|
|
f1e96c |
From: Nancy Durgin <nancy.durgin@artifex.com>
|
|
|
f1e96c |
Date: Wed, 23 Jan 2019 20:00:30 +0000 (-0800)
|
|
|
f1e96c |
Subject: Fixed bug caused by the way .checksetparams was undef'd
|
|
|
f1e96c |
|
|
|
f1e96c |
Fixed bug caused by the way .checksetparams was undef'd
|
|
|
f1e96c |
|
|
|
f1e96c |
Previously, had undef'd it by making it an operator.
|
|
|
f1e96c |
Now just use an immediate reference and undef it in the gs_lev2.ps file.
|
|
|
f1e96c |
|
|
|
f1e96c |
This fixes bug introduced in commit fe4c47d8e25d6366ecbb5ff487348148b908a89e.
|
|
|
f1e96c |
|
|
|
f1e96c |
Undef'ing .checksetparams by making it an operator doesn't work right because
|
|
|
f1e96c |
errors report .checksetparams as the offending function instead of
|
|
|
f1e96c |
the operator that uses it (setsystemparams in this case).
|
|
|
f1e96c |
|
|
|
f1e96c |
This caused an error in file /tests_private/ps/ps3cet/27-09.PS on page 3,
|
|
|
f1e96c |
where it reports the offending function of some error-handling tests.
|
|
|
f1e96c |
Reporting function should be 'setsystemparams', not '.checksetparams' on
|
|
|
f1e96c |
this page.
|
|
|
f1e96c |
|
|
|
f1e96c |
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e7ff64cf9b756278f19c87d295ee0fd95c955c05
|
|
|
f1e96c |
|
|
|
f1e96c |
From: Ray Johnston <ray.johnston@artifex.com>
|
|
|
f1e96c |
Date: Thu, 31 Jan 2019 19:31:30 +0000 (-0800)
|
|
|
f1e96c |
Subject: Hide pdfdict and GS_PDF_ProcSet (internal stuff for the PDF interp).
|
|
|
f1e96c |
|
|
|
f1e96c |
Hide pdfdict and GS_PDF_ProcSet (internal stuff for the PDF interp).
|
|
|
f1e96c |
|
|
|
f1e96c |
We now keep GS_PDF_ProcSet in pdfdict, and immediately bind pdfdict
|
|
|
f1e96c |
where needed so we can undef it after the last PDF interp file has
|
|
|
f1e96c |
run (pdf_sec.ps).
|
|
|
f1e96c |
|
|
|
f1e96c |
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
|
|
|
f1e96c |
---
|
|
|
f1e96c |
|
|
|
f1e96c |
diff -up ghostscript-9.07/Resource/Init/gs_init.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/gs_init.ps
|
|
|
f1e96c |
--- ghostscript-9.07/Resource/Init/gs_init.ps.cve-2019-3839-part2 2019-02-28 08:33:56.995374504 +0100
|
|
|
f1e96c |
+++ ghostscript-9.07/Resource/Init/gs_init.ps 2019-02-28 08:34:35.073879701 +0100
|
|
|
f1e96c |
@@ -2222,7 +2222,6 @@ SAFER { .setsafe } if
|
|
|
f1e96c |
/.setuserparams2
|
|
|
f1e96c |
/.startjob
|
|
|
f1e96c |
/.checkFilePermitparams
|
|
|
f1e96c |
- /.checksetparams
|
|
|
f1e96c |
/.copyparam
|
|
|
f1e96c |
/.setpagesize
|
|
|
f1e96c |
|
|
|
f1e96c |
diff -up ghostscript-9.07/Resource/Init/gs_lev2.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/gs_lev2.ps
|
|
|
f1e96c |
--- ghostscript-9.07/Resource/Init/gs_lev2.ps.cve-2019-3839-part2 2019-02-28 08:35:01.038542311 +0100
|
|
|
f1e96c |
+++ ghostscript-9.07/Resource/Init/gs_lev2.ps 2019-02-28 08:38:44.266647686 +0100
|
|
|
f1e96c |
@@ -64,7 +64,7 @@ level2dict begin
|
|
|
f1e96c |
pop
|
|
|
f1e96c |
} ifelse pop pop
|
|
|
f1e96c |
} forall pop pop
|
|
|
f1e96c |
-} .bind odef
|
|
|
f1e96c |
+} .bind def
|
|
|
f1e96c |
|
|
|
f1e96c |
% currentuser/systemparams creates and returns a dictionary in the
|
|
|
f1e96c |
% current VM. The easiest way to make this work is to copy any composite
|
|
|
f1e96c |
@@ -129,7 +129,7 @@ end
|
|
|
f1e96c |
/.setuserparams2 {
|
|
|
f1e96c |
% Check that we will be able to set the PostScript-level
|
|
|
f1e96c |
% user parameters.
