poky/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch - openbmc/openbmc - Gitiles

 From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001
 From: Chris Liddell <chris.liddell@artifex.com>
 Date: Mon, 17 Jul 2023 14:06:37 +0100
 Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
  devices/gdevpcx.c

 Bounds check the buffer, before dereferencing the pointer.

 CVE: CVE-2023-38559
 Upstream-Status: Backport
 Signed-off-by: Ross Burton <ross.burton@arm.com>
 ---
  base/gdevdevn.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/base/gdevdevn.c b/base/gdevdevn.c
 index 7b14d9c71..6351fb77a 100644
 --- a/base/gdevdevn.c
 +++ b/base/gdevdevn.c
 @@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
          byte data = *from;

          from += step;
 -        if (data != *from || from == end) {
 +        if (from >= end || data != *from) {
              if (data >= 0xc0)
                  gp_fputc(0xc1, file);
          } else {
 --
 2.34.1
	From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001
	From: Chris Liddell <chris.liddell@artifex.com>
	Date: Mon, 17 Jul 2023 14:06:37 +0100
	Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
	devices/gdevpcx.c

	Bounds check the buffer, before dereferencing the pointer.

	CVE: CVE-2023-38559
	Upstream-Status: Backport
	Signed-off-by: Ross Burton <ross.burton@arm.com>
	---
	base/gdevdevn.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	diff --git a/base/gdevdevn.c b/base/gdevdevn.c
	index 7b14d9c71..6351fb77a 100644
	--- a/base/gdevdevn.c
	+++ b/base/gdevdevn.c
	@@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
	byte data = *from;

	from += step;
	- if (data != *from \|\| from == end) {
	+ if (from >= end \|\| data != *from) {
	if (data >= 0xc0)
	gp_fputc(0xc1, file);
	} else {
	--
	2.34.1