poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch - openbmc/owners-plugin-test - Gitiles

 From 98f6da60b9d463c617e631fc254cf6d66f2e8e3c Mon Sep 17 00:00:00 2001
 From: Chris Liddell <chris.liddell@artifex.com>
 Date: Mon, 12 Jun 2017 13:15:17 +0100
 Subject: [PATCH] Bug 698026: bounds check zone pointers in Ins_IP()

 ---
  base/ttinterp.c |    4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

 --- end of original header

 CVE: CVE-2017-9612

 Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]

 Signed-off-by: Joe Slater <joe.slater@windriver.com>

 diff --git a/base/ttinterp.c b/base/ttinterp.c
 index f6a6d95..e7c9d68 100644
 --- a/base/ttinterp.c
 +++ b/base/ttinterp.c
 @@ -4129,7 +4129,9 @@ static int nInstrCount=0;
      Int         point;
      (void)args;

 -    if ( CUR.top < CUR.GS.loop )
 +    if ( CUR.top < CUR.GS.loop ||
 +         BOUNDS(CUR.GS.rp1, CUR.zp0.n_points) ||
 +         BOUNDS(CUR.GS.rp2, CUR.zp1.n_points))
      {
        CUR.error = TT_Err_Invalid_Reference;
        return;
 --
 1.7.9.5
	From 98f6da60b9d463c617e631fc254cf6d66f2e8e3c Mon Sep 17 00:00:00 2001
	From: Chris Liddell <chris.liddell@artifex.com>
	Date: Mon, 12 Jun 2017 13:15:17 +0100
	Subject: [PATCH] Bug 698026: bounds check zone pointers in Ins_IP()

	---
	base/ttinterp.c \| 4 +++-
	1 file changed, 3 insertions(+), 1 deletion(-)

	--- end of original header

	CVE: CVE-2017-9612

	Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]

	Signed-off-by: Joe Slater <joe.slater@windriver.com>

	diff --git a/base/ttinterp.c b/base/ttinterp.c
	index f6a6d95..e7c9d68 100644
	--- a/base/ttinterp.c
	+++ b/base/ttinterp.c
	@@ -4129,7 +4129,9 @@ static int nInstrCount=0;
	Int point;
	(void)args;

	- if ( CUR.top < CUR.GS.loop )
	+ if ( CUR.top < CUR.GS.loop \|\|
	+ BOUNDS(CUR.GS.rp1, CUR.zp0.n_points) \|\|
	+ BOUNDS(CUR.GS.rp2, CUR.zp1.n_points))
	{
	CUR.error = TT_Err_Invalid_Reference;
	return;
	--
	1.7.9.5