- Applied patch to fix NULL dereference in JBIG2 decoder (bug #503995).
This commit is contained in:
parent
b62d20303f
commit
12d81d66b1
81
ghostscript-jbig2dec-nullderef.patch
Normal file
81
ghostscript-jbig2dec-nullderef.patch
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
diff -up ghostscript-8.64/jbig2dec/jbig2_generic.c.jbig2dec-nullderef ghostscript-8.64/jbig2dec/jbig2_generic.c
|
||||||
|
--- ghostscript-8.64/jbig2dec/jbig2_generic.c.jbig2dec-nullderef 2007-10-25 23:14:22.000000000 +0100
|
||||||
|
+++ ghostscript-8.64/jbig2dec/jbig2_generic.c 2009-06-02 10:45:01.814127074 +0100
|
||||||
|
@@ -599,6 +599,10 @@ jbig2_immediate_generic_region(Jbig2Ctx
|
||||||
|
memcpy (params.gbat, gbat, gbat_bytes);
|
||||||
|
|
||||||
|
image = jbig2_image_new(ctx, rsi.width, rsi.height);
|
||||||
|
+ if (image == NULL)
|
||||||
|
+ return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
|
||||||
|
+ "failed to allocate buffer for image");
|
||||||
|
+
|
||||||
|
jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number,
|
||||||
|
"allocated %d x %d image buffer for region decode results",
|
||||||
|
rsi.width, rsi.height);
|
||||||
|
diff -up ghostscript-8.64/jbig2dec/jbig2_symbol_dict.c.jbig2dec-nullderef ghostscript-8.64/jbig2dec/jbig2_symbol_dict.c
|
||||||
|
--- ghostscript-8.64/jbig2dec/jbig2_symbol_dict.c.jbig2dec-nullderef 2009-06-02 10:45:01.809127374 +0100
|
||||||
|
+++ ghostscript-8.64/jbig2dec/jbig2_symbol_dict.c 2009-06-02 10:45:01.814127074 +0100
|
||||||
|
@@ -370,6 +370,11 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
|
||||||
|
memcpy(region_params.gbat, params->sdat, sdat_bytes);
|
||||||
|
|
||||||
|
image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT);
|
||||||
|
+ if (image == NULL) {
|
||||||
|
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
|
||||||
|
+ "failed to allocate image storage");
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
code = jbig2_decode_generic_region(ctx, segment, ®ion_params,
|
||||||
|
as, image, GB_stats);
|
||||||
|
@@ -520,6 +525,11 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
|
||||||
|
ID, RDX, RDY);
|
||||||
|
|
||||||
|
image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT);
|
||||||
|
+ if (image == NULL) {
|
||||||
|
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
|
||||||
|
+ "failed to allocate image storage");
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* Table 18 */
|
||||||
|
rparams.GRTEMPLATE = params->SDRTEMPLATE;
|
||||||
|
@@ -638,6 +648,16 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
|
||||||
|
for (j = HCFIRSTSYM; j < NSYMSDECODED; j++) {
|
||||||
|
Jbig2Image *glyph;
|
||||||
|
glyph = jbig2_image_new(ctx, SDNEWSYMWIDTHS[j], HCHEIGHT);
|
||||||
|
+ if (glyph == NULL) {
|
||||||
|
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
|
||||||
|
+ "error allocating image storage for glyph");
|
||||||
|
+ while (--j >= HCFIRSTSYM) {
|
||||||
|
+ jbig2_image_release(ctx, SDNEWSYMS->glyphs[j]);
|
||||||
|
+ SDNEWSYMS->glyphs[j] = NULL;
|
||||||
|
+ }
|
||||||
|
+ jbig2_image_release(ctx, image);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
jbig2_image_compose(ctx, glyph, image,
|
||||||
|
-x, 0, JBIG2_COMPOSE_REPLACE);
|
||||||
|
x += SDNEWSYMWIDTHS[j];
|
||||||
|
diff -up ghostscript-8.64/jbig2dec/jbig2_text.c.jbig2dec-nullderef ghostscript-8.64/jbig2dec/jbig2_text.c
|
||||||
|
