Mercurial > libpst

diff src/pst2dii.cpp.in @ 170:0e1e048716e4
fix bug where we failed to pickup the last extended attribute. patch from Emmanuel Andry to fix potential security bug in pst2dii with printf(err).
author: Carl Byington <carl@five-ten-sg.com>
date: Sun, 22 Mar 2009 14:34:26 -0700
parents: 40e9de445038
children: 6954d315aaa8
--- a/src/pst2dii.cpp.in	Thu Mar 19 16:46:22 2009 -0700
+++ b/src/pst2dii.cpp.in	Sun Mar 22 14:34:26 2009 -0700
@@ -240,15 +240,15 @@
     while ((p = strchr(l, '&'))) {
         *p = '\0';
         char *err = gdImageStringFTEx(image, &brect[0], color, font_file, sz, 0.0, x_position, y_position, l, &strex);
-        if (err) printf(err);
+        if (err) printf("%s", err);
         x_position += (brect[2]-brect[6]);
         l = p+1;
         err = gdImageStringFTEx(image, &brect[0], color, font_file, sz, 0.0, x_position, y_position, (char*)"&amp;", &strex);
-        if (err) printf(err);
+        if (err) printf("%s", err);
         x_position += (brect[2]-brect[6]);
     }
     char *err = gdImageStringFTEx(image, &brect[0], color, font_file, sz, 0.0, x_position, y_position, l, &strex);
-    if (err) printf(err);
+    if (err) printf("%s", err);
     x_position += (brect[2]-brect[6]);
     col_number += len;
 }
@@ -331,7 +331,7 @@
 
         char line[LINE_SIZE];
         char *err = gdImageStringFTEx(NULL, &brect[0], black, font_file, sz, 0.0, margin, margin, (char*)"LMgqQ", &strex);
-        if (err) printf(err);
+        if (err) printf("%s", err);
         line_height = (brect[3]-brect[7]) * 12/10;
         char_width  = (brect[2]-brect[6]) / 5;
         col_number  = 0;
author	Carl Byington <carl@five-ten-sg.com>
date	Sun, 22 Mar 2009 14:34:26 -0700
parents	40e9de445038
children	6954d315aaa8