|
|
|
f1e96c |
- /setuserparams /psuserparams .systemvar .checksetparams
|
|
|
f1e96c |
+ /setuserparams /psuserparams .systemvar //.checksetparams exec
|
|
|
f1e96c |
% Set the C-level user params. If this succeeds, we know that
|
|
|
f1e96c |
% the password check succeeded.
|
|
|
f1e96c |
dup .setuserparams
|
|
|
f1e96c |
@@ -211,7 +211,7 @@ end
|
|
|
f1e96c |
} if
|
|
|
f1e96c |
/setsystemparams //pssystemparams mark exch {
|
|
|
f1e96c |
type cvlit /.checkparamtype cvx 2 packedarray cvx
|
|
|
f1e96c |
- } forall .dicttomark .checksetparams
|
|
|
f1e96c |
+ } forall .dicttomark //.checksetparams exec
|
|
|
f1e96c |
% Set the C-level system params. If this succeeds, we know that
|
|
|
f1e96c |
% the password check succeeded.
|
|
|
f1e96c |
dup .setsystemparams
|
|
|
f1e96c |
@@ -1083,5 +1083,6 @@ end % level2dict
|
|
|
f1e96c |
[
|
|
|
f1e96c |
/.checkprocesscomment
|
|
|
f1e96c |
/.pair2dict
|
|
|
f1e96c |
+ /.checksetparams
|
|
|
f1e96c |
]
|
|
|
f1e96c |
{level2dict exch .forceundef} forall
|
|
|
f1e96c |
diff -up ghostscript-9.07/Resource/Init/pdf_base.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_base.ps
|
|
|
f1e96c |
--- ghostscript-9.07/Resource/Init/pdf_base.ps.cve-2019-3839-part2 2019-02-28 08:51:17.876974739 +0100
|
|
|
f1e96c |
+++ ghostscript-9.07/Resource/Init/pdf_base.ps 2019-02-28 08:53:47.343056275 +0100
|
|
|
f1e96c |
@@ -23,7 +23,6 @@
|
|
|
f1e96c |
|
|
|
f1e96c |
/.setlanguagelevel where { pop 2 .setlanguagelevel } if
|
|
|
f1e96c |
.currentglobal //true .setglobal
|
|
|
f1e96c |
-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
|
|
|
f1e96c |
pdfdict begin
|
|
|
f1e96c |
|
|
|
f1e96c |
% Define the name interpretation dictionary for reading values.
|
|
|
f1e96c |
@@ -125,11 +124,11 @@ currentdict /num-chars-dict .undef
|
|
|
f1e96c |
|
|
|
f1e96c |
/.pdfexectoken { % <count> <opdict> <exectoken> .pdfexectoken ?
|
|
|
f1e96c |
PDFDEBUG {
|
|
|
f1e96c |
- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if
|
|
|
f1e96c |
+ //pdfdict /PDFSTEPcount known not { //pdfdict /PDFSTEPcount 1 .forceput } executeonly if
|
|
|
f1e96c |
PDFSTEP {
|
|
|
f1e96c |
- pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput
|
|
|
f1e96c |
+ //pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput
|
|
|
f1e96c |
PDFSTEPcount 1 gt {
|
|
|
f1e96c |
- pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
|
|
|
f1e96c |
+ //pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
|
|
|
f1e96c |
} executeonly
|
|
|
f1e96c |
{
|
|
|
f1e96c |
dup ==only
|
|
|
f1e96c |
@@ -137,10 +136,10 @@ currentdict /num-chars-dict .undef
|
|
|
f1e96c |
( ? ) print flush 1 //false .outputpage
|
|
|
f1e96c |
(%stdin) (r) file 255 string readline {
|
|
|
f1e96c |
token {
|
|
|
f1e96c |
- exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput
|
|
|
f1e96c |
+ exch pop //pdfdict /PDFSTEPcount 3 -1 roll .forceput
|
|
|
f1e96c |
} executeonly
|
|
|
f1e96c |
{
|
|
|
f1e96c |
- pdfdict /PDFSTEPcount 1 .forceput
|
|
|
f1e96c |
+ //pdfdict /PDFSTEPcount 1 .forceput
|
|
|
f1e96c |
} executeonly ifelse % token
|
|
|
f1e96c |
} {
|
|
|
f1e96c |
pop /PDFSTEP //false def % EOF on stdin
|
|
|
f1e96c |
diff -up ghostscript-9.07/Resource/Init/pdf_draw.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_draw.ps
|
|
|
f1e96c |
--- ghostscript-9.07/Resource/Init/pdf_draw.ps.cve-2019-3839-part2 2019-02-28 08:54:17.090674446 +0100
|
|
|
f1e96c |
+++ ghostscript-9.07/Resource/Init/pdf_draw.ps 2019-02-28 09:06:50.804906849 +0100
|
|
|
f1e96c |
@@ -18,8 +18,7 @@
|
|
|
f1e96c |
|
|
|
f1e96c |
/.setlanguagelevel where { pop 2 .setlanguagelevel } if
|
|
|
f1e96c |
.currentglobal //true .setglobal
|
|
|
f1e96c |
-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
|
|
|
f1e96c |
-GS_PDF_ProcSet begin
|
|
|
f1e96c |
+/GS_PDF_ProcSet load begin
|
|
|
f1e96c |
pdfdict begin
|
|
|
f1e96c |
|
|
|
f1e96c |
