import UBI ghostscript-9.27-12.el8
This commit is contained in:
parent
31f8054bbe
commit
36b69b18bf
@ -0,0 +1,88 @@
|
||||
From f70ab2044429fe4b991801476ea3f4b4a5c0cdf4 Mon Sep 17 00:00:00 2001
|
||||
From: Julian Smith <jules@op59.net>
|
||||
Date: Wed, 6 Nov 2019 11:46:10 +0000
|
||||
Subject: [PATCH 1/2] Bug 701843: avoid divide by zero caused by custom
|
||||
resolution being too low.
|
||||
|
||||
Fixes:
|
||||
./sanbin/gs -dBATCH -dNOPAUSE -dSAFER -r8 -dNOCIE -dFitPage -sOutputFile=tmp -sDEVICE=eps9mid ../bug-701843.pdf
|
||||
---
|
||||
devices/gdevepsn.c | 19 +++++++++++++++----
|
||||
1 file changed, 15 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/devices/gdevepsn.c b/devices/gdevepsn.c
|
||||
index 49faaf3d7..3e5388322 100644
|
||||
--- a/devices/gdevepsn.c
|
||||
+++ b/devices/gdevepsn.c
|
||||
@@ -159,10 +159,10 @@ eps_print_page(gx_device_printer *pdev, gp_file *prn_stream, int y_9pin_high,
|
||||
int line_size = gdev_mem_bytes_per_scan_line((gx_device *)pdev);
|
||||
/* Note that in_size is a multiple of 8. */
|
||||
int in_size = line_size * (8 * in_y_mult);
|
||||
- byte *buf1 = (byte *)gs_malloc(pdev->memory, in_size, 1, "eps_print_page(buf1)");
|
||||
- byte *buf2 = (byte *)gs_malloc(pdev->memory, in_size, 1, "eps_print_page(buf2)");
|
||||
- byte *in = buf1;
|
||||
- byte *out = buf2;
|
||||
+ byte *buf1;
|
||||
+ byte *buf2;
|
||||
+ byte *in;
|
||||
+ byte *out;
|
||||
int out_y_mult = (y_24pin ? 3 : 1);
|
||||
int x_dpi = (int)pdev->x_pixels_per_inch;
|
||||
char start_graphics =
|
||||
@@ -174,6 +174,17 @@ eps_print_page(gx_device_printer *pdev, gp_file *prn_stream, int y_9pin_high,
|
||||
int bytes_per_space = dots_per_space * out_y_mult;
|
||||
int tab_min_pixels = x_dpi * MIN_TAB_10THS / 10;
|
||||
int skip = 0, lnum = 0, pass, ypass;
|
||||
+
|
||||
+ if (bytes_per_space == 0) {
|
||||
+ /* This avoids divide by zero later on, bug 701843. */
|
||||
+ return_error(gs_error_rangecheck);
|
||||
+ }
|
||||
+
|
||||
+ buf1 = (byte *)gs_malloc(pdev->memory, in_size, 1, "eps_print_page(buf1)");
|
||||
+ buf2 = (byte *)gs_malloc(pdev->memory, in_size, 1, "eps_print_page(buf2)");
|
||||
+ in = buf1;
|
||||
+ out = buf2;
|
||||
+
|
||||
|
||||
/* Check allocations */
|
||||
if ( buf1 == 0 || buf2 == 0 )
|
||||
|
||||
diff --git a/devices/gdevepsc.c b/devices/gdevepsc.c
|
||||
--- a/devices/gdevepsc.c
|
||||
+++ b/devices/gdevepsc.c
|
||||
@@ -174,13 +174,7 @@
|
||||
int y_mult = (y_24pin ? 3 : 1);
|
||||
int line_size = (pdev->width + 7) >> 3; /* always mono */
|
||||
int in_size = line_size * (8 * y_mult);
|
||||
- byte *in =
|
||||
- (byte *) gs_malloc(pdev->memory, in_size + 1, 1,
|
||||
- "epsc_print_page(in)");
|
||||
int out_size = ((pdev->width + 7) & -8) * y_mult;
|
||||
- byte *out =
|
||||
- (byte *) gs_malloc(pdev->memory, out_size + 1, 1,
|
||||
- "epsc_print_page(out)");
|
||||
int x_dpi = (int)pdev->x_pixels_per_inch;
|
||||
char start_graphics = (char)
|
||||
((y_24pin ? graphics_modes_24 : graphics_modes_9)[x_dpi / 60]);
|
||||
@@ -195,6 +189,20 @@
|
||||
int color_line_size, color_in_size;
|
||||
int spare_bits = (pdev->width % 8); /* left over bits to go to margin */
|
||||
int whole_bits = pdev->width - spare_bits;
|
||||
+ byte *out;
|
||||
+ byte *in;
|
||||
+
|
||||
+ if (bytes_per_space == 0) {
|
||||
+ /* This avoids divide by zero later on, bug 701843. */
|
||||
+ return_error(gs_error_rangecheck);
|
||||
+ }
|
||||
+
|
||||
+ in =
|
||||
+ (byte *) gs_malloc(pdev->memory, in_size + 1, 1,
|
||||
+ "epsc_print_page(in)");
|
||||
+ out =
|
||||
+ (byte *) gs_malloc(pdev->memory, out_size + 1, 1,
|
||||
+ "epsc_print_page(out)");
|
||||
|
||||
/* Check allocations */
|
||||
if (in == 0 || out == 0) {
|
@ -37,7 +37,7 @@
|
||||
Name: ghostscript
|
||||
Summary: Interpreter for PostScript language & PDF
|
||||
Version: 9.27
|
||||
Release: 11%{?dist}
|
||||
Release: 12%{?dist}
|
||||
|
||||
License: AGPLv3+
|
||||
|
||||
@ -112,6 +112,7 @@ Patch019: ghostscript-9.27-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch
|
||||
Patch020: ghostscript-9.27-CVE-2023-28879.patch
|
||||
Patch021: ghostscript-9.27-CVE-2023-38559.patch
|
||||
Patch022: ghostscript-9.27-CVE-2023-4042.patch
|
||||
Patch023: ghostscript-9.27-avoid-divide-by-zero-in-devices.patch
|
||||
|
||||
|
||||
# Downstream patches -- these should be always included when doing rebase:
|
||||
@ -452,6 +453,10 @@ done
|
||||
# =============================================================================
|
||||
|
||||
%changelog
|
||||
* Tue Sep 19 2023 Richard Lescak <rlescak@redhat.com> - 9.27-12
|
||||
- fix to prevent divison by zero in devices
|
||||
- Resolves: rhbz#2235009
|
||||
|
||||
* Fri Aug 04 2023 Richard Lescak <rlescak@redhat.com> - 9.27-11
|
||||
- fix for CVE-2023-4042
|
||||
- Resolves: rhbz#2228153
|
||||
|
Loading…
Reference in New Issue
Block a user