Because of the sensitive nature of the information in the report the details will be found in Comment #1, which will be viewable only by Artifex staff.
Created attachment 8365 [details] Patch I don't really know what this bug report is about. There's a suspicious place in mswinpr2 but long file name is detected and discarded earlier. Still the proposed patch should help to pacify static analysis tools.
Hello Marcos can you ask Sacunia for a command line to reproduce the problem so we can actually reproduce the overflow.
(In reply to comment #3) > Hello Marcos can you ask Sacunia for a command line to reproduce the problem so > we can actually reproduce the overflow. Sorry I didn't notice at first everything was set up in the postscript file. Alex if there is not an overflow just close it as invalid and Marcos will report back to Secunia.
The use of mswinpr2 device in the sample file indicates that the problem should happen on Windows. However, the maximum path size on Windows is about 256 bytes. There's no need to stuff in 2000 characters to create an overflow. Testing the file with different /OutputFile attributes either works or fails with /rangecheck. No buffer overflow has been detected. On Linux mswinpr2 cannot be found and the sample program fails when the big path is just a regular string on the stack. Secunia web site doesn't have SA47855 advisory.
Created attachment 8414 [details] WinDBG output showing the overflow
Comment on attachment 8414 [details] WinDBG output showing the overflow Please reference the attached file for evidence of the overflow.
Please provide more information how to reproduce the bug. What version of Ghostscript are you using? How did you compile it? What is your operation system? Is it 32 or 64 hit one? What's your command line?