Buffer overrun preventing Inkscape from running on Win32
Bug #203900 reported by
Jaspervdg
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Inkscape |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
The temporary character buffer tmp allocated in main.cpp on line 426 (CHAR tmp[_MAX_EXT]) could overrun if the generated path was more than 255 characters long. This was exposed by the most recent patch which appended the existing path (in my case it's over a 1000 characters, so the buffer is easily overrun). For me this meant Inkscape would refuse to run. Replacing the fixed-size character buffer by std::string resolved the issue (patch attached).
Revision history for this message
| Jaspervdg (jaspervdg) wrote | #1 |
Revision history for this message
| Jaspervdg (jaspervdg) wrote | #2 |
Revision history for this message
| bbyak (buliabyak) wrote | #3 |
| Changed in inkscape: | |
| status: | New → Fix Released |
To post a comment you must log in.
I just found out I have SVN access so I committed this change myself.