| Summary: | Libjasper: creating temp failed due to buffer overflow | ||
|---|---|---|---|
| Product: | Ghostscript | Reporter: | Henk Jan Priester <hjpriester> |
| Component: | JPX/JBIG2 encode/decode | Assignee: | Alex Cherepanov <alex> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | P4 | ||
| Version: | 9.04 | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Customer: | Word Size: | --- | |
The patch is adopted and committed as a rev. 85e64010450ebafb453b4028356a6ccd20e440b8 Thank you for using and contributing to Ghostscript. |
when trying to convert a pdf to a png with GhostScript 9.04 the program failed with the following error: unable to decode JPX image data. **** Warning: File has insufficient data for an image. **** This file had errors that were repaired or ignored. **** The file was produced by: **** >>>> Adobe Acrobat 8.12 Image Conversion Plug-in <<<< **** Please notify the author of the software that produced this **** file that it does not conform to Adobe's published PDF **** specification. After debbuging this the problem was that the tempfilename was going to exceeding the buffer size and no file was opened resulting in this error. In my case TEMP was set to: /local/users/hj/mytempdir The temporary file object is defined as in: jas_stream.h typedef struct { int fd; int flags; #ifndef _WIN32 char pathname[L_tmpnam + 1]; #else char pathname[_MAX_PATH + 1]; #endif } jas_stream_fileobj_t; L_tmpnam is on Unix defined as 20 but is also intended for use in combination with tmpnam and not with mkstemp. It looks the bug is introduced when using mkstemp. Proposal for fix: change L_tmpnam into PATH_MAX (+add limits.h) #include <limits.h> typedef struct { int fd; int flags; #ifndef _WIN32 char pathname[PATH_MAX + 1]; #else char pathname[_MAX_PATH + 1]; #endif } jas_stream_fileobj_t; In my case this fixes the problem.