[Wvware-devel] pap.c mem corruption and fixes

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I encountered two nasty memory corruption bugs in pap.c which I have
included a patch for (wv-0.7.4).

The first bug is a copy to the apap->stylename array that exceeded the
allotted fixed size.  I simply guarded against buffer overflow for that
(strlcpy). Though I suspect changing the fixed array to a char* and
using strdup might be better. I'll leave that to you.

The other bug occurred when there was a dereference of fkp->rgbx and
rgbx was nil.

Following these fixes the documents I had decoded as expected.

Cheers,
Pablo