--- ghostscript-8.64/jbig2dec/jbig2_text.c.jbig2dec-nullderef 2008-05-09 15:00:44.000000000 +0100
|
||||||
|
+++ ghostscript-8.64/jbig2dec/jbig2_text.c 2009-06-02 10:45:01.816126454 +0100
|
||||||
|
@@ -315,6 +315,9 @@ jbig2_decode_text_region(Jbig2Ctx *ctx,
|
||||||
|
IBO = IB;
|
||||||
|
image = jbig2_image_new(ctx, IBO->width + RDW,
|
||||||
|
IBO->height + RDH);
|
||||||
|
+ if (image == NULL)
|
||||||
|
+ return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
|
||||||
|
+ "could not allocate image storage");
|
||||||
|
|
||||||
|
/* Table 12 */
|
||||||
|
rparams.GRTEMPLATE = params->SBRTEMPLATE;
|
||||||
|
@@ -676,6 +679,9 @@ jbig2_parse_text_region(Jbig2Ctx *ctx, J
|
||||||
|
}
|
||||||
|
|
||||||
|
image = jbig2_image_new(ctx, region_info.width, region_info.height);
|
||||||
|
+ if (image == NULL)
|
||||||
|
+ return jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
|
||||||
|
+ "unable to allocate image storage");
|
||||||
|
|
||||||
|
ws = jbig2_word_stream_buf_new(ctx, segment_data + offset, segment->data_length - offset);
|
||||||
|
if (!params.SBHUFF) {
|
@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer.
|
|||||||
Name: ghostscript
|
Name: ghostscript
|
||||||
Version: %{gs_ver}
|
Version: %{gs_ver}
|
||||||
|
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
|
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
URL: http://www.ghostscript.com/
|
URL: http://www.ghostscript.com/
|
||||||
@ -25,6 +25,7 @@ Patch8: ghostscript-bitcmyk.patch
|
|||||||
Patch9: ghostscript-CVE-2009-0583,0584.patch
|
Patch9: ghostscript-CVE-2009-0583,0584.patch
|
||||||
Patch10: ghostscript-CVE-2009-0792.patch
|
Patch10: ghostscript-CVE-2009-0792.patch
|
||||||
Patch11: ghostscript-CVE-2009-0196.patch
|
Patch11: ghostscript-CVE-2009-0196.patch
|
||||||
|
Patch12: ghostscript-jbig2dec-nullderef.patch
|
||||||
|
|
||||||
Requires: urw-fonts >= 1.1, ghostscript-fonts
|
Requires: urw-fonts >= 1.1, ghostscript-fonts
|
||||||
BuildRequires: libjpeg-devel, libXt-devel
|
BuildRequires: libjpeg-devel, libXt-devel
|
||||||
@ -121,6 +122,9 @@ rm -rf libpng zlib jpeg jasper
|
|||||||
# Applied patch to fix CVE-2009-0196 (bug #493379).
|
# Applied patch to fix CVE-2009-0196 (bug #493379).
|
||||||
%patch11 -p1 -b .CVE-2009-0196
|
%patch11 -p1 -b .CVE-2009-0196
|
||||||
|
|
||||||
|
# Applied patch to fix NULL dereference in JBIG2 decoder (bug #501710).
|
||||||
|
%patch12 -p1 -b .jbig2dec-nullderef
|
||||||
|
|
||||||
# Convert manual pages to UTF-8
|
# Convert manual pages to UTF-8
|
||||||
from8859_1() {
|
from8859_1() {
|
||||||
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
|
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
|
||||||
@ -302,6 +306,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_libdir}/libgs.so
|
%{_libdir}/libgs.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 4 2009 Tim Waugh <twaugh@redhat.com> 8.64-7
|
||||||
|
- Applied patch to fix NULL dereference in JBIG2 decoder (bug #503995).
|
||||||
|
|
||||||
* Wed Apr 15 2009 Tim Waugh <twaugh@redhat.com> 8.64-6
|
* Wed Apr 15 2009 Tim Waugh <twaugh@redhat.com> 8.64-6
|
||||||
- Applied patch to fix CVE-2009-0792 (bug #491853).
|
- Applied patch to fix CVE-2009-0792 (bug #491853).
|
||||||
- Applied patch to fix CVE-2009-0196 (bug #493379).
|
- Applied patch to fix CVE-2009-0196 (bug #493379).
|
||||||
|
Loading…
Reference in New Issue
Block a user