Inkscape

BAD_SIZEOF in inkscape/src/extension/internal/pdfinput/svg-builder.cpp

Bug #616178 reported by Vaughn Spurlin on 2010-08-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Inkscape	Fix Released	Medium	Jon A. Cruz	Inkscape 0.91 "0.91"

Bug Description

In Inkscape::Extension::Internal::SvgBuilder…::pushTransparencyGroup(...):
The sizeof operator was applied to an unintended variable or expression, such as a pointer variable instead of its target (CWE-467).

1766void SvgBuilder::pushTransparencyGroup(GfxState *state, double *bbox,
1767 GfxColorSpace *blending_color_space,
1768 bool isolated, bool knockout,
1769 bool for_softmask) {
1770
1771 // Push node stack
1772 pushNode("svg:g");
1773
1774 // Setup new transparency group
1775 SvgTransparencyGroup *transpGroup = new SvgTransparencyGroup;
Taking the size of pointer parameter "bbox" is suspicious.
1776 memcpy(&transpGroup->bbox, bbox, sizeof(bbox));

Tags:

Related branches

lp:~inkscape.dev/inkscape/trunk

Revision history for this message

Jon A. Cruz (jon-joncruz) wrote on 2012-05-18:

Confirmed incorrect handling of data types.

Changed in inkscape:
assignee:	nobody → Jon A. Cruz (jon-joncruz)
status:	New → Confirmed
status:	Confirmed → In Progress

Jon A. Cruz (jon-joncruz) on 2012-05-18

Changed in inkscape:
status:	In Progress → Fix Committed

Kris (kris-degussem) on 2012-09-06

Changed in inkscape:
milestone:	none → 0.49

Bryce Harrington (bryce) on 2015-02-21

Changed in inkscape:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.