rpms/ghostscript/F-10 ghostscript-jbig2dec-nullderef.patch, NONE, 1.1 ghostscript.spec, 1.180, 1.181
Tim Waugh
twaugh at fedoraproject.org
Thu Jun 4 12:51:31 UTC 2009
Author: twaugh
Update of /cvs/pkgs/rpms/ghostscript/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29436
Modified Files:
ghostscript.spec
Added Files:
ghostscript-jbig2dec-nullderef.patch
Log Message:
* Thu Jun 4 2009 Tim Waugh <twaugh at redhat.com> 8.63-7
- Applied patch to fix NULL dereference in jbig2dec (bug #503991).
ghostscript-jbig2dec-nullderef.patch:
--- NEW FILE ghostscript-jbig2dec-nullderef.patch ---
diff -up ghostscript-8.63/jbig2dec/jbig2_generic.c.jbig2dec-nullderef ghostscript-8.63/jbig2dec/jbig2_generic.c
--- ghostscript-8.63/jbig2dec/jbig2_generic.c.jbig2dec-nullderef 2007-10-25 23:14:22.000000000 +0100
+++ ghostscript-8.63/jbig2dec/jbig2_generic.c 2009-06-04 12:19:28.538632743 +0100
@@ -599,6 +599,10 @@ jbig2_immediate_generic_region(Jbig2Ctx
memcpy (params.gbat, gbat, gbat_bytes);
image = jbig2_image_new(ctx, rsi.width, rsi.height);
+ if (image == NULL)
+ return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+ "failed to allocate buffer for image");
+
jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number,
"allocated %d x %d image buffer for region decode results",
rsi.width, rsi.height);
diff -up ghostscript-8.63/jbig2dec/jbig2_symbol_dict.c.jbig2dec-nullderef ghostscript-8.63/jbig2dec/jbig2_symbol_dict.c
--- ghostscript-8.63/jbig2dec/jbig2_symbol_dict.c.jbig2dec-nullderef 2009-06-04 12:19:22.875757165 +0100
+++ ghostscript-8.63/jbig2dec/jbig2_symbol_dict.c 2009-06-04 12:19:28.539632281 +0100
@@ -370,6 +370,11 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
memcpy(region_params.gbat, params->sdat, sdat_bytes);
image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT);
+ if (image == NULL) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+ "failed to allocate image storage");
+ return NULL;
+ }
code = jbig2_decode_generic_region(ctx, segment, ®ion_params,
as, image, GB_stats);
@@ -520,6 +525,11 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
ID, RDX, RDY);
image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT);
+ if (image == NULL) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+ "failed to allocate image storage");
+ return NULL;
+ }
/* Table 18 */
rparams.GRTEMPLATE = params->SDRTEMPLATE;
@@ -638,6 +648,16 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
for (j = HCFIRSTSYM; j < NSYMSDECODED; j++) {
Jbig2Image *glyph;
glyph = jbig2_image_new(ctx, SDNEWSYMWIDTHS[j], HCHEIGHT);
+ if (glyph == NULL) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+ "error allocating image storage for glyph");
+ while (--j >= HCFIRSTSYM) {
+ jbig2_image_release(ctx, SDNEWSYMS->glyphs[j]);
+ SDNEWSYMS->glyphs[j] = NULL;
+ }
+ jbig2_image_release(ctx, image);
+ return NULL;
+ }
jbig2_image_compose(ctx, glyph, image,
-x, 0, JBIG2_COMPOSE_REPLACE);
x += SDNEWSYMWIDTHS[j];
diff -up ghostscript-8.63/jbig2dec/jbig2_text.c.jbig2dec-nullderef ghostscript-8.63/jbig2dec/jbig2_text.c
--- ghostscript-8.63/jbig2dec/jbig2_text.c.jbig2dec-nullderef 2008-05-09 15:00:44.000000000 +0100
+++ ghostscript-8.63/jbig2dec/jbig2_text.c 2009-06-04 12:19:28.549632768 +0100
@@ -315,6 +315,9 @@ jbig2_decode_text_region(Jbig2Ctx *ctx,
IBO = IB;
image = jbig2_image_new(ctx, IBO->width + RDW,
IBO->height + RDH);
+ if (image == NULL)
+ return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+ "could not allocate image storage");
/* Table 12 */
rparams.GRTEMPLATE = params->SBRTEMPLATE;
@@ -676,6 +679,9 @@ jbig2_parse_text_region(Jbig2Ctx *ctx, J
}
image = jbig2_image_new(ctx, region_info.width, region_info.height);
+ if (image == NULL)
+ return jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
+ "unable to allocate image storage");
ws = jbig2_word_stream_buf_new(ctx, segment_data + offset, segment->data_length - offset);
if (!params.SBHUFF) {
Index: ghostscript.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ghostscript/F-10/ghostscript.spec,v
retrieving revision 1.180
retrieving revision 1.181
diff -u -p -r1.180 -r1.181
--- ghostscript.spec 15 Apr 2009 16:07:40 -0000 1.180
+++ ghostscript.spec 4 Jun 2009 12:51:00 -0000 1.181
@@ -5,7 +5,7 @@ Summary: A PostScript(TM) interpreter an
Name: ghostscript
Version: %{gs_ver}
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv2
URL: http://www.ghostscript.com/
@@ -25,6 +25,7 @@ Patch8: ghostscript-CVE-2009-0583,0584.p
Patch9: ghostscript-CVE-2009-0792.patch
Patch10: ghostscript-CVE-2009-0196.patch
Patch11: ghostscript-CVE-2008-6679.patch
+Patch12: ghostscript-jbig2dec-nullderef.patch
Requires: urw-fonts >= 1.1, ghostscript-fonts
BuildRequires: libjpeg-devel, libXt-devel
@@ -121,6 +122,9 @@ rm -rf libpng zlib jpeg jasper
# Applied patch to fix CVE-2008-6679 (bug #493445).
%patch11 -p1 -b .CVE-2008-6679
+# Applied patch to fix NULL dereference in jbig2dec (bug #503991).
+%patch12 -p1 -b .jbig2dec-nullderef
+
# Convert manual pages to UTF-8
from8859_1() {
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@@ -305,6 +309,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/libgs.so
%changelog
+* Thu Jun 4 2009 Tim Waugh <twaugh at redhat.com> 8.63-7
+- Applied patch to fix NULL dereference in jbig2dec (bug #503991).
+
* Wed Apr 15 2009 Tim Waugh <twaugh at redhat.com> 8.63-6
- Applied patch to fix CVE-2009-0792 (bug #491853).
- Applied patch to fix CVE-2009-0196 (bug #493379).
More information about the fedora-extras-commits
mailing list