|
 |
bd295e |
From be86d2ff2f0f0ea0e365707f3be0fa0c9e7315ee Mon Sep 17 00:00:00 2001
|
|
|
bd295e |
From: Ray Johnston <ray.johnston@artifex.com>
|
|
|
bd295e |
Date: Mon, 18 Feb 2019 12:11:45 -0800
|
|
|
bd295e |
Subject: [PATCH 1/2] Bug 700599: Issue an error message if an ExtGstate is not
|
|
|
bd295e |
found.
|
|
|
bd295e |
|
|
|
bd295e |
Previously, this was silently ignored. Only issue a single warning,
|
|
|
bd295e |
and respect PDFSTOPONERROR to prevent continuing with potentially
|
|
|
bd295e |
incorrect output.
|
|
|
bd295e |
|
|
|
bd295e |
Note that tests_private/pdf/uploads/bug696410.pdf also now gets this
|
|
|
bd295e |
error message (ExtGState" instead of ExtGState in object 10).
|
|
|
bd295e |
---
|
|
|
bd295e |
Resource/Init/pdf_draw.ps | 11 ++++++++++-
|
|
|
bd295e |
1 file changed, 10 insertions(+), 1 deletion(-)
|
|
|
bd295e |
|
|
|
bd295e |
diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
|
|
|
bd295e |
index 1add3f7..6a2773a 100644
|
|
|
bd295e |
--- a/Resource/Init/pdf_draw.ps
|
|
|
bd295e |
+++ b/Resource/Init/pdf_draw.ps
|
|
|
bd295e |
@@ -494,7 +494,16 @@ end
|
|
|
bd295e |
dup {
|
|
|
bd295e |
oforce exch gsparamdict exch .knownget { exec } { pop } ifelse
|
|
|
bd295e |
} forall pop
|
|
|
bd295e |
- } if
|
|
|
bd295e |
+ } {
|
|
|
bd295e |
+ //pdfdict /.gs_warning_issued known not {
|
|
|
bd295e |
+ (\n **** Error 'gs' ignored -- ExtGState missing from Resources.\n)
|
|
|
bd295e |
+ pdfformaterror
|
|
|
bd295e |
+ ( Output may be incorrect.\n) pdfformaterror
|
|
|
bd295e |
+ //pdfdict /.gs_warning_issued //true .forceput
|
|
|
bd295e |
+ PDFSTOPONERROR { /gs /undefined signalerror } if
|
|
|
bd295e |
+ } if
|
|
|
bd295e |
+ }
|
|
|
bd295e |
+ ifelse
|
|
|
bd295e |
} bind executeonly def
|
|
|
bd295e |
|
|
|
bd295e |
% ------ Transparency support ------ %
|
|
|
bd295e |
--
|
|
|
bd295e |
2.20.1
|
|
|
bd295e |
|
|
|
bd295e |
|
|
|
bd295e |
From cd1b1cacadac2479e291efe611979bdc1b3bdb19 Mon Sep 17 00:00:00 2001
|
|
|
bd295e |
From: Ken Sharp <ken.sharp@artifex.com>
|
|
|
bd295e |
Date: Wed, 21 Aug 2019 10:10:51 +0100
|
|
|
bd295e |
Subject: [PATCH 2/2] PDF interpreter - review .forceput security
|
|
|
bd295e |
|
|
|
bd295e |
Bug #701450 "Safer Mode Bypass by .forceput Exposure in .pdfexectoken"
|
|
|
bd295e |
|
|
|
bd295e |
By abusing the error handler it was possible to get the PDFDEBUG portion
|
|
|
bd295e |
of .pdfexectoken, which uses .forceput left readable.
|
|
|
bd295e |
|
|
|
bd295e |
Add an executeonly appropriately to make sure that clause isn't readable
|
|
|
bd295e |
no mstter what.
|
|
|
bd295e |
|
|
|
bd295e |
Review all the uses of .forceput searching for similar cases, add
|
|
|
bd295e |
executeonly as required to secure those. All cases in the PostScript
|
|
|
bd295e |
support files seem to be covered already.
