forked from pool/ghostscript
064397ec60
Ghostscript security fix CVE-2021-45949 (bsc#1194304) including CVE-2021-45944 (bsc#1194303) OBS-URL: https://build.opensuse.org/request/show/945778 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=148
37 lines
1.7 KiB
Diff
37 lines
1.7 KiB
Diff
--- psi/zfsample.c.orig 2022-01-12 09:16:07.639604741 +0100
|
|
+++ psi/zfsample.c 2022-01-12 09:21:45.187952236 +0100
|
|
@@ -535,13 +535,16 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
|
|
}
|
|
pop(num_out); /* Move op to base of result values */
|
|
|
|
+ /* From here on, we have to use ref_stack_pop() rather than pop()
|
|
+ so that it handles stack extension blocks properly, before calling
|
|
+ sampled_data_sample() which also uses the op stack.
|
|
+ */
|
|
/* Check if we are done collecting data. */
|
|
-
|
|
if (increment_cube_indexes(params, penum->indexes)) {
|
|
if (stack_depth_adjust == 0)
|
|
- pop(O_STACK_PAD); /* Remove spare stack space */
|
|
+ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */
|
|
else
|
|
- pop(stack_depth_adjust - num_out);
|
|
+ ref_stack_pop(&o_stack, stack_depth_adjust - num_out);
|
|
/* Execute the closing procedure, if given */
|
|
code = 0;
|
|
if (esp_finish_proc != 0)
|
|
@@ -554,11 +557,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
|
|
if ((O_STACK_PAD - stack_depth_adjust) < 0) {
|
|
stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust);
|
|
check_op(stack_depth_adjust);
|
|
- pop(stack_depth_adjust);
|
|
+ ref_stack_pop(&o_stack, stack_depth_adjust);
|
|
}
|
|
else {
|
|
check_ostack(O_STACK_PAD - stack_depth_adjust);
|
|
- push(O_STACK_PAD - stack_depth_adjust);
|
|
+ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust);
|
|
for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++)
|
|
make_null(op - i);
|
|
}
|