Handle GlyphDirectory as an array

Upstream BZ: http://bugs.ghostscript.com/show_bug.cgi?id=697286
2016-11-03 16:58:02 +01:00 · 2016-11-03 16:58:02 +01:00 · f2fcc98430
commit f2fcc98430
parent a890cdf30f
2 changed files with 61 additions and 1 deletions
--- a/ghostscript-9.20-handle-glyphdirectory-correctly.patch
+++ b/ghostscript-9.20-handle-glyphdirectory-correctly.patch
@ -0,0 +1,52 @@
+From 329e0a6d187cc5b5698689d76636ed3214d7efa7 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 3 Nov 2016 13:09:27 +0000
+Subject: [PATCH] Bug 697286: handle GlyphDirectory as an array
+
+For high level devices that need to copy CIDFonts, we need to establish the
+highest CID in a given CIDFont. If the font has a GlyphDirectory dictionary
+the only way to do so is to iterate through the keys to find the highest.
+
+The code handling this ignored that the GlyphDirectory could be an array,
+which confused the dictionary content iterator, and caused a segfault.
+
+In the case of an array, set the high CID to the highest index available in the
+array.
+---
+ psi/zfcid.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/psi/zfcid.c b/psi/zfcid.c
+index ce583af..3098a22 100644
+--- a/psi/zfcid.c
+++ b/psi/zfcid.c
+@@ -76,15 +76,19 @@ cid_font_data_param(os_ptr op, gs_font_cid_data *pdata, ref *pGlyphDirectory)
+          * the number of CIDs in the font. We need to know the maximum CID
+          * when copying fonts, so calculate and store it now.
+          */
+-        index = dict_first(pgdir);
+-        while (index >= 0) {
+-            index = dict_next(pgdir, index, (ref *)&element);
+-            if (index >= 0) {
+-                if (element[0].value.intval > pdata->MaxCID)
+-                    pdata->MaxCID = element[0].value.intval;
+        if (r_has_type(pgdir, t_dictionary)) {
+            index = dict_first(pgdir);
+            while (index >= 0) {
+                index = dict_next(pgdir, index, (ref *)&element);
+                if (index >= 0) {
+                    if (element[0].value.intval > pdata->MaxCID)
+                        pdata->MaxCID = element[0].value.intval;
+                }
+             }
+         }
+-
+        else {
+            pdata->MaxCID = r_size(pgdir) - 1;
+        }
+         return code;
+     } else {
+         return_error(gs_error_typecheck);
+-- 
+2.7.4
+
--- a/ghostscript.spec
+++ b/ghostscript.spec
@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer
 Name: ghostscript
 Version: %{gs_ver}

-Release: 4%{?dist}
+Release: 5%{?dist}

 # Included CMap data is Redistributable, no modification permitted,
 # see http://bugzilla.redhat.com/487510
@ -20,6 +20,7 @@ Patch1: ghostscript-9.20-fix-openjpeg-system-build.patch
 Patch2: ghostscript-9.20-runlibfileifexists.patch
 Patch3: ghostscript-9.20-run-dvipdf-securely.patch
 Patch4: ghostscript-9.20-urw-fonts-naming.patch
+Patch10: ghostscript-9.20-handle-glyphdirectory-correctly.patch

 # Security patches:
 Patch5: ghostscript-9.20-cve-2016-7979.patch
@ -143,6 +144,9 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib
 # Honor -dSAFER in .libfile (bug #1380415):
 %patch9 -p1

+# handle GlyphDirectory as an array (http://bugs.ghostscript.com/show_bug.cgi?id=697286):
+%patch10 -p1
+
 # Convert manual pages to UTF-8
 from8859_1() {
        iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@ -339,6 +343,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libgs.so

 %changelog
+* Thu Nov  3 2016 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-5
+- Added fix to avoid SIGSEGV for some *.ps files. More info here:
+  <http://bugs.ghostscript.com/show_bug.cgi?id=697286>
+
 * Tue Nov  1 2016 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-4
 - Added security fix for CVE-2016-7977 (bug #1380415)