Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / d89cb5f03a8d4951590cee276daee6f9a269b6d0 / . / poky / meta / recipes-extended / ghostscript / ghostscript / CVE-2019-6116-0005.patch
blob: db70bba215eab2e4332d08cd8bf2f26abdd6228c [file] [log] [blame]
From 1e830cafa56c6e3e1b08d246eaf5496fe81a0032 Mon Sep 17 00:00:00 2001
From: Nancy Durgin <nancy.durgin@artifex.com>
Date: Tue, 27 Nov 2018 12:36:14 -0800
Subject: [PATCH 5/7] Undef a bunch of internal things in gs_res.ps
CVE: CVE-2019-6116
Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
---
Resource/Init/gs_res.ps | 72 +++++++++++++++++++++++++--------------
Resource/Init/gs_resmp.ps | 4 +--
2 files changed, 49 insertions(+), 27 deletions(-)
diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index d9b3459..18d5452 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -197,7 +197,7 @@ setglobal
/.findresource { % <key> <category> findresource <instance>
2 copy dup /Category eq
{ pop //Category 0 get begin } { .findcategory } ifelse
- /FindResource .resourceexec exch pop exch pop
+ /FindResource //.resourceexec exec exch pop exch pop
} bind
end % .Instances of Category
def
@@ -223,7 +223,7 @@ def
not { /defineresource cvx /typecheck signaloperror } if
} if
} if
- /DefineResource .resourceexec
+ /DefineResource //.resourceexec exec
4 1 roll pop pop pop
} .errorexec
} bind executeonly odef
@@ -252,7 +252,7 @@ def
% without the check.
/resourcestatus cvx /typecheck signalerror
} if
- 2 copy .findcategory /ResourceStatus .resourceexec
+ 2 copy .findcategory /ResourceStatus //.resourceexec exec
{ 4 2 roll pop pop //true } { pop pop //false } ifelse
} stopped {
% Although resourcestatus is an operator, Adobe uses executable name
@@ -266,7 +266,7 @@ def
} if
1 .argindex 1 index % catch stackunderflow
- { .findcategory /UndefineResource .resourceexec pop pop
+ { .findcategory /UndefineResource //.resourceexec exec pop pop
} stopped {
% Although undefineresource is an operator, Adobe uses executable name
% here but uses operator for the errors above. CET 23-33
@@ -315,10 +315,10 @@ currentdict /pssystemparams known not {
/pssystemparams 10 dict readonly def
} if
pssystemparams begin
- .default_resource_dir
- /FontResourceDir (Font) .resource_dir_name
+ //.default_resource_dir exec
+ /FontResourceDir (Font) //.resource_dir_name exec
readonly .forcedef % pssys'params is r-o
- /GenericResourceDir () .resource_dir_name
+ /GenericResourceDir () //.resource_dir_name exec
readonly .forcedef % pssys'params is r-o
pop % .default_resource_dir
/GenericResourcePathSep
@@ -387,13 +387,13 @@ status {
} bind def
/.localresourceforall { % <key> <value> <args> .localr'forall -
exch pop
- 2 copy 0 get .stringmatch { .enumerateresource } { pop pop } ifelse
+ 2 copy 0 get .stringmatch { //.enumerateresource exec } { pop pop } ifelse
} bind def
/.globalresourceforall { % <key> <value> <args> .globalr'forall -
exch pop
2 copy 0 get .stringmatch {
dup 3 get begin .LocalInstances end 2 index known not {
- .enumerateresource
+ //.enumerateresource exec
} {
pop pop
} ifelse
@@ -408,7 +408,7 @@ status {
3 index known {
pop pop pop
} {
- 2 index known { pop pop } { .enumerateresource } ifelse
+ 2 index known { pop pop } { //.enumerateresource exec } ifelse
} ifelse
} bind def
@@ -468,19 +468,19 @@ status {
% .knownget doesn't fail on null
/findresource cvx /typecheck signaloperror
} if
- dup .getvminstance {
+ dup //.getvminstance exec {
exch pop 0 get
} {
dup ResourceStatus {
pop 1 gt {
- .DoLoadResource .getvminstance not {
- /findresource cvx .undefinedresource
+ .DoLoadResource //.getvminstance exec not {
+ /findresource cvx //.undefinedresource exec
} if 0 get
} {
.GetInstance pop 0 get
} ifelse
} {
- /findresource cvx .undefinedresource
+ /findresource cvx //.undefinedresource exec
} ifelse
} ifelse
} bind executeonly
@@ -621,7 +621,7 @@ status {
.currentglobal not .setglobal
vmstatus pop exch pop add
} repeat
-} bind def
+} bind executeonly odef
/.DoLoadResource {
% .LoadResource may push entries on the operand stack.
