--- f_readeps.c +++ f_readeps.c 2011-06-17 12:46:08.519926308 +0000 @@ -252,11 +252,12 @@ bitmap_from_gs(file, filetype, pic, urx, { char buf[300]; FILE *tmpfp, *pixfile, *gsfile; - char *psnam, *driver; - int status, wid, ht, nbitmap, fd; + char *driver; + int status, wid, ht, nbitmap, fd, len; char tmpfile[PATH_MAX], pixnam[PATH_MAX], errnam[PATH_MAX], + psnam[PATH_MAX], gscom[2 * PATH_MAX]; wid = urx - llx; @@ -307,19 +308,26 @@ bitmap_from_gs(file, filetype, pic, urx, /* for color, use pcx */ driver = "pcx256"; } - /* avoid absolute paths (for Cygwin with gswin32) by changing directory */ - if (tmpfile[0] == '/') { - psnam = strrchr(tmpfile, '/'); - *psnam = 0; - sprintf(gscom, "cd \"%s/\";", tmpfile); - *psnam++ = '/'; /* Restore name for unlink() below */ - } else { - psnam = tmpfile; - gscom[0] = '\0'; + /* Canonicalize the eps file filename, needed to "defeat" gs after .locksafe */ + if (!realpath(tmpfile, psnam)) { + file_msg("Cannot canonicalize %s: %s\n", tmpfile, strerror(errno)); + return False; + } + /* From Language.htm of ghostscript 9.00 and higher: + * If Ghostscript is started with -dNOSAFER or -dDELAYSAFER, this operator can + * be used to enter SAFER mode with the current set of PermitFile... user + * parameters in effect. Since .setsafe sets the PermitFile... user parameters + * to empty arrays, a script or job server that needs to enable certain paths + * for file Reading, Writing and/or Control can use this operator to perform + * the locking needed to enter SAFER mode. + */ + len = snprintf(gscom, sizeof(gscom) - 1, + "%s -r72x72 -sDEVICE=%s -g%dx%d -dDELAYSAFER -sOutputFile=%s -c '<> setuserparams .locksafe' -q - > %s 2>&1", + appres.ghostscript, driver, wid, ht, pixnam, psnam, errnam); + if (len >= sizeof(gscom) - 1 || len < 0) { + file_msg("Cannot write to buffer, file name to large: %s\n", psnam); + return False; } - sprintf(&gscom[strlen(gscom)], - "%s -r72x72 -dSAFER -sDEVICE=%s -g%dx%d -sOutputFile=%s -q - > %s 2>&1", - appres.ghostscript, driver, wid, ht, pixnam, errnam); if (appres.DEBUG) fprintf(stderr,"calling: %s\n",gscom); if ((gsfile = popen(gscom, "w")) == 0) {