[ghostscript/f12/master] Avoid another NULL pointer dereference in jbig2 code (bug #621569).
Tim Waugh
twaugh at fedoraproject.org
Thu Aug 5 16:04:57 UTC 2010
commit 2e84257b372352281d1ceb6ea1adae3ccc9fc26b
Author: Tim Waugh <twaugh at redhat.com>
Date: Thu Aug 5 16:15:23 2010 +0100
Avoid another NULL pointer dereference in jbig2 code (bug #621569).
ghostscript-jbig2-image-refcount.patch | 25 +++++++++++++++++++++++++
ghostscript.spec | 9 ++++++++-
2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/ghostscript-jbig2-image-refcount.patch b/ghostscript-jbig2-image-refcount.patch
new file mode 100644
index 0000000..6054273
--- /dev/null
+++ b/ghostscript-jbig2-image-refcount.patch
@@ -0,0 +1,25 @@
+diff -up ghostscript-8.71/jbig2dec/jbig2_image.c.jbig2-image-refcount ghostscript-8.71/jbig2dec/jbig2_image.c
+--- ghostscript-8.71/jbig2dec/jbig2_image.c.jbig2-image-refcount 2010-08-05 14:55:56.417043303 +0100
++++ ghostscript-8.71/jbig2dec/jbig2_image.c 2010-08-05 14:56:46.796169065 +0100
+@@ -60,15 +60,18 @@ Jbig2Image* jbig2_image_new(Jbig2Ctx *ct
+ /* clone an image pointer by bumping its reference count */
+ Jbig2Image* jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image)
+ {
+- image->refcount++;
++ if (image)
++ image->refcount++;
+ return image;
+ }
+
+ /* release an image pointer, freeing it it appropriate */
+ void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image)
+ {
+- image->refcount--;
+- if (!image->refcount) jbig2_image_free(ctx, image);
++ if (image) {
++ image->refcount--;
++ if (!image->refcount) jbig2_image_free(ctx, image);
++ }
+ }
+
+ /* free a Jbig2Image structure and its associated memory */
diff --git a/ghostscript.spec b/ghostscript.spec
index 31db348..996ca3a 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer.
Name: ghostscript
Version: %{gs_ver}
-Release: 7%{?dist}
+Release: 8%{?dist}
# Included CMap data is Redistributable, no modification permitted,
# see http://bugzilla.redhat.com/487510
@@ -36,6 +36,7 @@ Patch17: ghostscript-tif-fail-close.patch
Patch18: ghostscript-tiff-default-strip-size.patch
Patch19: ghostscript-tiff-fixes.patch
Patch20: ghostscript-CVE-2010-1628.patch
+Patch21: ghostscript-jbig2-image-refcount.patch
Requires: urw-fonts >= 1.1, ghostscript-fonts
BuildRequires: xz
@@ -169,6 +170,9 @@ rm -rf libpng zlib jpeg jasper
# overflow, bug #592492).
%patch20 -p1 -b .CVE-2010-1628
+# Avoid another NULL pointer dereference in jbig2 code (bug #621569).
+%patch21 -p1 -b .jbig2-image-refcount
+
# Convert manual pages to UTF-8
from8859_1() {
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@@ -357,6 +361,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/libgs.so
%changelog
+* Thu Aug 5 2010 Tim Waugh <twaugh at redhat.com> 8.71-8
+- Avoid another NULL pointer dereference in jbig2 code (bug #621569).
+
* Fri Jul 16 2010 Tim Waugh <twaugh at redhat.com> 8.71-7
- Applied patch to fix CVE-2010-1628 (memory corruption at PS stack
overflow, bug #592492).
More information about the scm-commits
mailing list