import UBI ghostscript-9.27-12.el8

This commit is contained in:
eabdullin 2024-05-22 13:51:34 +00:00
parent 31f8054bbe
commit 36b69b18bf
2 changed files with 94 additions and 1 deletions

View File

@ -0,0 +1,88 @@
From f70ab2044429fe4b991801476ea3f4b4a5c0cdf4 Mon Sep 17 00:00:00 2001
From: Julian Smith <jules@op59.net>
Date: Wed, 6 Nov 2019 11:46:10 +0000
Subject: [PATCH 1/2] Bug 701843: avoid divide by zero caused by custom
resolution being too low.
Fixes:
./sanbin/gs -dBATCH -dNOPAUSE -dSAFER -r8 -dNOCIE -dFitPage -sOutputFile=tmp -sDEVICE=eps9mid ../bug-701843.pdf
---
devices/gdevepsn.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/devices/gdevepsn.c b/devices/gdevepsn.c
index 49faaf3d7..3e5388322 100644
--- a/devices/gdevepsn.c
+++ b/devices/gdevepsn.c
@@ -159,10 +159,10 @@ eps_print_page(gx_device_printer *pdev, gp_file *prn_stream, int y_9pin_high,
int line_size = gdev_mem_bytes_per_scan_line((gx_device *)pdev);
/* Note that in_size is a multiple of 8. */
int in_size = line_size * (8 * in_y_mult);
- byte *buf1 = (byte *)gs_malloc(pdev->memory, in_size, 1, "eps_print_page(buf1)");
- byte *buf2 = (byte *)gs_malloc(pdev->memory, in_size, 1, "eps_print_page(buf2)");
- byte *in = buf1;
- byte *out = buf2;
+ byte *buf1;
+ byte *buf2;
+ byte *in;
+ byte *out;
int out_y_mult = (y_24pin ? 3 : 1);
int x_dpi = (int)pdev->x_pixels_per_inch;
char start_graphics =
@@ -174,6 +174,17 @@ eps_print_page(gx_device_printer *pdev, gp_file *prn_stream, int y_9pin_high,
int bytes_per_space = dots_per_space * out_y_mult;
int tab_min_pixels = x_dpi * MIN_TAB_10THS / 10;
int skip = 0, lnum = 0, pass, ypass;
+
+ if (bytes_per_space == 0) {
+ /* This avoids divide by zero later on, bug 701843. */
+ return_error(gs_error_rangecheck);
+ }
+
+ buf1 = (byte *)gs_malloc(pdev->memory, in_size, 1, "eps_print_page(buf1)");
+ buf2 = (byte *)gs_malloc(pdev->memory, in_size, 1, "eps_print_page(buf2)");
+ in = buf1;
+ out = buf2;
+
/* Check allocations */
if ( buf1 == 0 || buf2 == 0 )
diff --git a/devices/gdevepsc.c b/devices/gdevepsc.c
--- a/devices/gdevepsc.c
+++ b/devices/gdevepsc.c
@@ -174,13 +174,7 @@
int y_mult = (y_24pin ? 3 : 1);
int line_size = (pdev->width + 7) >> 3; /* always mono */
int in_size = line_size * (8 * y_mult);
- byte *in =
- (byte *) gs_malloc(pdev->memory, in_size + 1, 1,
- "epsc_print_page(in)");
int out_size = ((pdev->width + 7) & -8) * y_mult;
- byte *out =
- (byte *) gs_malloc(pdev->memory, out_size + 1, 1,
- "epsc_print_page(out)");
int x_dpi = (int)pdev->x_pixels_per_inch;
char start_graphics = (char)
((y_24pin ? graphics_modes_24 : graphics_modes_9)[x_dpi / 60]);
@@ -195,6 +189,20 @@
int color_line_size, color_in_size;
int spare_bits = (pdev->width % 8); /* left over bits to go to margin */
int whole_bits = pdev->width - spare_bits;
+ byte *out;
+ byte *in;
+
+ if (bytes_per_space == 0) {
+ /* This avoids divide by zero later on, bug 701843. */
+ return_error(gs_error_rangecheck);
+ }
+
+ in =
+ (byte *) gs_malloc(pdev->memory, in_size + 1, 1,
+ "epsc_print_page(in)");
+ out =
+ (byte *) gs_malloc(pdev->memory, out_size + 1, 1,
+ "epsc_print_page(out)");
/* Check allocations */
if (in == 0 || out == 0) {

View File

@ -37,7 +37,7 @@
Name: ghostscript
Summary: Interpreter for PostScript language & PDF
Version: 9.27
Release: 11%{?dist}
Release: 12%{?dist}
License: AGPLv3+
@ -112,6 +112,7 @@ Patch019: ghostscript-9.27-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch
Patch020: ghostscript-9.27-CVE-2023-28879.patch
Patch021: ghostscript-9.27-CVE-2023-38559.patch
Patch022: ghostscript-9.27-CVE-2023-4042.patch
Patch023: ghostscript-9.27-avoid-divide-by-zero-in-devices.patch
# Downstream patches -- these should be always included when doing rebase:
@ -452,6 +453,10 @@ done
# =============================================================================
%changelog
* Tue Sep 19 2023 Richard Lescak <rlescak@redhat.com> - 9.27-12
- fix to prevent divison by zero in devices
- Resolves: rhbz#2235009
* Fri Aug 04 2023 Richard Lescak <rlescak@redhat.com> - 9.27-11
- fix for CVE-2023-4042
- Resolves: rhbz#2228153