Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
ghostscript-mini
CVE-2024-46953.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2024-46953.patch of Package ghostscript-mini
--- base/gsdevice.c.orig 2020-03-19 09:21:42.000000000 +0100 +++ base/gsdevice.c 2024-10-24 16:01:52.779964354 +0200 @@ -1010,7 +1010,7 @@ static int gx_parse_output_format(gs_parsed_file_name_t *pfn, const char **pfmt) { bool have_format = false, field; - int width[2], int_width = sizeof(int) * 3, w = 0; + uint width[2], int_width = sizeof(int) * 3, w = 0; uint i; /* Scan the file name for a format string, and validate it if present. */ @@ -1039,6 +1039,8 @@ gx_parse_output_format(gs_parsed_file_na default: /* width (field = 0) and precision (field = 1) */ if (strchr("0123456789", pfn->fname[i])) { width[field] = width[field] * 10 + pfn->fname[i] - '0'; + if (width[field] > max_int) + return_error(gs_error_undefinedfilename); continue; } else if (0 == field && '.' == pfn->fname[i]) { field++; @@ -1067,8 +1069,10 @@ gx_parse_output_format(gs_parsed_file_na /* Calculate a conservative maximum width. */ w = max(width[0], width[1]); w = max(w, int_width) + 5; + if (w > max_int) + return_error(gs_error_undefinedfilename); } - return w; + return (int)w; } /* @@ -1121,10 +1125,15 @@ gx_parse_output_file_name(gs_parsed_file if (!pfn->fname) return 0; code = gx_parse_output_format(pfn, pfmt); - if (code < 0) + if (code < 0) { return code; - if (strlen(pfn->iodev->dname) + pfn->len + code >= gp_file_name_sizeof) + } + + if (pfn->len >= gp_file_name_sizeof - strlen(pfn->iodev->dname) || + code >= gp_file_name_sizeof - strlen(pfn->iodev->dname) - pfn->len) { return_error(gs_error_undefinedfilename); + } + return 0; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor