File: 0024-PostScript-interpreter-fix-buffer-length-check.patch

package info (click to toggle)
ghostscript 10.0.0~dfsg-11%2Bdeb12u8
  • links: PTS, VCS
  • area: main
  • in suites: bookworm-proposed-updates
  • size: 98,572 kB
  • sloc: ansic: 891,860; python: 7,649; cpp: 6,493; cs: 6,209; sh: 6,043; java: 4,028; perl: 2,372; tcl: 1,639; makefile: 521; awk: 66; javascript: 43; yacc: 18
file content (32 lines) | stat: -rw-r--r-- 1,099 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
From: Zdenek Hutyra <zhutyra@centrum.cz>
Date: Tue, 23 Jul 2024 11:48:39 +0100
Subject: PostScript interpreter - fix buffer length check
Origin: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea69a1388245ad959d31c272b5ba66d40cebba2c
Bug: https://bugs.ghostscript.com/show_bug.cgi?id=707895
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-46956

Bug 707895

See bug report for details.

CVE-2024-46956
---
 psi/zfile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/psi/zfile.c b/psi/zfile.c
index a4f5439cd290..12a0357b41de 100644
--- a/psi/zfile.c
+++ b/psi/zfile.c
@@ -443,7 +443,7 @@ file_continue(i_ctx_t *i_ctx_p)
         if (code == ~(uint) 0) {    /* all done */
             esp -= 6;               /* pop proc, pfen, scratch, devlen, iodev , mark */
             return o_pop_estack;
-        } else if (code > len) {      /* overran string */
+        } else if (code > len - devlen) {      /* overran string */
             return_error(gs_error_rangecheck);
         }
         else if (iodev != iodev_default(imemory)
-- 
2.45.2