevent match. */ + *(bytes+idx*pbm_packed_bytes(cols)) = + ~ *(bytes+idx*pbm_packed_bytes(cols)-1); + /* Write raster data. */ if (cmdline.compress != 0) { /* compressed */ diff --git a/doc/HISTORY b/doc/HISTORY index 15289c7a..5b5eccf7 100644 --- a/doc/HISTORY +++ b/doc/HISTORY @@ -18,6 +18,9 @@ not yet BJH Release 10.71.00 pbmtogo: Fix bug: buffer overrun with certain input. Broken at least since November 1989. + pbmtoescp2: Fix bug: overrun on certain input. Always broken + (pbmtoescp2 was new in Netpbm 10.18 (September 2003). + libnetpbm: pm_stripeq: fix bug: wild pointer access when comparator is shorter than comparand. Doesn't affect function, but could cause crash or privacy exposure. Affects reading of a |