1 --- enscript-1.6.4/src/psgen.c

     2 +++ enscript-1.6.4/src/psgen.c	2008-10-29 10:43:08.512598143 +0100

     3 @@ -24,6 +24,7 @@

     4   * Boston, MA 02111-1307, USA.

     5   */

     6  

     7 +#include <limits.h>

     8  #include "gsint.h"

     9  

    10  /*

    11 @@ -124,7 +125,7 @@ struct gs_token_st

    12  	  double xscale;

    13  	  double yscale;

    14  	  int llx, lly, urx, ury; /* Bounding box. */

    15 -	  char filename[512];

    16 +	  char filename[PATH_MAX];

    17  	  char *skipbuf;

    18  	  unsigned int skipbuf_len;

    19  	  unsigned int skipbuf_pos;

    20 @@ -135,11 +136,11 @@ struct gs_token_st

    21        Color bgcolor;

    22        struct

    23  	{

    24 -	  char name[512];

    25 +	  char name[PATH_MAX];

    26  	  FontPoint size;

    27  	  InputEncoding encoding;

    28  	} font;

    29 -      char filename[512];

    30 +      char filename[PATH_MAX];

    31      } u;

    32  };

    33  

    34 @@ -248,7 +249,7 @@ static int do_print = 1;

    35  static int user_fontp = 0;

    36  

    37  /* The user ^@font{}-defined font. */

    38 -static char user_font_name[256];

    39 +static char user_font_name[PATH_MAX];

    40  static FontPoint user_font_pt;

    41  static InputEncoding user_font_encoding;

    42  

    43 @@ -978,7 +979,8 @@ large for page\n"),

    44  			FATAL ((stderr,

    45  				_("user font encoding can be only the system's default or `ps'")));

    46  

    47 -		      strcpy (user_font_name, token.u.font.name);

    48 +		      memset  (user_font_name, 0, sizeof(user_font_name));

    49 +		      strncpy (user_font_name, token.u.font.name, sizeof(user_font_name) - 1);

    50  		      user_font_pt.w = token.u.font.size.w;

    51  		      user_font_pt.h = token.u.font.size.h;

    52  		      user_font_encoding = token.u.font.encoding;

    53 @@ -1444,7 +1446,7 @@ read_special_escape (InputStream *is, To

    54  	  buf[i] = ch;

    55  	  if (i + 1 >= sizeof (buf))

    56  	    FATAL ((stderr, _("too long argument for %s escape:\n%.*s"),

    57 -		    escapes[i].name, i, buf));

    58 +		    escapes[e].name, i, buf));

    59  	}

    60        buf[i] = '\0';

    61  

    62 @@ -1452,7 +1454,8 @@ read_special_escape (InputStream *is, To

    63        switch (escapes[e].escape)

    64  	{

    65  	case ESC_FONT:

    66 -	  strcpy (token->u.font.name, buf);

    67 +	  memset  (token->u.font.name, 0, sizeof(token->u.font.name));

    68 +	  strncpy (token->u.font.name, buf, sizeof(token->u.font.name) - 1);

    69  

    70  	  /* Check for the default font. */

    71  	  if (strcmp (token->u.font.name, "default") == 0)

    72 @@ -1465,7 +1468,8 @@ read_special_escape (InputStream *is, To

    73  		FATAL ((stderr, _("malformed font spec for ^@font escape: %s"),

    74  			token->u.font.name));

    75  

    76 -	      strcpy (token->u.font.name, cp);

    77 +	      memset  (token->u.font.name, 0, sizeof(token->u.font.name));

    78 +	      strncpy (token->u.font.name, cp, sizeof(token->u.font.name) - 1);

    79  	      xfree (cp);

    80  	    }

    81  	  token->type = tFONT;

    82 @@ -1544,7 +1548,8 @@ read_special_escape (InputStream *is, To

    83  	  break;

    84  

    85  	case ESC_SETFILENAME:

    86 -	  strcpy (token->u.filename, buf);

    87 +	  memset  (token->u.filename, 0, sizeof(token->u.font.name));

    88 +	  strncpy (token->u.filename, buf, sizeof(token->u.filename) - 1);

    89  	  token->type = tSETFILENAME;

    90  	  break;