ghostscript/backport-CVE-2024-46956.patch

From ea69a1388245ad959d31c272b5ba66d40cebba2c Mon Sep 17 00:00:00 2001
From: Zdenek Hutyra <zhutyra@centrum.cz>
Date: Tue, 23 Jul 2024 11:48:39 +0100
Subject: [PATCH] PostScript interpreter - fix buffer length check

Bug 707895

See bug report for details.

CVE-2024-46956
---
 psi/zfile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/psi/zfile.c b/psi/zfile.c
index fe3f7e9..027f412 100644
--- a/psi/zfile.c
+++ b/psi/zfile.c
@@ -440,7 +440,7 @@ file_continue(i_ctx_t *i_ctx_p)
         if (code == ~(uint) 0) {    /* all done */
             esp -= 5;               /* pop proc, pfen, devlen, iodev , mark */
             return o_pop_estack;
-        } else if (code > len) {      /* overran string */
+        } else if (code > len - devlen) {      /* overran string */
             return_error(gs_error_rangecheck);
         }
         else if (iodev != iodev_default(imemory)
-- 
2.27.0
Fix CVE-2024-46956 2024-10-25 18:17:18 +08:00			`From ea69a1388245ad959d31c272b5ba66d40cebba2c Mon Sep 17 00:00:00 2001`
			`From: Zdenek Hutyra <zhutyra@centrum.cz>`
			`Date: Tue, 23 Jul 2024 11:48:39 +0100`
			`Subject: [PATCH] PostScript interpreter - fix buffer length check`

			`Bug 707895`

			`See bug report for details.`

			`CVE-2024-46956`
			`---`
			`psi/zfile.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/psi/zfile.c b/psi/zfile.c`
			`index fe3f7e9..027f412 100644`
			`--- a/psi/zfile.c`
			`+++ b/psi/zfile.c`
			`@@ -440,7 +440,7 @@ file_continue(i_ctx_t *i_ctx_p)`
			`if (code == ~(uint) 0) { /* all done */`
			`esp -= 5; /* pop proc, pfen, devlen, iodev , mark */`
			`return o_pop_estack;`
			`- } else if (code > len) { /* overran string */`
			`+ } else if (code > len - devlen) { /* overran string */`
			`return_error(gs_error_rangecheck);`
			`}`
			`else if (iodev != iodev_default(imemory)`
			`--`
			`2.27.0`