forked from mirrors/nixpkgs
ghostscript: add patch fixing CVE-2015-3228 (from debian)
This commit is contained in:
parent
aefc8b3ddf
commit
179cdbc62c
20
pkgs/misc/ghostscript/CVE-2015-3228.patch
Normal file
20
pkgs/misc/ghostscript/CVE-2015-3228.patch
Normal file
|
@ -0,0 +1,20 @@
|
|||
Description: Sanity check for memory allocation.
|
||||
In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the
|
||||
variable holding the actual number of bytes we allocate.
|
||||
Origin: upstream, http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0c0b085
|
||||
Author: Chris Liddell <chris.liddell@artifex.com>
|
||||
Forwarded: yes
|
||||
Bug-Debian: http://bugs.debian.org/793489
|
||||
Last-Update: 2015-07-26
|
||||
|
||||
--- a/base/gsmalloc.c
|
||||
+++ b/base/gsmalloc.c
|
||||
@@ -178,7 +178,7 @@
|
||||
} else {
|
||||
uint added = size + sizeof(gs_malloc_block_t);
|
||||
|
||||
- if (mmem->limit - added < mmem->used)
|
||||
+ if (added <= size || mmem->limit - added < mmem->used)
|
||||
set_msg("exceeded limit");
|
||||
else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
|
||||
set_msg("failed");
|
|
@ -40,7 +40,11 @@ stdenv.mkDerivation rec {
|
|||
# [] # maybe sometimes jpeg2000 support
|
||||
;
|
||||
|
||||
patches = [ ./urw-font-files.patch ];
|
||||
patches = [
|
||||
./urw-font-files.patch
|
||||
# fetched from debian's ghostscript 9.15_dfsg-1 (called 020150707~0c0b085.patch there)
|
||||
./CVE-2015-3228.patch
|
||||
];
|
||||
|
||||
makeFlags = [ "cups_serverroot=$(out)" "cups_serverbin=$(out)/lib/cups" ];
|
||||
|
||||
|
|
Loading…
Reference in a new issue