|
|
|
bd295e |
---
|
|
|
bd295e |
Resource/Init/pdf_base.ps | 2 +-
|
|
|
bd295e |
Resource/Init/pdf_draw.ps | 14 +++++++-------
|
|
|
bd295e |
Resource/Init/pdf_font.ps | 23 ++++++++++++-----------
|
|
|
bd295e |
Resource/Init/pdf_main.ps | 6 +++---
|
|
|
bd295e |
Resource/Init/pdf_ops.ps | 11 ++++++-----
|
|
|
bd295e |
5 files changed, 29 insertions(+), 27 deletions(-)
|
|
|
bd295e |
|
|
|
bd295e |
diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps
|
|
|
bd295e |
index d3c3a5f..5dabe4d 100644
|
|
|
bd295e |
--- a/Resource/Init/pdf_base.ps
|
|
|
bd295e |
+++ b/Resource/Init/pdf_base.ps
|
|
|
bd295e |
@@ -154,7 +154,7 @@ currentdict /num-chars-dict .undef
|
|
|
bd295e |
{
|
|
|
bd295e |
dup ==only () = flush
|
|
|
bd295e |
} ifelse % PDFSTEP
|
|
|
bd295e |
- } if % PDFDEBUG
|
|
|
bd295e |
+ } executeonly if % PDFDEBUG
|
|
|
bd295e |
2 copy .knownget {
|
|
|
bd295e |
exch pop exch pop exch pop exec
|
|
|
bd295e |
} {
|
|
|
bd295e |
diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
|
|
|
bd295e |
index 6a2773a..068ba7c 100644
|
|
|
bd295e |
--- a/Resource/Init/pdf_draw.ps
|
|
|
bd295e |
+++ b/Resource/Init/pdf_draw.ps
|
|
|
bd295e |
@@ -501,8 +501,8 @@ end
|
|
|
bd295e |
( Output may be incorrect.\n) pdfformaterror
|
|
|
bd295e |
//pdfdict /.gs_warning_issued //true .forceput
|
|
|
bd295e |
PDFSTOPONERROR { /gs /undefined signalerror } if
|
|
|
bd295e |
- } if
|
|
|
bd295e |
- }
|
|
|
bd295e |
+ } executeonly if
|
|
|
bd295e |
+ } executeonly
|
|
|
bd295e |
ifelse
|
|
|
bd295e |
} bind executeonly def
|
|
|
bd295e |
|
|
|
bd295e |
@@ -1127,7 +1127,7 @@ currentdict end readonly def
|
|
|
bd295e |
.setglobal
|
|
|
bd295e |
pdfformaterror
|
|
|
bd295e |
} executeonly ifelse
|
|
|
bd295e |
- }
|
|
|
bd295e |
+ } executeonly
|
|
|
bd295e |
{
|
|
|
bd295e |
currentglobal //pdfdict gcheck .setglobal
|
|
|
bd295e |
//pdfdict /.Qqwarning_issued //true .forceput
|
|
|
bd295e |
@@ -1135,8 +1135,8 @@ currentdict end readonly def
|
|
|
bd295e |
pdfformaterror
|
|
|
bd295e |
} executeonly ifelse
|
|
|
bd295e |
end
|
|
|
bd295e |
- } ifelse
|
|
|
bd295e |
- } loop
|
|
|
bd295e |
+ } executeonly ifelse
|
|
|
bd295e |
+ } executeonly loop
|
|
|
bd295e |
{
|
|
|
bd295e |
(\n **** Error: File has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n)
|
|
|
bd295e |
//pdfdict /.Qqwarning_issued .knownget
|
|
|
bd295e |
@@ -1150,14 +1150,14 @@ currentdict end readonly def
|
|
|
bd295e |
.setglobal
|
|
|
bd295e |
pdfformaterror
|
|
|
bd295e |
} executeonly ifelse
|
|
|
bd295e |
- }
|
|
|
bd295e |
+ } executeonly
|
|
|
bd295e |
{
|
|
