ref: dd676b5a4fa19fcbe608598e73e3ee6b5bd5ad84
parent: 969116f1277b9a5b96facc7f934ae2119858705a
author: Jacob Moody <[email protected]>
date: Mon Apr 17 01:06:24 EDT 2023
gs: patch CVE-2023-28879 https://offsec.almond.consulting/ghostscript-cve-2023-28879.html https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179
--- a/sys/src/cmd/gs/src/sbcp.c
+++ b/sys/src/cmd/gs/src/sbcp.c
@@ -51,6 +51,14 @@
byte ch = *++p;
if (ch <= 31 && escaped[ch]) {
+ /* Make sure we have space to store two characters in the write buffer,
+ * if we don't then exit without consuming the input character, we'll process
+ * that on the next time round.
+ */
+ if (pw->limit - q < 2) {
+ p--;
+ break;
+ }
if (p == rlimit) {
p--;
break;