34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From 309eca4e0a31ea70dcc844812691439312dad091 Mon Sep 17 00:00:00 2001
|
|
From: Ken Sharp <ken.sharp@artifex.com>
|
|
Date: Mon, 20 Mar 2017 09:34:11 +0000
|
|
Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
|
|
|
|
Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
|
|
|
|
This is only possible by abusing/mis-using Ghostscript-specific
|
|
language extensions, so cannot happen in a general PostScript program.
|
|
|
|
Nevertheless, Ghostscript should not crash. So this commit checks the
|
|
memory device to see if raster memory has been allocated, before trying
|
|
to read from it.
|
|
---
|
|
base/gdevmem.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/base/gdevmem.c b/base/gdevmem.c
|
|
index afd05bd..d52d684 100644
|
|
--- a/base/gdevmem.c
|
|
+++ b/base/gdevmem.c
|
|
@@ -606,6 +606,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect,
|
|
GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
|
|
return_error(gs_error_rangecheck);
|
|
}
|
|
+ if (mdev->line_ptrs == 0x00)
|
|
+ return_error(gs_error_rangecheck);
|
|
if ((w <= 0) | (h <= 0)) {
|
|
if ((w | h) < 0)
|
|
return_error(gs_error_rangecheck);
|
|
--
|
|
2.9.3
|
|
|