From ed9fcd95bb01f0768bf273b2526732e381202319 Mon Sep 17 00:00:00 2001

From: Chris Liddell <chris.liddell@artifex.com>

Date: Wed, 20 Feb 2019 09:54:28 +0000

Subject: [PATCH 1/2] Bug 700576: Make a transient proc executeonly (in

 DefineResource).

This prevents access to .forceput

Solution originally suggested by cbuissar@redhat.com.

---

 Resource/Init/gs_res.ps | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps

index d9b3459..b646329 100644

--- a/Resource/Init/gs_res.ps

+++ b/Resource/Init/gs_res.ps

@@ -425,7 +425,7 @@ status {

                         % so we have to use .forcedef here.

                   /.Instances 1 index .forcedef	% Category dict is read-only

                 } executeonly if

-              }

+              } executeonly

               { .LocalInstances dup //.emptydict eq

                  { pop 3 dict localinstancedict Category 2 index put

                  }

-- 

2.20.1

From a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b Mon Sep 17 00:00:00 2001

From: Chris Liddell <chris.liddell@artifex.com>

Date: Fri, 22 Feb 2019 12:28:23 +0000

Subject: [PATCH 2/2] Bug 700576(redux): an extra transient proc needs

 executeonly'ed.

---

 Resource/Init/gs_res.ps | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps

index b646329..8c1f29f 100644

--- a/Resource/Init/gs_res.ps

+++ b/Resource/Init/gs_res.ps

@@ -437,7 +437,7 @@ status {

                         % Now make the resource value read-only.

              0 2 copy get { readonly } .internalstopped pop

              dup 4 1 roll put exch pop exch pop

-           }

+           } executeonly

            { /defineresource cvx /typecheck signaloperror

            }

         ifelse

-- 

2.20.1