poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9739.patch - openbmc/openbmc - Gitiles

 From c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 Mon Sep 17 00:00:00 2001
 From: Chris Liddell <chris.liddell@artifex.com>
 Date: Fri, 16 Jun 2017 08:29:25 +0100
 Subject: [PATCH] Bug 698063: Bounds check Ins_JMPR

 ---
  base/ttinterp.c |    6 ++++++
  1 file changed, 6 insertions(+)

 --- end of original header

 CVE: CVE-2017-9739

 Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]

 Signed-off-by: Joe Slater <joe.slater@windriver.com>

 diff --git a/base/ttinterp.c b/base/ttinterp.c
 index af457e8..adf3f0c 100644
 --- a/base/ttinterp.c
 +++ b/base/ttinterp.c
 @@ -1794,6 +1794,12 @@ static int nInstrCount=0;

    static void  Ins_JMPR( INS_ARG )
    {
 +    if ( BOUNDS(CUR.IP + args[0], CUR.codeSize ) )
 +    {
 +      CUR.error = TT_Err_Invalid_Reference;
 +      return;
 +    }
 +
      CUR.IP      += (Int)(args[0]);
      CUR.step_ins = FALSE;

 --
 1.7.9.5
	From c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 Mon Sep 17 00:00:00 2001
	From: Chris Liddell <chris.liddell@artifex.com>
	Date: Fri, 16 Jun 2017 08:29:25 +0100
	Subject: [PATCH] Bug 698063: Bounds check Ins_JMPR

	---
	base/ttinterp.c \| 6 ++++++
	1 file changed, 6 insertions(+)

	--- end of original header

	CVE: CVE-2017-9739

	Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]

	Signed-off-by: Joe Slater <joe.slater@windriver.com>

	diff --git a/base/ttinterp.c b/base/ttinterp.c
	index af457e8..adf3f0c 100644
	--- a/base/ttinterp.c
	+++ b/base/ttinterp.c
	@@ -1794,6 +1794,12 @@ static int nInstrCount=0;

	static void Ins_JMPR( INS_ARG )
	{
	+ if ( BOUNDS(CUR.IP + args[0], CUR.codeSize ) )
	+ {
	+ CUR.error = TT_Err_Invalid_Reference;
	+ return;
	+ }
	+
	CUR.IP += (Int)(args[0]);
	CUR.step_ins = FALSE;

	--
	1.7.9.5