diff options
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript/CVE-2016-8602.patch')
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript/CVE-2016-8602.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2016-8602.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2016-8602.patch new file mode 100644 index 0000000000..e58567cfec --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2016-8602.patch @@ -0,0 +1,47 @@ +From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Sat, 8 Oct 2016 16:10:27 +0100 +Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5 + +and param types + +Upstream-Status: Backport +CVE: CVE-2016-8602 + +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +--- + psi/zht2.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/psi/zht2.c b/psi/zht2.c +index fb4a264..dfa27a4 100644 +--- a/psi/zht2.c ++++ b/psi/zht2.c +@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p) + gs_memory_t *mem; + uint edepth = ref_stack_count(&e_stack); + int npop = 2; +- int dict_enum = dict_first(op); ++ int dict_enum; + ref rvalue[2]; + int cname, colorant_number; + byte * pname; + uint name_size; + int halftonetype, type = 0; + gs_gstate *pgs = igs; +- int space_index = r_space_index(op - 1); ++ int space_index; ++ ++ if (ref_stack_count(&o_stack) < 2) ++ return_error(gs_error_stackunderflow); ++ check_type(*op, t_dictionary); ++ check_type(*(op - 1), t_dictionary); ++ ++ dict_enum = dict_first(op); ++ space_index = r_space_index(op - 1); + + mem = (gs_memory_t *) idmemory->spaces_indexed[space_index]; + +-- +2.10.2 + |