summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch39
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.20.bb1
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch
new file mode 100644
index 0000000000..a05dc02c6c
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch
@@ -0,0 +1,39 @@
1From 0e88bee1304993668fede72498d656a2dd33a35e Mon Sep 17 00:00:00 2001
2From: Ken Sharp <ken.sharp@artifex.com>
3Date: Mon, 20 Mar 2017 09:34:11 +0000
4Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
5
6Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
7
8This is only possible by abusing/mis-using Ghostscript-specific
9language extensions, so cannot happen in a general PostScript program.
10
11Nevertheless, Ghostscript should not crash. So this commit checks the
12memory device to see if raster memory has been allocated, before trying
13to read from it.
14
15Upstream-Status: Backport
16CVE: CVE-2017-7207
17
18Author: Ken Sharp <ken.sharp@artifex.com>
19Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
20---
21 base/gdevmem.c | 2 ++
22 1 file changed, 2 insertions(+)
23
24diff --git a/base/gdevmem.c b/base/gdevmem.c
25index 41108ba..183f96d 100644
26--- a/base/gdevmem.c
27+++ b/base/gdevmem.c
28@@ -605,6 +605,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect,
29 GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
30 return_error(gs_error_rangecheck);
31 }
32+ if (mdev->line_ptrs == 0x00)
33+ return_error(gs_error_rangecheck);
34 if ((w <= 0) | (h <= 0)) {
35 if ((w | h) < 0)
36 return_error(gs_error_rangecheck);
37--
382.10.2
39
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.20.bb b/meta/recipes-extended/ghostscript/ghostscript_9.20.bb
index 210e9a73b9..e8fc5dfbb6 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.20.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.20.bb
@@ -31,6 +31,7 @@ SRC_URI = "${SRC_URI_BASE} \
31 file://ghostscript-9.02-genarch.patch \ 31 file://ghostscript-9.02-genarch.patch \
32 file://objarch.h \ 32 file://objarch.h \
33 file://cups-no-gcrypt.patch \ 33 file://cups-no-gcrypt.patch \
34 file://CVE-2017-7207.patch \
34 " 35 "
35 36
36SRC_URI_class-native = "${SRC_URI_BASE} \ 37SRC_URI_class-native = "${SRC_URI_BASE} \