Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 194334 Details for
Bug 272314
app-text/ghostscript-8.70 (and later?): NULL pointer dereference
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
A proposed patch to fix the NULL-pointer dereferencing.
ghostscript-8.64.jbig2fix.patch (text/plain), 6.61 KB, created by
Mansour Moufid
on 2009-06-12 01:21:11 UTC
(
hide
)
Description:
A proposed patch to fix the NULL-pointer dereferencing.
Filename:
MIME Type:
Creator:
Mansour Moufid
Created:
2009-06-12 01:21:11 UTC
Size:
6.61 KB
patch
obsolete
>diff -Nurp ghostscript-8.64/jbig2dec/jbig2_generic.c ghostscript-8.64.new/jbig2dec/jbig2_generic.c >--- ghostscript-8.64/jbig2dec/jbig2_generic.c 2007-10-25 18:14:22.000000000 -0400 >+++ ghostscript-8.64.new/jbig2dec/jbig2_generic.c 2009-06-11 21:01:53.529809021 -0400 >@@ -599,6 +599,9 @@ jbig2_immediate_generic_region(Jbig2Ctx > memcpy (params.gbat, gbat, gbat_bytes); > > image = jbig2_image_new(ctx, rsi.width, rsi.height); >+ if (image == NULL) >+ return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, >+ "invalid image"); > jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number, > "allocated %d x %d image buffer for region decode results", > rsi.width, rsi.height); >diff -Nurp ghostscript-8.64/jbig2dec/jbig2.h ghostscript-8.64.new/jbig2dec/jbig2.h >--- ghostscript-8.64/jbig2dec/jbig2.h 2007-06-05 18:23:38.000000000 -0400 >+++ ghostscript-8.64.new/jbig2dec/jbig2.h 2009-06-11 21:01:53.429837021 -0400 >@@ -59,7 +59,7 @@ struct _Jbig2Image { > int refcount; > }; > >-Jbig2Image* jbig2_image_new(Jbig2Ctx *ctx, int width, int height); >+Jbig2Image* jbig2_image_new(Jbig2Ctx *ctx, unsigned long width, unsigned long height); > Jbig2Image* jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image); > void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image); > void jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image); >diff -Nurp ghostscript-8.64/jbig2dec/jbig2_image.c ghostscript-8.64.new/jbig2dec/jbig2_image.c >--- ghostscript-8.64/jbig2dec/jbig2_image.c 2007-06-05 18:23:38.000000000 -0400 >+++ ghostscript-8.64.new/jbig2dec/jbig2_image.c 2009-06-11 21:01:53.577840934 -0400 >@@ -24,6 +24,7 @@ > #include <stdio.h> > #include <stdlib.h> > #include <string.h> /* memcpy() */ >+#include <limits.h> /* INT_MAX */ > > #include "jbig2.h" > #include "jbig2_priv.h" >@@ -31,10 +32,17 @@ > > > /* allocate a Jbig2Image structure and its associated bitmap */ >-Jbig2Image* jbig2_image_new(Jbig2Ctx *ctx, int width, int height) >+Jbig2Image* jbig2_image_new(Jbig2Ctx *ctx, unsigned long width, unsigned long height) > { > Jbig2Image *image; >- int stride; >+ unsigned long stride; >+ >+ if (width == 0 || height == 0 || width > INT_MAX || height > INT_MAX) { >+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, >+ "invalid image dimensions! [%lux%lu]\n", width, height); >+ jbig2_free(ctx->allocator, image); >+ return NULL; >+ } > > image = (Jbig2Image *)jbig2_alloc(ctx->allocator, sizeof(*image)); > if (image == NULL) { >@@ -47,14 +55,14 @@ Jbig2Image* jbig2_image_new(Jbig2Ctx *ct > image->data = (uint8_t *)jbig2_alloc(ctx->allocator, stride*height); > if (image->data == NULL) { > jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, >- "could not allocate image data buffer! [%d bytes]\n", stride*height); >+ "could not allocate image data buffer! [%lu bytes]\n", stride*height); > jbig2_free(ctx->allocator, image); > return NULL; > } > >- image->width = width; >- image->height = height; >- image->stride = stride; >+ image->width = (int) width; >+ image->height = (int) height; >+ image->stride = (int) stride; > image->refcount = 1; > > return image; >diff -Nurp ghostscript-8.64/jbig2dec/jbig2_refinement.c ghostscript-8.64.new/jbig2dec/jbig2_refinement.c >--- ghostscript-8.64/jbig2dec/jbig2_refinement.c 2007-10-25 18:14:22.000000000 -0400 >+++ ghostscript-8.64.new/jbig2dec/jbig2_refinement.c 2009-06-11 21:01:53.689835967 -0400 >@@ -407,7 +407,7 @@ jbig2_refinement_region(Jbig2Ctx *ctx, J > image = jbig2_image_new(ctx, rsi.width, rsi.height); > if (image == NULL) > return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, >- "unable to allocate image storage"); >+ "unable to allocate image storage"); > jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number, > "allocated %d x %d image buffer for region decode results", > rsi.width, rsi.height); >diff -Nurp ghostscript-8.64/jbig2dec/jbig2_symbol_dict.c ghostscript-8.64.new/jbig2dec/jbig2_symbol_dict.c >--- ghostscript-8.64/jbig2dec/jbig2_symbol_dict.c 2007-12-11 03:29:58.000000000 -0500 >+++ ghostscript-8.64.new/jbig2dec/jbig2_symbol_dict.c 2009-06-11 21:01:53.710811788 -0400 >@@ -370,6 +370,12 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, > memcpy(region_params.gbat, params->sdat, sdat_bytes); > > image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT); >+ if (image == NULL) { >+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, >+ "unable to allocate image storage"); >+ /* todo: memory cleanup */ >+ return NULL; >+ } > > code = jbig2_decode_generic_region(ctx, segment, ®ion_params, > as, image, GB_stats); >@@ -520,6 +526,12 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, > ID, RDX, RDY); > > image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT); >+ if (image == NULL) { >+ code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, >+ "Out of memory creating symbol image"); >+ /* todo: memory cleanup */ >+ return NULL; >+ } > > /* Table 18 */ > rparams.GRTEMPLATE = params->SDRTEMPLATE; >@@ -638,6 +650,13 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, > for (j = HCFIRSTSYM; j < NSYMSDECODED; j++) { > Jbig2Image *glyph; > glyph = jbig2_image_new(ctx, SDNEWSYMWIDTHS[j], HCHEIGHT); >+ if (glyph == NULL) { >+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, >+ "unable to allocate image storage"); >+ /* todo: memory cleanup */ >+ return NULL; >+ } >+ > jbig2_image_compose(ctx, glyph, image, > -x, 0, JBIG2_COMPOSE_REPLACE); > x += SDNEWSYMWIDTHS[j]; >diff -Nurp ghostscript-8.64/jbig2dec/jbig2_text.c ghostscript-8.64.new/jbig2dec/jbig2_text.c >--- ghostscript-8.64/jbig2dec/jbig2_text.c 2008-05-09 10:00:44.000000000 -0400 >+++ ghostscript-8.64.new/jbig2dec/jbig2_text.c 2009-06-11 21:01:53.729836629 -0400 >@@ -315,6 +315,12 @@ jbig2_decode_text_region(Jbig2Ctx *ctx, > IBO = IB; > image = jbig2_image_new(ctx, IBO->width + RDW, > IBO->height + RDH); >+ if (image == NULL) { >+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, >+ "unable to allocate image storage"); >+ /* todo: memory cleanup */ >+ return -1; >+ } > > /* Table 12 */ > rparams.GRTEMPLATE = params->SBRTEMPLATE; >@@ -676,6 +682,12 @@ jbig2_parse_text_region(Jbig2Ctx *ctx, J > } > > image = jbig2_image_new(ctx, region_info.width, region_info.height); >+ if (image == NULL) { >+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, >+ "unable to allocate image storage"); >+ /* todo: memory cleanup */ >+ return -1; >+ } > > ws = jbig2_word_stream_buf_new(ctx, segment_data + offset, segment->data_length - offset); > if (!params.SBHUFF) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 272314
:
194334
|
212839