guix/gnu/packages/patches/ghostscript-CVE-2015-3228.patch

33 lines
1.1 KiB
Diff
Raw Normal View History

The file names in the upstream patch below were modified to apply to GNU
ghostscript.
From 0c0b0859ae1aba64861599f0e7f74f143f305932 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Tue, 7 Jul 2015 16:57:41 +0100
Subject: [PATCH] Bug 696041: sanity check for memory allocation.
In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the
variable holding the actual number of bytes we allocate.
No cluster differences
---
gs/base/gsmalloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/base/gsmalloc.c b/base/gsmalloc.c
index 624552d..cad79c2 100644
--- a/base/gsmalloc.c
+++ b/base/gsmalloc.c
@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname)
} else {
uint added = size + sizeof(gs_malloc_block_t);
- if (mmem->limit - added < mmem->used)
+ if (added <= size || mmem->limit - added < mmem->used)
set_msg("exceeded limit");
else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
set_msg("failed");
--
2.4.6