summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch')
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch
new file mode 100644
index 0000000000..b737cc56bb
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch
@@ -0,0 +1,35 @@
1From 98f6da60b9d463c617e631fc254cf6d66f2e8e3c Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Mon, 12 Jun 2017 13:15:17 +0100
4Subject: [PATCH] Bug 698026: bounds check zone pointers in Ins_IP()
5
6---
7 base/ttinterp.c | 4 +++-
8 1 file changed, 3 insertions(+), 1 deletion(-)
9
10--- end of original header
11
12CVE: CVE-2017-9612
13
14Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
15
16Signed-off-by: Joe Slater <joe.slater@windriver.com>
17
18diff --git a/base/ttinterp.c b/base/ttinterp.c
19index f6a6d95..e7c9d68 100644
20--- a/base/ttinterp.c
21+++ b/base/ttinterp.c
22@@ -4129,7 +4129,9 @@ static int nInstrCount=0;
23 Int point;
24 (void)args;
25
26- if ( CUR.top < CUR.GS.loop )
27+ if ( CUR.top < CUR.GS.loop ||
28+ BOUNDS(CUR.GS.rp1, CUR.zp0.n_points) ||
29+ BOUNDS(CUR.GS.rp2, CUR.zp1.n_points))
30 {
31 CUR.error = TT_Err_Invalid_Reference;
32 return;
33--
341.7.9.5
35