aboutsummaryrefslogtreecommitdiffstats
path: root/main/ghostscript/CVE-2019-3838.patch
blob: 0ba1e876b61038a4c9aec4b4dad1a8942b974d50 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
From ed9fcd95bb01f0768bf273b2526732e381202319 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 20 Feb 2019 09:54:28 +0000
Subject: [PATCH 1/2] Bug 700576: Make a transient proc executeonly (in
 DefineResource).

This prevents access to .forceput

Solution originally suggested by cbuissar@redhat.com.
---
 Resource/Init/gs_res.ps | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index d9b3459..b646329 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -425,7 +425,7 @@ status {
                         % so we have to use .forcedef here.
                   /.Instances 1 index .forcedef	% Category dict is read-only
                 } executeonly if
-              }
+              } executeonly
               { .LocalInstances dup //.emptydict eq
                  { pop 3 dict localinstancedict Category 2 index put
                  }
-- 
2.20.1


From a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Fri, 22 Feb 2019 12:28:23 +0000
Subject: [PATCH 2/2] Bug 700576(redux): an extra transient proc needs
 executeonly'ed.

---
 Resource/Init/gs_res.ps | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index b646329..8c1f29f 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -437,7 +437,7 @@ status {
                         % Now make the resource value read-only.
              0 2 copy get { readonly } .internalstopped pop
              dup 4 1 roll put exch pop exch pop
-           }
+           } executeonly
            { /defineresource cvx /typecheck signaloperror
            }
         ifelse
-- 
2.20.1