diff options
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch')
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch new file mode 100644 index 0000000000..3e6c65699d --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From 7755e67116e8973ee0e3b22d653df026a84fa01b Mon Sep 17 00:00:00 2001 | ||
2 | From: Chris Liddell <chris.liddell@artifex.com> | ||
3 | Date: Thu, 15 Jun 2017 08:58:31 +0100 | ||
4 | Subject: [PATCH] Bug 698055: bounds check zone pointer in Ins_MDRP | ||
5 | |||
6 | --- | ||
7 | base/ttinterp.c | 3 ++- | ||
8 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
9 | |||
10 | --- end of original header | ||
11 | |||
12 | CVE: CVE-2017-9726 | ||
13 | |||
14 | Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] | ||
15 | |||
16 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
17 | diff --git a/base/ttinterp.c b/base/ttinterp.c | ||
18 | index e7c9d68..af457e8 100644 | ||
19 | --- a/base/ttinterp.c | ||
20 | +++ b/base/ttinterp.c | ||
21 | @@ -3770,7 +3770,8 @@ static int nInstrCount=0; | ||
22 | |||
23 | point = (Int)args[0]; | ||
24 | |||
25 | - if ( BOUNDS( args[0], CUR.zp1.n_points ) ) | ||
26 | + if ( BOUNDS( args[0], CUR.zp1.n_points ) || | ||
27 | + BOUNDS( CUR.GS.rp0, CUR.zp0.n_points) ) | ||
28 | { | ||
29 | /* Current version of FreeType silently ignores this out of bounds error | ||
30 | * and drops the instruction, see bug #691121 | ||
31 | -- | ||
32 | 1.7.9.5 | ||
33 | |||