aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9611.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9611.patch')
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9611.patch34
1 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9611.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9611.patch
new file mode 100644
index 0000000000..58ef04d1fd
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9611.patch
@@ -0,0 +1,34 @@
+From c7c55972758a93350882c32147801a3485b010fe Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Mon, 12 Jun 2017 13:08:40 +0100
+Subject: [PATCH] Bug 698024: bounds check zone pointer in Ins_MIRP()
+
+---
+ base/ttinterp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- end of original header
+
+CVE: CVE-2017-9611
+
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+diff --git a/base/ttinterp.c b/base/ttinterp.c
+index e56aec6..f6a6d95 100644
+--- a/base/ttinterp.c
++++ b/base/ttinterp.c
+@@ -3858,7 +3858,8 @@ static int nInstrCount=0;
+ /* XXX: UNDOCUMENTED! cvt[-1] = 0 always */
+
+ if ( BOUNDS( args[0], CUR.zp1.n_points ) ||
+- BOUNDS( args[1]+1, CUR.cvtSize+1 ) )
++ BOUNDS( args[1]+1, CUR.cvtSize+1 ) ||
++ BOUNDS(CUR.GS.rp0, CUR.zp0.n_points) )
+ {
+ CUR.error = TT_Err_Invalid_Reference;
+ return;
+--
+1.7.9.5
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-17 22:05:42 +0000