diff options
Diffstat (limited to 'poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch')
-rw-r--r-- | poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch new file mode 100644 index 000000000..3e6c65699 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch @@ -0,0 +1,33 @@ +From 7755e67116e8973ee0e3b22d653df026a84fa01b Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 15 Jun 2017 08:58:31 +0100 +Subject: [PATCH] Bug 698055: bounds check zone pointer in Ins_MDRP + +--- + base/ttinterp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- end of original header + +CVE: CVE-2017-9726 + +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> +diff --git a/base/ttinterp.c b/base/ttinterp.c +index e7c9d68..af457e8 100644 +--- a/base/ttinterp.c ++++ b/base/ttinterp.c +@@ -3770,7 +3770,8 @@ static int nInstrCount=0; + + point = (Int)args[0]; + +- if ( BOUNDS( args[0], CUR.zp1.n_points ) ) ++ if ( BOUNDS( args[0], CUR.zp1.n_points ) || ++ BOUNDS( CUR.GS.rp0, CUR.zp0.n_points) ) + { + /* Current version of FreeType silently ignores this out of bounds error + * and drops the instruction, see bug #691121 +-- +1.7.9.5 + |