% For simplicity, we use a single interpretation dictionary for all
|
|
|
f1e96c |
@@ -141,7 +140,7 @@ pdfdict begin
|
|
|
f1e96c |
|
|
|
f1e96c |
/resolvefunction { % <fndict> resolvefunction <function>
|
|
|
f1e96c |
.resolvefn
|
|
|
f1e96c |
- PDFDEBUG { pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Function: ) print dup === flush } if } if
|
|
|
f1e96c |
+ PDFDEBUG { //pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Function: ) print dup === flush } if } if
|
|
|
f1e96c |
} bdef
|
|
|
f1e96c |
|
|
|
f1e96c |
/resolvefnproc { % <fndict> resolvefnproc <proc>
|
|
|
f1e96c |
@@ -907,7 +906,7 @@ currentdict end readonly def
|
|
|
f1e96c |
} bdef
|
|
|
f1e96c |
|
|
|
f1e96c |
/.pdfpaintproc { % <patdict> <resdict> .pdfpaintproc -
|
|
|
f1e96c |
- PDFDEBUG { pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Begin PaintProc) print dup === flush } if } if
|
|
|
f1e96c |
+ PDFDEBUG { //pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Begin PaintProc) print dup === flush } if } if
|
|
|
f1e96c |
PDFfile fileposition 3 1 roll
|
|
|
f1e96c |
q
|
|
|
f1e96c |
1 index /PaintType oget 1 eq {
|
|
|
f1e96c |
@@ -946,7 +945,7 @@ currentdict end readonly def
|
|
|
f1e96c |
/pdfemptycount exch def
|
|
|
f1e96c |
|
|
|
f1e96c |
Q
|
|
|
f1e96c |
- PDFDEBUG { pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%End PaintProc) print dup === flush } if } if
|
|
|
f1e96c |
+ PDFDEBUG { //pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%End PaintProc) print dup === flush } if } if
|
|
|
f1e96c |
PDFfile exch setfileposition
|
|
|
f1e96c |
}bind executeonly odef
|
|
|
f1e96c |
|
|
|
f1e96c |
@@ -986,7 +985,7 @@ currentdict end readonly def
|
|
|
f1e96c |
] cvx put
|
|
|
f1e96c |
dup /BBox 2 copy knownoget { normrect put } { pop pop } ifelse
|
|
|
f1e96c |
dup /.pattern_uses_transparency 1 index patternusestransparency put
|
|
|
f1e96c |
- PDFDEBUG { pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Pattern: ) print dup === flush } if } if
|
|
|
f1e96c |
+ PDFDEBUG { //pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Pattern: ) print dup === flush } if } if
|
|
|
f1e96c |
} bdef
|
|
|
f1e96c |
|
|
|
f1e96c |
/ignore_color_op ( **** Warning: Ignoring a color operation in a cached context.\n) readonly def
|
|
|
f1e96c |
diff -up ghostscript-9.07/Resource/Init/pdf_font.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_font.ps
|
|
|
f1e96c |
--- ghostscript-9.07/Resource/Init/pdf_font.ps.cve-2019-3839-part2 2019-02-28 09:55:34.701833501 +0100
|
|
|
f1e96c |
+++ ghostscript-9.07/Resource/Init/pdf_font.ps 2019-02-28 09:56:27.116147620 +0100
|
|
|
f1e96c |
@@ -37,8 +37,7 @@
|
|
|
f1e96c |
|
|
|
f1e96c |
/.setlanguagelevel where { pop 2 .setlanguagelevel } if
|
|
|
f1e96c |
.currentglobal //true .setglobal
|
|
|
f1e96c |
-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
|
|
|
f1e96c |
-GS_PDF_ProcSet begin
|
|
|
f1e96c |
+/GS_PDF_ProcSet load begin % from userdict at this point
|
|
|
f1e96c |
pdfdict begin
|
|
|
f1e96c |
|
|
|
f1e96c |
% We cache the PostScript font in an additional element of the
|
|
|
f1e96c |
diff -up ghostscript-9.07/Resource/Init/pdf_main.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_main.ps
|
|
|
f1e96c |
--- ghostscript-9.07/Resource/Init/pdf_main.ps.cve-2019-3839-part2 2019-02-28 10:02:48.872152118 +0100
|
|
|
f1e96c |
+++ ghostscript-9.07/Resource/Init/pdf_main.ps 2019-02-28 10:12:44.687353440 +0100
|
|
|
f1e96c |
@@ -18,8 +18,9 @@
|
|
|
f1e96c |
|
|
|
f1e96c |
/.setlanguagelevel where { pop 2 .setlanguagelevel } if
|
|
|
f1e96c |
.currentglobal //true .setglobal
|
|
|
f1e96c |
-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
|
|
|
f1e96c |
pdfdict begin
|
|
|
f1e96c |
+/GS_PDF_ProcSet dup load def % keep in pdfdict to hide it
|
|
|
f1e96c |
+userdict /GS_PDF_ProcSet undef
|
|
|
f1e96c |
|
|
|
f1e96c |
% Patch in an obsolete variable used by some third-party software.
