From a3acdeaac77b737ce20000f147319bf48f2a5cc0 Mon Sep 17 00:00:00 2001
From: Matthias Kramm <kramm@quiss.org>
Date: Wed, 27 Jun 2012 13:53:00 -0700
Subject: [PATCH] fixed buffer overrun in swfrender file name handling

---
 src/swfrender.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/swfrender.c b/src/swfrender.c
index 58c7eb8e..fbfdeaa8 100644
--- a/src/swfrender.c
+++ b/src/swfrender.c
@@ -202,7 +202,7 @@ int main(int argn, char*argv[])
                 gfxresult_t* result = dev->finish(dev);
                 if(result) {
                     char* effective_outputname = outputname;
-                    char suffixed_outputname[1000];
+                    char* suffixed_outputname = malloc(strlen(outputname) + 128);
                     if (count > 1) {
                         effective_outputname = suffixed_outputname;
                         char* ext = strrchr(outputname, '.');
@@ -217,6 +217,7 @@ int main(int argn, char*argv[])
                         fprintf(stderr,"Error writing page %d to %s\n", t, outputname);
                         exit(1);
                     }
+                    free(suffixed_outputname);
                     result->destroy(result);
                 }
             }
-- 
2.11.4.GIT