Bug 705438: At end of unpack_arguments() call, pass NULL instead of 0.

A zero will through integer promotion be of type int, but what
unpack_arguments() actually expects is a pointer. As along as the
sizes of int and pointers are the same this causes no issue. But
on 64-bit platforms where pointers are 64 bits wide and int is
32 bits wide, the argument list will not be initialized fully.
In these situations the unpack_arguments() function will try to read
64 bits despite the trailing 0 only having initialized 32 bits at
the end of the argument list, possibly causing a crash.

Passing NULL will, since it is a void* pointer, will cause all
64 bits to be fully initialized fixing the problem.

diff --git a/source/pdf/pdf-js.c b/source/pdf/pdf-js.c
index d5f31c1cf372fe6905eb4a28495cbd0af32bf7db..6d7244d904a0481d4c7b6302d7193f014a28c78a 100644 (file)
--- a/source/pdf/pdf-js.c
+++ b/source/pdf/pdf-js.c
@@ -74,7 +74,7 @@ static pdf_js *unpack_arguments(js_State *J, ...)
 
 static void app_alert(js_State *J)
 {
-       pdf_js *js = unpack_arguments(J, "cMsg", "nIcon", "nType", "cTitle", "oDoc", "oCheckbox", 0);
+       pdf_js *js = unpack_arguments(J, "cMsg", "nIcon", "nType", "cTitle", "oDoc", "oCheckbox", NULL);
        pdf_alert_event evt;
 
        /* TODO: Currently we do not support app.openDoc() in javascript actions, hence
@@ -555,7 +555,7 @@ static void doc_print(js_State *J)
 
 static void doc_mailDoc(js_State *J)
 {
-       pdf_js *js = unpack_arguments(J, "bUI", "cTo", "cCc", "cBcc", "cSubject", "cMessage", 0);
+       pdf_js *js = unpack_arguments(J, "bUI", "cTo", "cCc", "cBcc", "cSubject", "cMessage", NULL);
        pdf_mail_doc_event evt;
 
        evt.ask_user = js_isdefined(J, 1) ? js_toboolean(J, 1) : 1;