poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch

From 0e88bee1304993668fede72498d656a2dd33a35e Mon Sep 17 00:00:00 2001
From: Ken Sharp <ken.sharp@artifex.com>
Date: Mon, 20 Mar 2017 09:34:11 +0000
Subject: [PATCH] Ensure a device has raster memory, before trying to read it.

Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"

This is only possible by abusing/mis-using Ghostscript-specific
language extensions, so cannot happen in a general PostScript program.

Nevertheless, Ghostscript should not crash. So this commit checks the
memory device to see if raster memory has been allocated, before trying
to read from it.

Upstream-Status: Backport
CVE: CVE-2017-7207

Author: Ken Sharp <ken.sharp@artifex.com>
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
---
 base/gdevmem.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/base/gdevmem.c b/base/gdevmem.c
index 41108ba..183f96d 100644
--- a/base/gdevmem.c
+++ b/base/gdevmem.c
@@ -605,6 +605,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect,
             GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
         return_error(gs_error_rangecheck);
     }
+    if (mdev->line_ptrs == 0x00)
+        return_error(gs_error_rangecheck);
     if ((w <= 0) | (h <= 0)) {
         if ((w | h) < 0)
             return_error(gs_error_rangecheck);
-- 
2.10.2