Projects
openEuler:24.03:SP1:Everything
ghostscript
_service:tar_scm:Bug-707510-3-Bounds-checks-whe...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:Bug-707510-3-Bounds-checks-when-using-CIDFont-relate.patch of Package ghostscript
From 7745dbe24514710b0cfba925e608e607dee9eb0f Mon Sep 17 00:00:00 2001 From: Chris Liddell <chris.liddell@artifex.com> Date: Wed, 24 Jan 2024 18:25:12 +0000 Subject: [PATCH 3/7] Bug 707510(3): Bounds checks when using CIDFont related params https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7745dbe24514 Specifically, for CIDFont substitution. --- pdf/pdf_font.c | 45 +++++++++++++++++++++++++++++++++++++++------ pdf/pdf_warnings.h | 2 +- 2 files changed, 40 insertions(+), 7 deletions(-) diff --git a/pdf/pdf_font.c b/pdf/pdf_font.c index fa71605..89c13ab 100644 --- a/pdf/pdf_font.c +++ b/pdf/pdf_font.c @@ -228,22 +228,55 @@ pdfi_open_CIDFont_substitute_file(pdf_context * ctx, pdf_dict *font_dict, pdf_di memcpy(fontfname, fsprefix, fsprefixlen); } else { - memcpy(fontfname, ctx->args.cidsubstpath.data, ctx->args.cidsubstpath.size); - fsprefixlen = ctx->args.cidsubstpath.size; + if (ctx->args.cidsubstpath.size + 1 > gp_file_name_sizeof) { + code = gs_note_error(gs_error_rangecheck); + pdfi_set_warning(ctx, code, NULL, W_PDF_BAD_CONFIG, "pdfi_open_CIDFont_substitute_file", "CIDSubstPath parameter too long"); + if (ctx->args.pdfstoponwarning != 0) { + goto exit; + } + code = 0; + memcpy(fontfname, fsprefix, fsprefixlen); + } + else { + memcpy(fontfname, ctx->args.cidsubstpath.data, ctx->args.cidsubstpath.size); + fsprefixlen = ctx->args.cidsubstpath.size; + } } if (ctx->args.cidsubstfont.data == NULL) { int len = 0; - if (gp_getenv("CIDSUBSTFONT", (char *)0, &len) < 0 && len + fsprefixlen + 1 < gp_file_name_sizeof) { - (void)gp_getenv("CIDSUBSTFONT", (char *)(fontfname + fsprefixlen), &defcidfallacklen); + if (gp_getenv("CIDSUBSTFONT", (char *)0, &len) < 0) { + if (len + fsprefixlen + 1 > gp_file_name_sizeof) { + code = gs_note_error(gs_error_rangecheck); + pdfi_set_warning(ctx, code, NULL, W_PDF_BAD_CONFIG, "pdfi_open_CIDFont_substitute_file", "CIDSUBSTFONT environment variable too long"); + if (ctx->args.pdfstoponwarning != 0) { + goto exit; + } + code = 0; + memcpy(fontfname + fsprefixlen, defcidfallack, defcidfallacklen); + } + else { + (void)gp_getenv("CIDSUBSTFONT", (char *)(fontfname + fsprefixlen), &defcidfallacklen); + } } else { memcpy(fontfname + fsprefixlen, defcidfallack, defcidfallacklen); } } else { - memcpy(fontfname, ctx->args.cidsubstfont.data, ctx->args.cidsubstfont.size); - defcidfallacklen = ctx->args.cidsubstfont.size; + if (ctx->args.cidsubstfont.size > gp_file_name_sizeof - 1) { + code = gs_note_error(gs_error_rangecheck); + pdfi_set_warning(ctx, code, NULL, W_PDF_BAD_CONFIG, "pdfi_open_CIDFont_substitute_file", "CIDSubstFont parameter too long"); + if (ctx->args.pdfstoponwarning != 0) { + goto exit; + } + code = 0; + memcpy(fontfname + fsprefixlen, defcidfallack, defcidfallacklen); + } + else { + memcpy(fontfname, ctx->args.cidsubstfont.data, ctx->args.cidsubstfont.size); + defcidfallacklen = ctx->args.cidsubstfont.size; + } } fontfname[fsprefixlen + defcidfallacklen] = '\0'; diff --git a/pdf/pdf_warnings.h b/pdf/pdf_warnings.h index 21b2403..bfbc3a7 100644 --- a/pdf/pdf_warnings.h +++ b/pdf/pdf_warnings.h @@ -58,5 +58,5 @@ PARAM(W_PDF_CA_OUTOFRANGE, "CA or ca value not in range 0.0 to 1.0, cla PARAM(W_PDF_INVALID_DEFAULTSPACE, "Invalid DefaultGray, DefaultRGB or DefaultCMYK space specified, ignored."), PARAM(W_PDF_INVALID_DECRYPT_LEN, "Invalid /Length supplied in Encryption dictionary."), PARAM(W_PDF_INVALID_FONT_BASEENC, "Ignoring invalid BaseEncoding name in font"), - +PARAM(W_PDF_BAD_CONFIG, "A configuration or command line parameter was invalid or incorrect."), #undef PARAM -- 2.43.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2