[reportlab-users] Buffer overrun with large parameters

amaury.forgeotdarc at ubitrade.com amaury.forgeotdarc at ubitrade.com
Mon Apr 25 09:23:24 EDT 2005


I know it makes no sense, but I tried to pass a huge
font size to setFont:

    c = Canvas('test_hello.pdf')
    c.setFont('Helvetica-Bold', 1e136)
    c.drawString(100,700, 'Hello World')

- when rl_accel is present, the script crashes with an Access Violation
The cause is in _rl_accel.c, where the function _fp_one tries to write
136 digits in a static buffer which is only 30 characters long...

- when rl_accel is not present, the generated PDF is invalid :
"bad token 1.2e+136", but this one doesn't bother me.

Since every number written in the PDF file uses the _fp_one function,
I propose to protect it with a check like this one:

            PyErr_SetString(ErrorObject, "numeric value too large");
            return NULL;

1e20 seems enough for any application...

Amaury Forgeot d'Arc
Ubix Development

More information about the reportlab-users mailing list