diff options
Diffstat (limited to 'poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9727.patch')
-rw-r--r-- | poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9727.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9727.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9727.patch new file mode 100644 index 000000000..a2f7bfa50 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9727.patch @@ -0,0 +1,35 @@ +From 937ccd17ac65935633b2ebc06cb7089b91e17e6b Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 15 Jun 2017 09:05:20 +0100 +Subject: [PATCH] Bug 698056: make bounds check in gx_ttfReader__Read more + robust + +--- + base/gxttfb.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- end of original header + +CVE: CVE-2017-9727 + +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +diff --git a/base/gxttfb.c b/base/gxttfb.c +index 0e9a444..e1561af 100644 +--- a/base/gxttfb.c ++++ b/base/gxttfb.c +@@ -79,7 +79,8 @@ static void gx_ttfReader__Read(ttfReader *self, void *p, int n) + if (!r->error) { + if (r->extra_glyph_index != -1) { + q = r->glyph_data.bits.data + r->pos; +- r->error = (r->glyph_data.bits.size - r->pos < n ? ++ r->error = ((r->pos >= r->glyph_data.bits.size || ++ r->glyph_data.bits.size - r->pos < n) ? + gs_note_error(gs_error_invalidfont) : 0); + if (r->error == 0) + memcpy(p, q, n); +-- +1.7.9.5 + |