From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Fri, 2 Aug 2019 15:18:26 +0100
Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly

Upstream-Status: Backport [http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19] 
CVE: CVE-2019-10216
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>

---
 Resource/Init/gs_type1.ps | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
index 6c7735bc0..a039ccee3 100644
--- a/Resource/Init/gs_type1.ps
+++ b/Resource/Init/gs_type1.ps
@@ -118,25 +118,25 @@
                          ( to be the same as glyph: ) print 1 index //== exec } if
                    3 index exch 3 index .forceput
                                                                  % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
-                 }
+                 }executeonly
                  {pop} ifelse
-               } forall
+               } executeonly forall
                pop pop
-             }
+             } executeonly
              {
                pop pop pop
              } ifelse
-           }
+           } executeonly
            {
                                                                % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
              pop pop
            } ifelse
-         } forall
+         } executeonly forall
          3 1 roll pop pop
-     } if
+     } executeonly if
      pop
      dup /.AGLprocessed~GS //true .forceput
-   } if
+   } executeonly if
 
    %% We need to excute the C .buildfont1 in a stopped context so that, if there
    %% are errors we can put the stack back sanely and exit. Otherwise callers won't
-- 
2.17.1