poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27836-2.patch

From d84efb73723384a8b7fb3989c824cfa218060085 Mon Sep 17 00:00:00 2001
From: Ken Sharp <Ken.Sharp@artifex.com>
Date: Thu, 13 Mar 2025 11:01:16 +0000
Subject: Fix Coverity IDs 457699 and 457700

Not sure if Coverity has been updated, this is ancient contrib code
which has not changed for a long time.

However, fix the warning by initialising the pointers to NULL, and then
avoid trying to free them if they are NULL.

Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=d84efb73723384a8b7fb3989c824cfa218060085]
CVE: CVE-2025-27836
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 contrib/japanese/gdev10v.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/contrib/japanese/gdev10v.c b/contrib/japanese/gdev10v.c
index 9d27573dc..4d47200e5 100644
--- a/contrib/japanese/gdev10v.c
+++ b/contrib/japanese/gdev10v.c
@@ -199,7 +199,7 @@ bj10v_print_page(gx_device_printer *pdev, gp_file *prn_stream)
         int bytes_per_column = bits_per_column / 8;
         int x_skip_unit = bytes_per_column * (xres / 180);
         int y_skip_unit = (yres / 180);
-        byte *in, *out;
+        byte *in = NULL, *out = NULL;
         int lnum = 0;
         int y_skip = 0;
         int code = 0;
@@ -332,7 +332,9 @@ xit:
         prn_putc(pdev, 014); /* form feed */
         prn_flush(pdev);
 error:
-        gs_free(pdev->memory->non_gc_memory, (char *)out, bits_per_column, line_size, "bj10v_print_page(out)");
-        gs_free(pdev->memory->non_gc_memory, (char *)in, 8, line_size, "bj10v_print_page(in)");
+        if (out != NULL)
+            gs_free(pdev->memory->non_gc_memory, (char *)out, bits_per_column, line_size, "bj10v_print_page(out)");
+        if (in != NULL)
+            gs_free(pdev->memory->non_gc_memory, (char *)in, 8, line_size, "bj10v_print_page(in)");
         return code;
 }
-- 
cgit v1.2.3