From: Pablo C. <cal...@sp...> - 2003-01-13 19:22:35
|
I encountered two nasty memory corruption bugs in pap.c which I have included a patch for (wv-0.7.4). The first bug is a copy to the apap->stylename array that exceeded the allotted fixed size. I simply guarded against buffer overflow for that (strlcpy). Though I suspect changing the fixed array to a char* and using strdup might be better. I'll leave that to you. The other bug occurred when there was a dereference of fkp->rgbx and rgbx was nil. Following these fixes the documents I had decoded as expected. Cheers, Pablo |