% It is an undocumented feature of Adobe implementations,
@@ -633,8 +633,8 @@ status {
{.LoadResource} 4 1 roll 4 .execn
% Stack: ... count key memused
.vmused exch sub
- 1 index .getvminstance not {
- pop dup .undefinedresource % didn't load
+ 1 index //.getvminstance exec not {
+ pop dup //.undefinedresource exec % didn't load
} if
dup 1 1 put
2 3 -1 roll put
@@ -648,7 +648,7 @@ status {
{ //true setglobal { .runresource } stopped //false setglobal { stop } if }
ifelse
}
- { dup .undefinedresource
+ { dup //.undefinedresource exec
}
ifelse
} bind
@@ -758,7 +758,7 @@ counttomark 2 idiv
/FindResource
{ .Instances 1 index .knownget
{ exch pop }
- { /findresource cvx .undefinedresource }
+ { /findresource cvx //.undefinedresource exec }
ifelse
} bind executeonly
/ResourceStatus
@@ -862,7 +862,7 @@ userdict /.localcsdefaults //false put
2 copy /Generic /Category findresource /DefineResource get exec
exch pop
exch //.defaultcsnames exch .knownget {
- 1 index .definedefaultcs
+ 1 index //.definedefaultcs exec
currentglobal not { .userdict /.localcsdefaults //true put } if
} if
} bind executeonly
@@ -872,13 +872,13 @@ userdict /.localcsdefaults //false put
//.defaultcsnames 1 index .knownget {
% Stack: resname index
currentglobal {
- .undefinedefaultcs pop
+ //.undefinedefaultcs exec pop
} {
% We removed the local definition, but there might be a global one.
exch .GetInstance {
- 0 get .definedefaultcs
+ 0 get //.definedefaultcs exec
} {
- .undefinedefaultcs
+ //.undefinedefaultcs exec
} ifelse
% Recompute .localcsdefaults by scanning. This is rarely needed.
.userdict /.localcsdefaults //false //.defaultcsnames {
@@ -997,7 +997,7 @@ currentdict /.fontstatusaux .undef
/Generic /Category findresource /UndefineResource get exec
} bind executeonly
/FindResource {
- dup .getvminstance {
+ dup //.getvminstance exec {
exch pop 0 get
} {
dup ResourceStatus {
@@ -1024,7 +1024,7 @@ currentdict /.fontstatusaux .undef
% stack: name font vmused
% findfont has the prerogative of not calling definefont
% in certain obscure cases of font substitution.
- 2 index .getvminstance {
+ 2 index //.getvminstance exec {
dup 1 1 put
2 3 -1 roll put
} {
@@ -1159,3 +1159,25 @@ end % level2dict
%% Replace 1 (gs_resmp.ps)
(gs_resmp.ps) dup runlibfile VMDEBUG
+
+[
+ /.default_resource_dir
+ /.resource_dir_name
+]
+{systemdict exch .forceundef} forall
+
+[
+ /.definedefaultcs
+ /.undefinedefaultcs
+ /.defaultcsnames
+ /.enumerateresource
+ /.externalresourceforall
+ /.getvminstance
+ /.globalresourceforall
+ /.localresourceforall
+ /resourceforall1
+ /.resourceexec
+ /.undefinedresource
+ /.vmused
+]
+{level2dict exch .forceundef} forall
diff --git a/Resource/Init/gs_resmp.ps b/Resource/Init/gs_resmp.ps
index 9bb4263..cb948d1 100644
--- a/Resource/Init/gs_resmp.ps
+++ b/Resource/Init/gs_resmp.ps
@@ -230,7 +230,7 @@ currentpacking //false setpacking
} {
dup dup .map exch .knownget { % /Name /Name <<record>>
dup dup /RecordVirtualMethods get /IsActive get exec {
- 1 index .getvminstance { % /Name /Name <<record>> holder
+ 1 index //.getvminstance exec { % /Name /Name <<record>> holder
1 get 1 eq
} {
//true
@@ -242,7 +242,7 @@ currentpacking //false setpacking
DefineResource exec % size bStatusIs1 /Name Instance
% Make ResourceStatus to return correct values for this instance :
% Hack: we replace status values in the instance holder :
- exch .getvminstance pop % size bStatusIs1 Instance holder
+ exch //.getvminstance exec pop % size bStatusIs1 Instance holder
dup 5 -1 roll 2 exch put % bStatusIs1 Instance holder
3 2 roll { % Instance holder
1 1 put % Instance
--
2.18.1