Incorrect percent-decoding in hpcups filter
Bug #503398 reported by
Tim Waugh
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| HPLIP |
New
|
Undecided
|
Unassigned | ||
Bug Description
In HPLIP-3.9.12, HPCupsFilter.cpp contains this:
389: if (*ptr == '%') {
390: ptr += 3;
391: m_JA.printer_
392: }
which is making the rather big assumption that any percent-encoded character must be a space. It also makes the assumption that there are two characters following the '%' character, so will start reading arbitrary memory if the DEVICE_URI ends in '%', for example.
Please clean this stuff up.
Revision history for this message
| Tim Waugh (twaugh) wrote | #1 |
To post a comment you must log in.
Looking at it further, it even seems to assume that there is *another* character following the '%XX' part, and *also* that it is not percent-encoded. Missing a 'continue;'?