2e708fde52
Ghostscript security update that fixes (CVE-2013-5653 is already fixed in the 9.20 sources) CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 (all bsc#1001951) and CVE-2016-8602 (bsc#1004237) OBS-URL: https://build.opensuse.org/request/show/435738 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=72
40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
From: Chris Liddell <chris.liddell@artifex.com>
|
|
Date: Sat, 8 Oct 2016 15:10:27 +0000 (+0100)
|
|
Subject: Bug 697203: check for sufficient params in .sethalftone5
|
|
X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78;hp=a5360401495654e89301b2516703c1d2877fc5ba
|
|
|
|
Bug 697203: check for sufficient params in .sethalftone5
|
|
|
|
and param types
|
|
---
|
|
|
|
diff --git a/psi/zht2.c b/psi/zht2.c
|
|
index fb4a264..dfa27a4 100644
|
|
--- a/psi/zht2.c
|
|
+++ b/psi/zht2.c
|
|
@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p)
|
|
gs_memory_t *mem;
|
|
uint edepth = ref_stack_count(&e_stack);
|
|
int npop = 2;
|
|
- int dict_enum = dict_first(op);
|
|
+ int dict_enum;
|
|
ref rvalue[2];
|
|
int cname, colorant_number;
|
|
byte * pname;
|
|
uint name_size;
|
|
int halftonetype, type = 0;
|
|
gs_gstate *pgs = igs;
|
|
- int space_index = r_space_index(op - 1);
|
|
+ int space_index;
|
|
+
|
|
+ if (ref_stack_count(&o_stack) < 2)
|
|
+ return_error(gs_error_stackunderflow);
|
|
+ check_type(*op, t_dictionary);
|
|
+ check_type(*(op - 1), t_dictionary);
|
|
+
|
|
+ dict_enum = dict_first(op);
|
|
+ space_index = r_space_index(op - 1);
|
|
|
|
mem = (gs_memory_t *) idmemory->spaces_indexed[space_index];
|
|
|