BAD_SIZEOF in inkscape/src/extension/internal/pdfinput/svg-builder.cpp

Bug #616178 reported by Vaughn Spurlin on 2010-08-11
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
Medium
Jon A. Cruz

Bug Description

BAD_SIZEOF in inkscape/src/extension/internal/pdfinput/svg-builder.cpp

In Inkscape::Extension::Internal::SvgBuilder…::pushTransparencyGroup(...):
The sizeof operator was applied to an unintended variable or expression, such as a pointer variable instead of its target (CWE-467).

1766void SvgBuilder::pushTransparencyGroup(GfxState *state, double *bbox,
 1767 GfxColorSpace *blending_color_space,
 1768 bool isolated, bool knockout,
 1769 bool for_softmask) {
 1770
 1771 // Push node stack
 1772 pushNode("svg:g");
 1773
 1774 // Setup new transparency group
 1775 SvgTransparencyGroup *transpGroup = new SvgTransparencyGroup;
Taking the size of pointer parameter "bbox" is suspicious.
 1776 memcpy(&transpGroup->bbox, bbox, sizeof(bbox));

Jon A. Cruz (jon-joncruz) wrote :

Confirmed incorrect handling of data types.

Changed in inkscape:
assignee: nobody → Jon A. Cruz (jon-joncruz)
status: New → Confirmed
status: Confirmed → In Progress
Changed in inkscape:
status: In Progress → Fix Committed
Kris (kris-degussem) on 2012-09-06
Changed in inkscape:
milestone: none → 0.49
Bryce Harrington (bryce) on 2015-02-21
Changed in inkscape:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers