From b462edcb5c295f19190a376dda59e34c7066599d Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 29 Aug 2018 20:49:47 +0100 Subject: app-text/ghostscript-gpl : import from gentoo, version bump, added 12 patches to fix https://www.kb.cert.org/vuls/id/332928 --- .../files/VU332928-githashb575e1ec.patch | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch (limited to 'app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch') diff --git a/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch b/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch new file mode 100644 index 00000000..b33c5220 --- /dev/null +++ b/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch @@ -0,0 +1,34 @@ +From: Chris Liddell +Date: Thu, 23 Aug 2018 11:20:56 +0000 (+0100) +Subject: Bug 699668: handle stack overflow during error handling +X-Git-Tag: ghostpdl-9.24rc1~17 +X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=b575e1ec + +Bug 699668: handle stack overflow during error handling + +When handling a Postscript error, we push the object throwing the error onto +the operand stack for the error handling procedure to access - we were not +checking the available stack before doing so, thus causing a crash. + +Basically, if we get a stack overflow when already handling an error, we're out +of options, return to the caller with a fatal error. +--- + +diff --git a/psi/interp.c b/psi/interp.c +index 8b49556..6150838 100644 +--- a/psi/interp.c ++++ b/psi/interp.c +@@ -676,7 +676,12 @@ again: + /* Push the error object on the operand stack if appropriate. */ + if (!GS_ERROR_IS_INTERRUPT(code)) { + /* Replace the error object if within an oparray or .errorexec. */ +- *++osp = *perror_object; ++ osp++; ++ if (osp >= ostop) { ++ *pexit_code = gs_error_Fatal; ++ return_error(gs_error_Fatal); ++ } ++ *osp = *perror_object; + errorexec_find(i_ctx_p, osp); + } + goto again; -- cgit v1.2.3