diff options
Diffstat (limited to 'poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch')
-rw-r--r-- | poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch new file mode 100644 index 000000000..b737cc56b --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch @@ -0,0 +1,35 @@ +From 98f6da60b9d463c617e631fc254cf6d66f2e8e3c Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Mon, 12 Jun 2017 13:15:17 +0100 +Subject: [PATCH] Bug 698026: bounds check zone pointers in Ins_IP() + +--- + base/ttinterp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- end of original header + +CVE: CVE-2017-9612 + +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +diff --git a/base/ttinterp.c b/base/ttinterp.c +index f6a6d95..e7c9d68 100644 +--- a/base/ttinterp.c ++++ b/base/ttinterp.c +@@ -4129,7 +4129,9 @@ static int nInstrCount=0; + Int point; + (void)args; + +- if ( CUR.top < CUR.GS.loop ) ++ if ( CUR.top < CUR.GS.loop || ++ BOUNDS(CUR.GS.rp1, CUR.zp0.n_points) || ++ BOUNDS(CUR.GS.rp2, CUR.zp1.n_points)) + { + CUR.error = TT_Err_Invalid_Reference; + return; +-- +1.7.9.5 + |