diff options
author | Hongxu Jia <hongxu.jia@windriver.com> | 2018-09-10 03:21:01 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-11 09:05:29 +0100 |
commit | b6d32d43fd2b016e932b7dc81fb943eb936b73bb (patch) | |
tree | 12ff10671022d5e8f82b8eb3aee2f4e4d419363b /meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch | |
parent | a04a0f309f4080497ddb6fa1cf81b9c2db5f4e11 (diff) | |
download | openembedded-core-contrib-b6d32d43fd2b016e932b7dc81fb943eb936b73bb.tar.gz |
ghostscript: fix CVE-2018-15908 & CVE-2018-15909 & CVE-2018-15910 & CVE-2018-15911
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch')
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch b/meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch new file mode 100644 index 0000000000..a16f215bd3 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch @@ -0,0 +1,53 @@ +From 1b516be5f6829ab6ce37835529ba08abd6d18663 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Tue, 21 Aug 2018 16:42:45 +0100 +Subject: [PATCH 2/5] Bug 699656: Handle LockDistillerParams not being a + boolean + +This caused a function call commented as "Can't fail" to fail, and resulted +in memory correuption and a segfault. + +CVE: CVE-2018-15910 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + devices/vector/gdevpdfp.c | 2 +- + psi/iparam.c | 7 ++++--- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c +index 522db7a..f2816b9 100644 +--- a/devices/vector/gdevpdfp.c ++++ b/devices/vector/gdevpdfp.c +@@ -364,7 +364,7 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par + * LockDistillerParams is read again, and reset if necessary, in + * psdf_put_params. + */ +- ecode = param_read_bool(plist, "LockDistillerParams", &locked); ++ ecode = param_read_bool(plist, (param_name = "LockDistillerParams"), &locked); + if (ecode < 0) + param_signal_error(plist, param_name, ecode); + +diff --git a/psi/iparam.c b/psi/iparam.c +index 68c20d4..0279455 100644 +--- a/psi/iparam.c ++++ b/psi/iparam.c +@@ -822,10 +822,11 @@ static int + ref_param_read_signal_error(gs_param_list * plist, gs_param_name pkey, int code) + { + iparam_list *const iplist = (iparam_list *) plist; +- iparam_loc loc; ++ iparam_loc loc = {0}; + +- ref_param_read(iplist, pkey, &loc, -1); /* can't fail */ +- *loc.presult = code; ++ ref_param_read(iplist, pkey, &loc, -1); ++ if (loc.presult) ++ *loc.presult = code; + switch (ref_param_read_get_policy(plist, pkey)) { + case gs_param_policy_ignore: + return 0; +-- +2.8.1 + |