From: Nancy Durgin <nancy.durgin@artifex.com>
Date: Wed, 23 Jan 2019 20:00:30 +0000 (-0800)
Subject: Fixed bug caused by the way .checksetparams was undef'd
Fixed bug caused by the way .checksetparams was undef'd
Previously, had undef'd it by making it an operator.
Now just use an immediate reference and undef it in the gs_lev2.ps file.
This fixes bug introduced in commit fe4c47d8e25d6366ecbb5ff487348148b908a89e.
Undef'ing .checksetparams by making it an operator doesn't work right because
errors report .checksetparams as the offending function instead of
the operator that uses it (setsystemparams in this case).
This caused an error in file /tests_private/ps/ps3cet/27-09.PS on page 3,
where it reports the offending function of some error-handling tests.
Reporting function should be 'setsystemparams', not '.checksetparams' on
this page.
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e7ff64cf9b756278f19c87d295ee0fd95c955c05
From: Ray Johnston <ray.johnston@artifex.com>
Date: Thu, 31 Jan 2019 19:31:30 +0000 (-0800)
Subject: Hide pdfdict and GS_PDF_ProcSet (internal stuff for the PDF interp).
Hide pdfdict and GS_PDF_ProcSet (internal stuff for the PDF interp).
We now keep GS_PDF_ProcSet in pdfdict, and immediately bind pdfdict
where needed so we can undef it after the last PDF interp file has
run (pdf_sec.ps).
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
---
diff -up ghostscript-9.07/Resource/Init/gs_init.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/gs_init.ps
--- ghostscript-9.07/Resource/Init/gs_init.ps.cve-2019-3839-part2 2019-02-28 08:33:56.995374504 +0100
+++ ghostscript-9.07/Resource/Init/gs_init.ps 2019-02-28 08:34:35.073879701 +0100
@@ -2222,7 +2222,6 @@ SAFER { .setsafe } if
/.setuserparams2
/.startjob
/.checkFilePermitparams
- /.checksetparams
/.copyparam
/.setpagesize
diff -up ghostscript-9.07/Resource/Init/gs_lev2.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/gs_lev2.ps
--- ghostscript-9.07/Resource/Init/gs_lev2.ps.cve-2019-3839-part2 2019-02-28 08:35:01.038542311 +0100
+++ ghostscript-9.07/Resource/Init/gs_lev2.ps 2019-02-28 08:38:44.266647686 +0100
@@ -64,7 +64,7 @@ level2dict begin
pop
} ifelse pop pop
} forall pop pop
-} .bind odef
+} .bind def
% currentuser/systemparams creates and returns a dictionary in the
% current VM. The easiest way to make this work is to copy any composite
@@ -129,7 +129,7 @@ end
/.setuserparams2 {
% Check that we will be able to set the PostScript-level
% user parameters.
- /setuserparams /psuserparams .systemvar .checksetparams
+ /setuserparams /psuserparams .systemvar //.checksetparams exec
% Set the C-level user params. If this succeeds, we know that
% the password check succeeded.
dup .setuserparams
@@ -211,7 +211,7 @@ end
} if
/setsystemparams //pssystemparams mark exch {
type cvlit /.checkparamtype cvx 2 packedarray cvx
- } forall .dicttomark .checksetparams
+ } forall .dicttomark //.checksetparams exec
% Set the C-level system params. If this succeeds, we know that
% the password check succeeded.
dup .setsystemparams
@@ -1083,5 +1083,6 @@ end % level2dict
[
/.checkprocesscomment
/.pair2dict
+ /.checksetparams
]
{level2dict exch .forceundef} forall
diff -up ghostscript-9.07/Resource/Init/pdf_base.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_base.ps
--- ghostscript-9.07/Resource/Init/pdf_base.ps.cve-2019-3839-part2 2019-02-28 08:51:17.876974739 +0100
+++ ghostscript-9.07/Resource/Init/pdf_base.ps 2019-02-28 08:53:47.343056275 +0100
@@ -23,7 +23,6 @@
/.setlanguagelevel where { pop 2 .setlanguagelevel } if
.currentglobal //true .setglobal
-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
pdfdict begin
% Define the name interpretation dictionary for reading values.
@@ -125,11 +124,11 @@ currentdict /num-chars-dict .undef
/.pdfexectoken { % <count> <opdict> <exectoken> .pdfexectoken ?
