File CVE-2024-46955.patch of Package ghostscript

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2024-46955.patch of Package ghostscript

--- psi/zcolor.c.patched	2024-10-24 13:08:39.393319196 +0200
+++ psi/zcolor.c	2024-10-25 13:33:02.203219457 +0200
@@ -3635,6 +3635,7 @@ static int septransform(i_ctx_t *i_ctx_p
         code = array_get(imemory, sepspace, 3, &proc);
         if (code < 0)
             return code;
+        check_proc(proc);
         *esp = proc;
         return o_push_estack;
     }
@@ -4457,6 +4458,7 @@ static int devicentransform(i_ctx_t *i_c
         code = array_get(imemory, devicenspace, 3, &proc);
         if (code < 0)
             return code;
+        check_proc(proc);
         *esp = proc;
         return o_push_estack;
     }
@@ -4872,6 +4874,7 @@ static int indexedbasecolor(i_ctx_t * i_
             code = array_get(imemory, space, 3, &proc);
             if (code < 0)
                 return code;
+            check_proc(proc);
             *ep = proc;	/* lookup proc */
             return o_push_estack;
         } else {
@@ -4885,6 +4888,9 @@ static int indexedbasecolor(i_ctx_t * i_
             if (!r_has_type(op, t_integer))
                 return_error (gs_error_typecheck);
             index = op->value.intval;
+            /* Ensure it is in range. See bug #707990 */
+            if (index < 0 || index > pcs->params.indexed.hival)
+                return_error(gs_error_rangecheck);
             /* And remove it from the stack. */
             pop(1);
             op = osp;

Places

File CVE-2024-46955.patch of Package ghostscript

Places