ghostscript/ghostscript-9.20-cve-2016-8602.patch

43 lines
1.1 KiB
Diff
Raw Normal View History

From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Sat, 8 Oct 2016 16:10:27 +0100
Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5
and param types
---
psi/zht2.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/psi/zht2.c b/psi/zht2.c
index fb4a264..dfa27a4 100644
--- a/psi/zht2.c
+++ b/psi/zht2.c
@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p)
gs_memory_t *mem;
uint edepth = ref_stack_count(&e_stack);
int npop = 2;
- int dict_enum = dict_first(op);
+ int dict_enum;
ref rvalue[2];
int cname, colorant_number;
byte * pname;
uint name_size;
int halftonetype, type = 0;
gs_gstate *pgs = igs;
- int space_index = r_space_index(op - 1);
+ int space_index;
+
+ if (ref_stack_count(&o_stack) < 2)
+ return_error(gs_error_stackunderflow);
+ check_type(*op, t_dictionary);
+ check_type(*(op - 1), t_dictionary);
+
+ dict_enum = dict_first(op);
+ space_index = r_space_index(op - 1);
mem = (gs_memory_t *) idmemory->spaces_indexed[space_index];
--
2.7.4