diff options
Diffstat (limited to 'print/ghostscript/patches/patch-bc')
| -rw-r--r-- | print/ghostscript/patches/patch-bc | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/print/ghostscript/patches/patch-bc b/print/ghostscript/patches/patch-bc new file mode 100644 index 00000000000..f5d7987ef0d --- /dev/null +++ b/print/ghostscript/patches/patch-bc @@ -0,0 +1,42 @@ +$NetBSD: patch-bc,v 1.3 2010/06/30 12:44:55 tron Exp $ + +Fix for security vulnerability reported in CVE-2010-1628 taken from here: + +http://bugs.ghostscript.com/attachment.cgi?id=6350 + +--- psi/ialloc.c.orig 2008-08-28 23:48:19.000000000 +0100 ++++ psi/ialloc.c 2010-06-30 13:31:32.000000000 +0100 +@@ -185,7 +185,14 @@ + */ + chunk_t *pcc = mem->pcc; + ref *end; ++ alloc_change_t *cp = 0; ++ int code = 0; + ++ if ((gs_memory_t *)mem != mem->stable_memory) { ++ code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &cp); ++ if (code < 0) ++ return code; ++ } + obj = gs_alloc_struct_array((gs_memory_t *) mem, num_refs + 1, + ref, &st_refs, cname); + if (obj == 0) +@@ -210,14 +217,10 @@ + chunk_locate_ptr(obj, &cl); + cl.cp->has_refs = true; + } +- if ((gs_memory_t *)mem != mem->stable_memory) { +- ref_packed **ppr = 0; +- int code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &ppr); +- if (code < 0) +- return code; +- if (ppr) +- *ppr = (ref_packed *)obj; +- } ++ if (cp) { ++ mem->changes = cp; ++ cp->where = (ref_packed *)obj; ++ } + } + make_array(parr, attrs | mem->space, num_refs, obj); + return 0; |