|
bd295e |
currentglobal //pdfdict gcheck .setglobal
|
|
|
bd295e |
//pdfdict /.Qqwarning_issued //true .forceput
|
|
|
bd295e |
.setglobal
|
|
|
bd295e |
pdfformaterror
|
|
|
bd295e |
} executeonly ifelse
|
|
|
bd295e |
- } if
|
|
|
bd295e |
+ } executeonly if
|
|
|
bd295e |
pop
|
|
|
bd295e |
|
|
|
bd295e |
% restore pdfemptycount
|
|
|
bd295e |
diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps
|
|
|
bd295e |
index 8b8fef8..86b1870 100644
|
|
|
bd295e |
--- a/Resource/Init/pdf_font.ps
|
|
|
bd295e |
+++ b/Resource/Init/pdf_font.ps
|
|
|
bd295e |
@@ -677,7 +677,7 @@ currentdict end readonly def
|
|
|
bd295e |
currentglobal 2 index dup gcheck setglobal
|
|
|
bd295e |
/FontInfo 5 dict dup 5 1 roll .forceput
|
|
|
bd295e |
setglobal
|
|
|
bd295e |
- } if
|
|
|
bd295e |
+ } executeonly if
|
|
|
bd295e |
dup /GlyphNames2Unicode .knownget not {
|
|
|
bd295e |
//true % No existing G2U, make one
|
|
|
bd295e |
} {
|
|
|
bd295e |
@@ -701,9 +701,9 @@ currentdict end readonly def
|
|
|
bd295e |
} if
|
|
|
bd295e |
PDFDEBUG {
|
|
|
bd295e |
(.processToUnicode end) =
|
|
|
bd295e |
- } if
|
|
|
bd295e |
- } if
|
|
|
bd295e |
- } stopped
|
|
|
bd295e |
+ } executeonly if
|
|
|
bd295e |
+ } executeonly if
|
|
|
bd295e |
+ } executeonly stopped
|
|
|
bd295e |
{
|
|
|
bd295e |
.dstackdepth 1 countdictstack 1 sub
|
|
|
bd295e |
{pop end} for
|
|
|
bd295e |
@@ -1225,19 +1225,20 @@ currentdict /eexec_pdf_param_dict .undef
|
|
|
bd295e |
//pdfdict /.Qqwarning_issued //true .forceput
|
|
|
bd295e |
} executeonly if
|
|
|
bd295e |
Q
|
|
|
bd295e |
- } repeat
|
|
|
bd295e |
+ } executeonly repeat
|
|
|
bd295e |
Q
|
|
|
bd295e |
- } PDFfile fileposition 2 .execn % Keep pdfcount valid.
|
|
|
bd295e |
+ } executeonly PDFfile fileposition 2 .execn % Keep pdfcount valid.
|
|
|
bd295e |
PDFfile exch setfileposition
|
|
|
bd295e |
- } ifelse
|
|
|
bd295e |
- } {
|
|
|
bd295e |
+ } executeonly ifelse
|
|
|
bd295e |
+ } executeonly
|
|
|
bd295e |
+ {
|
|
|
bd295e |
% PDF Type 3 fonts don't use .notdef
|
|
|
bd295e |
% d1 implementation adjusts the width as needed
|
|
|
bd295e |
0 0 0 0 0 0
|
|
|
bd295e |
pdfopdict /d1 get exec
|
|
|
bd295e |
} ifelse
|
|
|
bd295e |
end end
|
|
|
bd295e |
- } bdef
|
|
|
bd295e |
+ } executeonly bdef
|
|
|
bd295e |
dup currentdict Encoding .processToUnicode
|
|
|
bd295e |
currentdict end .completefont exch pop
|
|
|
bd295e |
} bind executeonly odef
|
|
|
bd295e |
@@ -2022,9 +2023,9 @@ currentdict /CMap_read_dict undef
|
|
|
bd295e |
(Will continue, but content may be missing.) = flush
|
|
|
bd295e |
} ifelse
|
|
