aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch
diff options
context:
space:
mode:
authorHongxu Jia <hongxu.jia@windriver.com>2018-09-10 03:21:01 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-09-11 09:05:29 +0100
commitb6d32d43fd2b016e932b7dc81fb943eb936b73bb (patch)
tree12ff10671022d5e8f82b8eb3aee2f4e4d419363b /meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch
parenta04a0f309f4080497ddb6fa1cf81b9c2db5f4e11 (diff)
downloadopenembedded-core-contrib-b6d32d43fd2b016e932b7dc81fb943eb936b73bb.tar.gz
ghostscript: fix CVE-2018-15908 & CVE-2018-15909 & CVE-2018-15910 & CVE-2018-15911
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch')
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch b/meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch
new file mode 100644
index 0000000000..a16f215bd3
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch
@@ -0,0 +1,53 @@
+From 1b516be5f6829ab6ce37835529ba08abd6d18663 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 21 Aug 2018 16:42:45 +0100
+Subject: [PATCH 2/5] Bug 699656: Handle LockDistillerParams not being a
+ boolean
+
+This caused a function call commented as "Can't fail" to fail, and resulted
+in memory correuption and a segfault.
+
+CVE: CVE-2018-15910
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ devices/vector/gdevpdfp.c | 2 +-
+ psi/iparam.c | 7 ++++---
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c
+index 522db7a..f2816b9 100644
+--- a/devices/vector/gdevpdfp.c
++++ b/devices/vector/gdevpdfp.c
+@@ -364,7 +364,7 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par
+ * LockDistillerParams is read again, and reset if necessary, in
+ * psdf_put_params.
+ */
+- ecode = param_read_bool(plist, "LockDistillerParams", &locked);
++ ecode = param_read_bool(plist, (param_name = "LockDistillerParams"), &locked);
+ if (ecode < 0)
+ param_signal_error(plist, param_name, ecode);
+
+diff --git a/psi/iparam.c b/psi/iparam.c
+index 68c20d4..0279455 100644
+--- a/psi/iparam.c
++++ b/psi/iparam.c
+@@ -822,10 +822,11 @@ static int
+ ref_param_read_signal_error(gs_param_list * plist, gs_param_name pkey, int code)
+ {
+ iparam_list *const iplist = (iparam_list *) plist;
+- iparam_loc loc;
++ iparam_loc loc = {0};
+
+- ref_param_read(iplist, pkey, &loc, -1); /* can't fail */
+- *loc.presult = code;
++ ref_param_read(iplist, pkey, &loc, -1);
++ if (loc.presult)
++ *loc.presult = code;
+ switch (ref_param_read_get_policy(plist, pkey)) {
+ case gs_param_policy_ignore:
+ return 0;
+--
+2.8.1
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-23 15:11:25 +0000