Blame SOURCES/ghostscript-cve-2017-7207.patch

ea5d11
From 309eca4e0a31ea70dcc844812691439312dad091 Mon Sep 17 00:00:00 2001
ea5d11
From: Ken Sharp <ken.sharp@artifex.com>
ea5d11
Date: Mon, 20 Mar 2017 09:34:11 +0000
ea5d11
Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
ea5d11
ea5d11
Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
ea5d11
ea5d11
This is only possible by abusing/mis-using Ghostscript-specific
ea5d11
language extensions, so cannot happen in a general PostScript program.
ea5d11
ea5d11
Nevertheless, Ghostscript should not crash. So this commit checks the
ea5d11
memory device to see if raster memory has been allocated, before trying
ea5d11
to read from it.
ea5d11
---
ea5d11
 base/gdevmem.c | 2 ++
ea5d11
 1 file changed, 2 insertions(+)
ea5d11
ea5d11
diff --git a/base/gdevmem.c b/base/gdevmem.c
ea5d11
index afd05bd..d52d684 100644
ea5d11
--- a/base/gdevmem.c
ea5d11
+++ b/base/gdevmem.c
ea5d11
@@ -606,6 +606,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect,
ea5d11
             GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
ea5d11
         return_error(gs_error_rangecheck);
ea5d11
     }
ea5d11
+    if (mdev->line_ptrs == 0x00)
ea5d11
+        return_error(gs_error_rangecheck);
ea5d11
     if ((w <= 0) | (h <= 0)) {
ea5d11
         if ((w | h) < 0)
ea5d11
             return_error(gs_error_rangecheck);
ea5d11
-- 
ea5d11
2.9.3
ea5d11