1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
|
From: Zdenek Hutyra <zhutyra@centrum.cz>
Date: Tue, 23 Jul 2024 11:48:39 +0100
Subject: PostScript interpreter - fix buffer length check
Origin: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea69a1388245ad959d31c272b5ba66d40cebba2c
Bug: https://bugs.ghostscript.com/show_bug.cgi?id=707895
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-46956
Bug 707895
See bug report for details.
CVE-2024-46956
---
psi/zfile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/psi/zfile.c b/psi/zfile.c
index a4f5439cd290..12a0357b41de 100644
--- a/psi/zfile.c
+++ b/psi/zfile.c
@@ -443,7 +443,7 @@ file_continue(i_ctx_t *i_ctx_p)
if (code == ~(uint) 0) { /* all done */
esp -= 6; /* pop proc, pfen, scratch, devlen, iodev , mark */
return o_pop_estack;
- } else if (code > len) { /* overran string */
+ } else if (code > len - devlen) { /* overran string */
return_error(gs_error_rangecheck);
}
else if (iodev != iodev_default(imemory)
--
2.45.2
|