$NetBSD: patch-bc,v 1.3 2010/06/30 12:44:55 tron Exp $

Fix for security vulnerability reported in CVE-2010-1628 taken from here:

http://bugs.ghostscript.com/attachment.cgi?id=6350

--- psi/ialloc.c.orig	2008-08-28 23:48:19.000000000 +0100
+++ psi/ialloc.c	2010-06-30 13:31:32.000000000 +0100
@@ -185,7 +185,14 @@
 	 */
 	chunk_t *pcc = mem->pcc;
 	ref *end;
+	alloc_change_t *cp = 0;
+        int code = 0;
 
+	if ((gs_memory_t *)mem != mem->stable_memory) {
+	    code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &cp);
+	    if (code < 0)
+		return code;
+	}
 	obj = gs_alloc_struct_array((gs_memory_t *) mem, num_refs + 1,
 				    ref, &st_refs, cname);
 	if (obj == 0)
@@ -210,14 +217,10 @@
 	    chunk_locate_ptr(obj, &cl);
 	    cl.cp->has_refs = true;
 	}
-	if ((gs_memory_t *)mem != mem->stable_memory) {
-	    ref_packed **ppr = 0;
-	    int code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &ppr);
-	    if (code < 0)
-		return code;
-            if (ppr)
-	        *ppr = (ref_packed *)obj;
-	}
+	if (cp) {
+            mem->changes = cp;
+            cp->where = (ref_packed *)obj;
+        }
     }
     make_array(parr, attrs | mem->space, num_refs, obj);
     return 0;