|
|
|
f1e96c |
/#? //false def
|
|
|
f1e96c |
@@ -177,8 +178,8 @@ currentdict /runpdfstring .undef
|
|
|
f1e96c |
/Page //null def
|
|
|
f1e96c |
/DSCPageCount 0 def
|
|
|
f1e96c |
/PDFSave //null def
|
|
|
f1e96c |
- GS_PDF_ProcSet begin
|
|
|
f1e96c |
- pdfdict begin
|
|
|
f1e96c |
+ //pdfdict /GS_PDF_ProcSet get begin
|
|
|
f1e96c |
+ //pdfdict begin
|
|
|
f1e96c |
pdfopen begin
|
|
|
f1e96c |
} bind def
|
|
|
f1e96c |
|
|
|
f1e96c |
@@ -888,7 +889,7 @@ currentdict /xref-char-dict undef
|
|
|
f1e96c |
} bind def
|
|
|
f1e96c |
|
|
|
f1e96c |
/pdfopenfile { % <file> pdfopenfile <dict>
|
|
|
f1e96c |
- pdfdict readonly pop % can't do it any earlier than this
|
|
|
f1e96c |
+ //pdfdict readonly pop % can't do it any earlier than this
|
|
|
f1e96c |
32 dict begin
|
|
|
f1e96c |
/LocalResources 0 dict def
|
|
|
f1e96c |
/DefaultQstate //null def % establish binding
|
|
|
f1e96c |
diff -up ghostscript-9.07/Resource/Init/pdf_ops.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_ops.ps
|
|
|
f1e96c |
--- ghostscript-9.07/Resource/Init/pdf_ops.ps.cve-2019-3839-part2 2019-02-28 10:16:15.196597921 +0100
|
|
|
f1e96c |
+++ ghostscript-9.07/Resource/Init/pdf_ops.ps 2019-02-28 10:17:01.082997269 +0100
|
|
|
f1e96c |
@@ -24,6 +24,7 @@
|
|
|
f1e96c |
systemdict /pdfmark known not
|
|
|
f1e96c |
{ userdict /pdfmark { cleartomark } bind put } if
|
|
|
f1e96c |
|
|
|
f1e96c |
+systemdict /pdfdict where { pop } { /pdfdict 100 dict put } ifelse
|
|
|
f1e96c |
userdict /GS_PDF_ProcSet 127 dict dup begin
|
|
|
f1e96c |
|
|
|
f1e96c |
% ---------------- Abbreviations ---------------- %
|
|
|
f1e96c |
diff -up ghostscript-9.07/Resource/Init/pdf_sec.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_sec.ps
|
|
|
f1e96c |
--- ghostscript-9.07/Resource/Init/pdf_sec.ps.cve-2019-3839-part2 2019-02-28 10:21:16.760650506 +0100
|
|
|
f1e96c |
+++ ghostscript-9.07/Resource/Init/pdf_sec.ps 2019-02-28 10:22:46.213473549 +0100
|
|
|
f1e96c |
@@ -39,7 +39,6 @@
|
|
|
f1e96c |
|
|
|
f1e96c |
/.setlanguagelevel where { pop 2 .setlanguagelevel } if
|
|
|
f1e96c |
.currentglobal //true .setglobal
|
|
|
f1e96c |
-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
|
|
|
f1e96c |
pdfdict begin
|
|
|
f1e96c |
|
|
|
f1e96c |
% Older ghostscript versions do not have .pdftoken, so we use 'token' instead.
|
|
|
f1e96c |
@@ -719,4 +718,7 @@ currentdict /PDFScanRules_null undef
|
|
|
f1e96c |
} bind def
|
|
|
f1e96c |
|
|
|
f1e96c |
end % pdfdict
|
|
|
f1e96c |
+
|
|
|
f1e96c |
+systemdict /pdfdict .forceundef % hide pdfdict
|
|
|
f1e96c |
+
|
|
|
f1e96c |
.setglobal
|