diff options
Diffstat (limited to 'poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9216.patch')
-rw-r--r-- | poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9216.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9216.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9216.patch new file mode 100644 index 000000000..1caeb3ef5 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9216.patch @@ -0,0 +1,36 @@ +From 3ebffb1d96ba0cacec23016eccb4047dab365853 Mon Sep 17 00:00:00 2001 +From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> +Date: Wed, 24 May 2017 19:29:57 +0100 +Subject: [PATCH] Bug 697934: Fix SEGV due to error code being ignored. + +The return code from jbig2_decode_text_region was being ignored so the +code continued to try and parse the invalid file using incomplete/empty +structures. + +Upstream-Status: Backport +CVE: CVE-2017-9216 + +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +--- + jbig2dec/jbig2_symbol_dict.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/jbig2dec/jbig2_symbol_dict.c b/jbig2dec/jbig2_symbol_dict.c +index 3cc1731..672425d 100644 +--- a/jbig2dec/jbig2_symbol_dict.c ++++ b/jbig2dec/jbig2_symbol_dict.c +@@ -493,8 +493,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, + } + + /* multiple symbols are handled as a text region */ +- jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts, ++ code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts, + n_refagg_dicts, image, data, size, GR_stats, as, ws); ++ if (code < 0) ++ goto cleanup4; + + SDNEWSYMS->glyphs[NSYMSDECODED] = image; + refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]); +-- +2.10.2 + |