[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[pdf-devel] Stream buffer flaw
From: |
gerel |
Subject: |
[pdf-devel] Stream buffer flaw |
Date: |
Fri, 03 Oct 2008 21:40:50 -0700 (PDT) |
Hey everyone,
There is a flaw in the full_p function that allows a filter to overflows the
buffer->data pointer. Basically it's not working,
I use printf() in the RL filter to show the behavior.
##
size: 1, wp: 0, rp: 0, and It is NOT full
size: 1, wp: 0, rp: 0, and It is NOT full
size: 1, wp: 0, rp: 0, and It is NOT full
size: 1, wp: 1, rp: 1, and It is NOT full
size: 1, wp: 1, rp: 1, and It is NOT full
###
The last two should say "It is full".
You can check the above prints are consistent (yet undesired) with the code,
see:
##
pdf_bool_t
pdf_stm_buffer_full_p (pdf_stm_buffer_t buffer)
{
return ((buffer->wp == buffer->size) &&
(buffer->rp != buffer->wp));
}
###
I don't know what kind of buffer we're trying to implement.
jemarch, what kind of buffer is that you have in mind ? Let's put it clear. :-)
cheers
-gerel
- [pdf-devel] Stream buffer flaw,
gerel <=