PDFDEBUG {
- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if
+ //pdfdict /PDFSTEPcount known not { //pdfdict /PDFSTEPcount 1 .forceput } executeonly if
PDFSTEP {
- pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput
+ //pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput
PDFSTEPcount 1 gt {
- pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
+ //pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
} executeonly
{
dup ==only
@@ -137,10 +136,10 @@ currentdict /num-chars-dict .undef
( ? ) print flush 1 //false .outputpage
(%stdin) (r) file 255 string readline {
token {
- exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput
+ exch pop //pdfdict /PDFSTEPcount 3 -1 roll .forceput
} executeonly
{
- pdfdict /PDFSTEPcount 1 .forceput
+ //pdfdict /PDFSTEPcount 1 .forceput
} executeonly ifelse % token
} {
pop /PDFSTEP //false def % EOF on stdin
diff -up ghostscript-9.07/Resource/Init/pdf_draw.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_draw.ps
--- ghostscript-9.07/Resource/Init/pdf_draw.ps.cve-2019-3839-part2 2019-02-28 08:54:17.090674446 +0100
+++ ghostscript-9.07/Resource/Init/pdf_draw.ps 2019-02-28 09:06:50.804906849 +0100
@@ -18,8 +18,7 @@
/.setlanguagelevel where { pop 2 .setlanguagelevel } if
.currentglobal //true .setglobal
-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
-GS_PDF_ProcSet begin
+/GS_PDF_ProcSet load begin
pdfdict begin
% For simplicity, we use a single interpretation dictionary for all
@@ -141,7 +140,7 @@ pdfdict begin
/resolvefunction { % <fndict> resolvefunction <function>
.resolvefn
- PDFDEBUG { pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Function: ) print dup === flush } if } if
+ PDFDEBUG { //pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Function: ) print dup === flush } if } if
} bdef
/resolvefnproc { % <fndict> resolvefnproc <proc>
@@ -907,7 +906,7 @@ currentdict end readonly def
} bdef
/.pdfpaintproc { % <patdict> <resdict> .pdfpaintproc -
- PDFDEBUG { pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Begin PaintProc) print dup === flush } if } if
+ PDFDEBUG { //pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Begin PaintProc) print dup === flush } if } if
PDFfile fileposition 3 1 roll
q
1 index /PaintType oget 1 eq {
@@ -946,7 +945,7 @@ currentdict end readonly def
/pdfemptycount exch def
Q
- PDFDEBUG { pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%End PaintProc) print dup === flush } if } if
+ PDFDEBUG { //pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%End PaintProc) print dup === flush } if } if
PDFfile exch setfileposition
}bind executeonly odef
@@ -986,7 +985,7 @@ currentdict end readonly def
] cvx put
dup /BBox 2 copy knownoget { normrect put } { pop pop } ifelse
dup /.pattern_uses_transparency 1 index patternusestransparency put
- PDFDEBUG { pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Pattern: ) print dup === flush } if } if
+ PDFDEBUG { //pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%Pattern: ) print dup === flush } if } if
} bdef
/ignore_color_op ( **** Warning: Ignoring a color operation in a cached context.\n) readonly def
diff -up ghostscript-9.07/Resource/Init/pdf_font.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_font.ps
--- ghostscript-9.07/Resource/Init/pdf_font.ps.cve-2019-3839-part2 2019-02-28 09:55:34.701833501 +0100
+++ ghostscript-9.07/Resource/Init/pdf_font.ps 2019-02-28 09:56:27.116147620 +0100
@@ -37,8 +37,7 @@
/.setlanguagelevel where { pop 2 .setlanguagelevel } if
.currentglobal //true .setglobal
-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
-GS_PDF_ProcSet begin
+/GS_PDF_ProcSet load begin % from userdict at this point
pdfdict begin
% We cache the PostScript font in an additional element of the
diff -up ghostscript-9.07/Resource/Init/pdf_main.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_main.ps
--- ghostscript-9.07/Resource/Init/pdf_main.ps.cve-2019-3839-part2 2019-02-28 10:02:48.872152118 +0100
+++ ghostscript-9.07/Resource/Init/pdf_main.ps 2019-02-28 10:12:44.687353440 +0100
@@ -18,8 +18,9 @@
/.setlanguagelevel where { pop 2 .setlanguagelevel } if
.currentglobal //true .setglobal
-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
pdfdict begin
+/GS_PDF_ProcSet dup load def % keep in pdfdict to hide it
+userdict /GS_PDF_ProcSet undef
% Patch in an obsolete variable used by some third-party software.
/#? //false def
@@ -177,8 +178,8 @@ currentdict /runpdfstring .undef
/Page //null def
/DSCPageCount 0 def
/PDFSave //null def
- GS_PDF_ProcSet begin
- pdfdict begin
+ //pdfdict /GS_PDF_ProcSet get begin
+ //pdfdict begin
pdfopen begin
} bind def
@@ -888,7 +889,7 @@ currentdict /xref-char-dict undef
} bind def
/pdfopenfile { % <file> pdfopenfile <dict>
- pdfdict readonly pop % can't do it any earlier than this
+ //pdfdict readonly pop % can't do it any earlier than this
32 dict begin
/LocalResources 0 dict def
/DefaultQstate //null def % establish binding
diff -up ghostscript-9.07/Resource/Init/pdf_ops.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_ops.ps
--- ghostscript-9.07/Resource/Init/pdf_ops.ps.cve-2019-3839-part2 2019-02-28 10:16:15.196597921 +0100
+++ ghostscript-9.07/Resource/Init/pdf_ops.ps 2019-02-28 10:17:01.082997269 +0100
@@ -24,6 +24,7 @@
systemdict /pdfmark known not
{ userdict /pdfmark { cleartomark } bind put } if
+systemdict /pdfdict where { pop } { /pdfdict 100 dict put } ifelse
userdict /GS_PDF_ProcSet 127 dict dup begin
% ---------------- Abbreviations ---------------- %
diff -up ghostscript-9.07/Resource/Init/pdf_sec.ps.cve-2019-3839-part2 ghostscript-9.07/Resource/Init/pdf_sec.ps
--- ghostscript-9.07/Resource/Init/pdf_sec.ps.cve-2019-3839-part2 2019-02-28 10:21:16.760650506 +0100
+++ ghostscript-9.07/Resource/Init/pdf_sec.ps 2019-02-28 10:22:46.213473549 +0100
@@ -39,7 +39,6 @@
/.setlanguagelevel where { pop 2 .setlanguagelevel } if
.currentglobal //true .setglobal
-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
pdfdict begin
% Older ghostscript versions do not have .pdftoken, so we use 'token' instead.
@@ -719,4 +718,7 @@ currentdict /PDFScanRules_null undef
} bind def
end % pdfdict
+
+systemdict /pdfdict .forceundef % hide pdfdict
+
.setglobal