|
bd295e |
} if
|
|
|
bd295e |
- } if
|
|
|
bd295e |
+ } executeonly if
|
|
|
bd295e |
/findresource cvx /undefined signalerror
|
|
|
bd295e |
- } loop
|
|
|
bd295e |
+ } executeonly loop
|
|
|
bd295e |
} bind executeonly odef
|
|
|
bd295e |
|
|
|
bd295e |
/buildCIDType0 { % <CIDFontType0-font-resource> buildCIDType0 <font>
|
|
|
bd295e |
diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps
|
|
|
bd295e |
index e44288e..ecde3d4 100644
|
|
|
bd295e |
--- a/Resource/Init/pdf_main.ps
|
|
|
bd295e |
+++ b/Resource/Init/pdf_main.ps
|
|
|
bd295e |
@@ -2696,15 +2696,15 @@ currentdict /PDF2PS_matrix_key undef
|
|
|
bd295e |
.setglobal
|
|
|
bd295e |
pdfformaterror
|
|
|
bd295e |
} executeonly ifelse
|
|
|
bd295e |
- }
|
|
|
bd295e |
+ } executeonly
|
|
|
bd295e |
{
|
|
|
bd295e |
currentglobal //pdfdict gcheck .setglobal
|
|
|
bd295e |
//pdfdict /.Qqwarning_issued //true .forceput
|
|
|
bd295e |
.setglobal
|
|
|
bd295e |
pdfformaterror
|
|
|
bd295e |
} executeonly ifelse
|
|
|
bd295e |
- } if
|
|
|
bd295e |
- } if
|
|
|
bd295e |
+ } executeonly if
|
|
|
bd295e |
+ } executeonly if
|
|
|
bd295e |
pop
|
|
|
bd295e |
count PDFexecstackcount sub { pop } repeat
|
|
|
bd295e |
(after exec) VMDEBUG
|
|
|
bd295e |
diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps
|
|
|
bd295e |
index c2e7461..12d5a66 100644
|
|
|
bd295e |
--- a/Resource/Init/pdf_ops.ps
|
|
|
bd295e |
+++ b/Resource/Init/pdf_ops.ps
|
|
|
bd295e |
@@ -186,14 +186,14 @@ currentdict /gput_always_allow .undef
|
|
|
bd295e |
.setglobal
|
|
|
bd295e |
pdfformaterror
|
|
|
bd295e |
} executeonly ifelse
|
|
|
bd295e |
- }
|
|
|
bd295e |
+ } executeonly
|
|
|
bd295e |
{
|
|
|
bd295e |
currentglobal //pdfdict gcheck .setglobal
|
|
|
bd295e |
//pdfdict /.Qqwarning_issued //true .forceput
|
|
|
bd295e |
.setglobal
|
|
|
bd295e |
pdfformaterror
|
|
|
bd295e |
} executeonly ifelse
|
|
|
bd295e |
- } if
|
|
|
bd295e |
+ } executeonly if
|
|
|
bd295e |
} bind executeonly odef
|
|
|
bd295e |
|
|
|
bd295e |
% Save PDF gstate
|
|
|
bd295e |
@@ -440,11 +440,12 @@ currentdict /gput_always_allow .undef
|
|
|
bd295e |
dup type /booleantype eq {
|
|
|
bd295e |
.currentSMask type /dicttype eq {
|
|
|
bd295e |
.currentSMask /Processed 2 index .forceput
|
|
|
bd295e |
+ } executeonly
|
|
|
bd295e |
+ {
|
|
|
bd295e |
+ .setSMask
|
|
|
bd295e |
+ }ifelse
|
|
|
bd295e |
} executeonly
|
|
|
bd295e |
{
|
|
|
bd295e |
- .setSMask
|
|
|
bd295e |
- }ifelse
|
|
|
bd295e |
- }{
|
|
|
bd295e |
.setSMask
|
|
|
bd295e |
}ifelse
|
|
|
bd295e |
|
|
|
bd295e |
--
|
|
|
bd295e |
2.20.1
|
|
|
bd295e |
|