From: Ken Sharp <Ken.Sharp@artifex.com>
Date: Thu, 25 Jan 2024 11:55:49 +0000
Subject: Bug 707510 - don't allow PDF files with bad Filters to overflow the
 debug buffer
Origin: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=77dc7f699beba606937b7ea23b50cf5974fa64b1
Bug: https://bugs.ghostscript.com/show_bug.cgi?id=707510
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-29506

Item #2 of the report.

Allocate a buffer to hold the filter name, instead of assuming it will
fit in a fixed buffer.

Reviewed all the other PDFDEBUG cases, no others use a fixed buffer like
this.
---
 pdf/pdf_file.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/pdf/pdf_file.c
+++ b/pdf/pdf_file.c
@@ -777,10 +777,14 @@ static int pdfi_apply_filter(pdf_context
 
     if (ctx->args.pdfdebug)
     {
-        char str[100];
+        char *str;
+        str = gs_alloc_bytes(ctx->memory, n->length + 1, "temp string for debug");
+        if (str == NULL)
+            return_error(gs_error_VMerror);
         memcpy(str, (const char *)n->data, n->length);
         str[n->length] = '\0';
         dmprintf1(ctx->memory, "FILTER NAME:%s\n", str);
+        gs_free_object(ctx->memory, str, "temp string for debug");
     }
 
     if (pdfi_name_is(n, "RunLengthDecode")) {
