rpms / ghostscript

Clone
Source Code
GIT

Blame SOURCES/ghostscript-pdfwrite-segfault.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8-containeronly-stream-flatpak c8s c9 c9-beta
  1.   993c09dd20f3d67938f654e14a92fc5c0ce8d8d0
  2.   SOURCES
  3.   ghostscript-pdfwrite-segfault.patch
Blob History Raw
ea5d11 
diff -up ghostscript-9.06/base/gdevpdtd.c.pdfwrite-segfault ghostscript-9.06/base/gdevpdtd.c
ea5d11 
--- ghostscript-9.06/base/gdevpdtd.c.pdfwrite-segfault	2012-08-08 09:01:36.000000000 +0100
ea5d11 
+++ ghostscript-9.06/base/gdevpdtd.c	2013-05-16 09:28:07.410407852 +0100
ea5d11 
@@ -699,7 +699,7 @@ pdf_write_FontDescriptor(gx_device_pdf *
ea5d11 
         if (code < 0)
ea5d11 
             return code;
ea5d11 
     }
ea5d11 
-    if (pfd->embed) {
ea5d11 
+    if (pfd->embed && pfd->base_font->FontFile) {
ea5d11 
         code = pdf_write_FontFile_entry(pdev, pfd->base_font);
ea5d11 
         if (code < 0)
ea5d11 
             return code;
ea5d11 
diff -up ghostscript-9.06/base/gxtype1.c.pdfwrite-segfault ghostscript-9.06/base/gxtype1.c
ea5d11 
--- ghostscript-9.06/base/gxtype1.c.pdfwrite-segfault	2012-08-08 09:01:36.000000000 +0100
ea5d11 
+++ ghostscript-9.06/base/gxtype1.c	2013-05-16 09:28:07.409407814 +0100
ea5d11 
@@ -371,7 +371,7 @@ gs_type1_piece_codes(/*const*/ gs_font_t
ea5d11 
     const byte *cip, *end;
ea5d11 
     crypt_state state;
ea5d11 
     int c, hhints = 0, vhints = 0;
ea5d11 
-    int code;
ea5d11 
+    int code, call_depth = 0;
ea5d11
ea5d11 
     CLEAR_CSTACK(cstack, csp);
ea5d11 
     cip = pgd->bits.data;
ea5d11 
@@ -450,6 +450,7 @@ gs_type1_piece_codes(/*const*/ gs_font_t
ea5d11 
             }
ea5d11 
             break;
ea5d11 
         case c2_callgsubr:
ea5d11 
+            call_depth++;
ea5d11 
             c = fixed2int_var(*csp) + pdata->gsubrNumberBias;
ea5d11 
             code = pdata->procs.subr_data
ea5d11 
                 (pfont, c, true, &ipsp[1].cs_data);
ea5d11 
@@ -462,6 +463,7 @@ gs_type1_piece_codes(/*const*/ gs_font_t
ea5d11 
             end = ipsp->cs_data.bits.data + ipsp->cs_data.bits.size;
ea5d11 
             goto call;
ea5d11 
         case c_callsubr:
ea5d11 
+            call_depth++;
ea5d11 
             c = fixed2int_var(*csp) + pdata->subroutineNumberBias;
ea5d11 
             code = pdata->procs.subr_data
ea5d11 
                 (pfont, c, false, &ipsp[1].cs_data);
ea5d11 
@@ -474,6 +476,10 @@ gs_type1_piece_codes(/*const*/ gs_font_t
ea5d11 
             end = ipsp->cs_data.bits.data + ipsp->cs_data.bits.size;
ea5d11 
             goto call;
ea5d11 
         case c_return:
ea5d11 
+            if (call_depth == 0)
ea5d11 
+                return (gs_note_error(gs_error_invalidfont));
ea5d11 
+            else
ea5d11 
+                call_depth--;
ea5d11 
             gs_glyph_data_free(&ipsp->cs_data, "gs_type1_piece_codes");
ea5d11 
             --ipsp;
ea5d11 
             if (ipsp < ipstack)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation