[reportlab-users] Buffer overrun with large parameters
amaury.forgeotdarc at ubitrade.com
amaury.forgeotdarc at ubitrade.com
Mon Apr 25 09:23:24 EDT 2005
Hello,
I know it makes no sense, but I tried to pass a huge
font size to setFont:
c = Canvas('test_hello.pdf')
c.setFont('Helvetica-Bold', 1e136)
c.drawString(100,700, 'Hello World')
c.save()
- when rl_accel is present, the script crashes with an Access Violation
error.
The cause is in _rl_accel.c, where the function _fp_one tries to write
136 digits in a static buffer which is only 30 characters long...
- when rl_accel is not present, the generated PDF is invalid :
"bad token 1.2e+136", but this one doesn't bother me.
Since every number written in the PDF file uses the _fp_one function,
I propose to protect it with a check like this one:
if(fabs(d)>=1.0e20){
PyErr_SetString(ErrorObject, "numeric value too large");
return NULL;
}
1e20 seems enough for any application...
--
Amaury Forgeot d'Arc
Ubix Development
www.ubitrade.com
More information about the reportlab-users
mailing list