rpms/ghostscript
7
0
Fork 0
Code Issues Pull Requests Releases Activity
4489aac000
ghostscript/ghostscript-pdfwrite-segfault.patch

52 lines
2.2 KiB
Diff
Raw Blame History

diff -up ghostscript-9.06/base/gdevpdtd.c.pdfwrite-segfault ghostscript-9.06/base/gdevpdtd.c
--- ghostscript-9.06/base/gdevpdtd.c.pdfwrite-segfault 2012-08-08 09:01:36.000000000 +0100
+++ ghostscript-9.06/base/gdevpdtd.c 2013-05-16 09:28:07.410407852 +0100
@@ -699,7 +699,7 @@ pdf_write_FontDescriptor(gx_device_pdf *
if (code < 0)
return code;
}
- if (pfd->embed) {
+ if (pfd->embed && pfd->base_font->FontFile) {
code = pdf_write_FontFile_entry(pdev, pfd->base_font);
if (code < 0)
return code;
diff -up ghostscript-9.06/base/gxtype1.c.pdfwrite-segfault ghostscript-9.06/base/gxtype1.c
--- ghostscript-9.06/base/gxtype1.c.pdfwrite-segfault 2012-08-08 09:01:36.000000000 +0100
+++ ghostscript-9.06/base/gxtype1.c 2013-05-16 09:28:07.409407814 +0100
@@ -371,7 +371,7 @@ gs_type1_piece_codes(/*const*/ gs_font_t
const byte *cip, *end;
crypt_state state;
int c, hhints = 0, vhints = 0;
- int code;
+ int code, call_depth = 0;
CLEAR_CSTACK(cstack, csp);
cip = pgd->bits.data;
@@ -450,6 +450,7 @@ gs_type1_piece_codes(/*const*/ gs_font_t
}
break;
case c2_callgsubr:
+ call_depth++;
c = fixed2int_var(*csp) + pdata->gsubrNumberBias;
code = pdata->procs.subr_data
(pfont, c, true, &ipsp[1].cs_data);
@@ -462,6 +463,7 @@ gs_type1_piece_codes(/*const*/ gs_font_t
end = ipsp->cs_data.bits.data + ipsp->cs_data.bits.size;
goto call;
case c_callsubr:
+ call_depth++;
c = fixed2int_var(*csp) + pdata->subroutineNumberBias;
code = pdata->procs.subr_data
(pfont, c, false, &ipsp[1].cs_data);
@@ -474,6 +476,10 @@ gs_type1_piece_codes(/*const*/ gs_font_t
end = ipsp->cs_data.bits.data + ipsp->cs_data.bits.size;
goto call;
case c_return:
+ if (call_depth == 0)
+ return (gs_note_error(gs_error_invalidfont));
+ else
+ call_depth--;
gs_glyph_data_free(&ipsp->cs_data, "gs_type1_piece_codes");
--ipsp;
if (ipsp < ipstack)
Reference in New Issue View Git Blame Copy Permalink