shithub: riscv

Download patch

ref: dd676b5a4fa19fcbe608598e73e3ee6b5bd5ad84
parent: 969116f1277b9a5b96facc7f934ae2119858705a
author: Jacob Moody <[email protected]>
date: Mon Apr 17 01:06:24 EDT 2023

gs: patch CVE-2023-28879

https://offsec.almond.consulting/ghostscript-cve-2023-28879.html
https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179

--- a/sys/src/cmd/gs/src/sbcp.c
+++ b/sys/src/cmd/gs/src/sbcp.c
@@ -51,6 +51,14 @@
 	byte ch = *++p;
 
 	if (ch <= 31 && escaped[ch]) {
+	    /* Make sure we have space to store two characters in the write buffer,
+	     * if we don't then exit without consuming the input character, we'll process
+	     * that on the next time round.
+	     */
+	    if (pw->limit - q < 2) {
+		p--;
+		break;
+	    }
 	    if (p == rlimit) {
 		p--;
 		break;